[pLog-svn] r4149 - in plog/trunk: class/action class/action/admin
class/dao class/template/smarty/plugins install templates/admin
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Sat Oct 21 22:56:19 GMT 2006
Author: oscar
Date: 2006-10-21 22:56:19 +0000 (Sat, 21 Oct 2006)
New Revision: 4149
Added:
plog/trunk/class/template/smarty/plugins/block.check_perms.php
Modified:
plog/trunk/class/action/action.class.php
plog/trunk/class/action/admin/adminaction.class.php
plog/trunk/class/action/admin/adminaddbloguseraction.class.php
plog/trunk/class/action/admin/adminaddcustomfieldaction.class.php
plog/trunk/class/action/admin/adminaddlinkaction.class.php
plog/trunk/class/action/admin/adminaddlinkcategoryaction.class.php
plog/trunk/class/action/admin/adminaddpostaction.class.php
plog/trunk/class/action/admin/adminblogsettingsaction.class.php
plog/trunk/class/action/admin/admindeletebloguserpermissionsaction.class.php
plog/trunk/class/action/admin/admindeletecustomfieldsaction.class.php
plog/trunk/class/action/admin/admindeletelinkaction.class.php
plog/trunk/class/action/admin/admindeletelinkcategoryaction.class.php
plog/trunk/class/action/admin/admineditcustomfieldaction.class.php
plog/trunk/class/action/admin/admineditlinkaction.class.php
plog/trunk/class/action/admin/admineditlinkcategoryaction.class.php
plog/trunk/class/action/admin/admineditlinksaction.class.php
plog/trunk/class/action/admin/admineditpostaction.class.php
plog/trunk/class/action/admin/adminloginaction.class.php
plog/trunk/class/action/admin/adminnewcustomfieldaction.class.php
plog/trunk/class/action/admin/adminnewlinkaction.class.php
plog/trunk/class/action/admin/adminnewlinkcategoryaction.class.php
plog/trunk/class/action/admin/adminnewpostaction.class.php
plog/trunk/class/action/admin/adminpermissionrequiredaction.class.php
plog/trunk/class/action/admin/adminstatisticsaction.class.php
plog/trunk/class/action/admin/adminupdateblogsettingsaction.class.php
plog/trunk/class/action/admin/adminupdatecustomfieldaction.class.php
plog/trunk/class/action/admin/adminupdatelinkaction.class.php
plog/trunk/class/action/admin/adminupdatelinkcategoryaction.class.php
plog/trunk/class/action/admin/adminupdatepostaction.class.php
plog/trunk/class/dao/userinfo.class.php
plog/trunk/class/dao/userpermissions.class.php
plog/trunk/install/corepermissions.properties.php
plog/trunk/templates/admin/editlinkcategories.template
plog/trunk/templates/admin/editlinks.template
plog/trunk/templates/admin/main.template
Log:
some more changes for permissions in LT 1.2:
- added some more permissions which will allow to restrict pages that list items (i.e. list of links, list of posts, etc)
- added the login_perm permission, that may now be used to prevent a user from logging in (no matter what other permissions this user might have)
- added the blog_access permission that allows a user to enter the admin area of a blog when not being the owner or an admin
- added the method AdminAction::requirePermission() which should be used by action classes to list which permissions are required to perform the action.
- when adding new users to a blog, now it is possible to select which permissions will be assigned (on top of the blog_access permission)
- added the {check_perm perm=...}...{/check_perm} smarty block so that we can easily check and remove certain blocks of template code depending on the user permissions. This block plugin will fetch the $user and $blog objects from the template context if not provided via the "blog" and "user" parameters. For blog owners and site admins, this will always return true.
- Now when a user has no permission to execute an action, the error message will be displayed in the "manage" page instead of an ugly page as so far.
- permissions for the "manage links" section is nearly fully implemented.
Modified: plog/trunk/class/action/action.class.php
===================================================================
--- plog/trunk/class/action/action.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/action.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -168,6 +168,7 @@
function validationErrorProcessing()
{
// if there was a validaton error, then inform the view
+ $this->_view = $this->_validationErrorView;
$this->_view->setError( true );
// and export all the data to the view so that it can be reused in the error view
@@ -194,7 +195,7 @@
*/
function setValidationErrorView( $view )
{
- $this->_view = $view;
+ $this->_validationErrorView = $view;
return true;
}
@@ -315,9 +316,9 @@
function setSuccess( $success )
{
$this->_isSuccess = $success;
- $this->_form->setFormIsValid( $success );
+ $this->_form->setFormIsValid( $success );
}
-
+
/**
* This method will be executed to check whether this action can be executed or not. This means
* that this method will be executed before the perform() method. If this method returns 'false',
@@ -328,7 +329,7 @@
*/
function canPerform()
{
- return( true );
- }
+ return( true );
+ }
}
-?>
+?>
\ No newline at end of file
Modified: plog/trunk/class/action/admin/adminaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -36,6 +36,7 @@
var $_locale;
var $_pm;
var $_userBlogs;
+ var $_permissions;
/**
* Constructor.
@@ -46,6 +47,9 @@
function AdminAction( $actionInfo, $request )
{
$this->Action( $actionInfo, $request );
+
+ // permission stuff
+ $this->_permissions = Array();
// get information about the session
$session = HttpVars::getSession();
@@ -237,5 +241,31 @@
$this->_blogInfo->getOwnerId() == $this->_userInfo->getId()
);
}
+
+ function canPerform()
+ {
+ foreach( $this->getRequiredPermissions() as $permName ) {
+ if( !$this->userHasPermission( $permName ))
+ return( false );
+ }
+
+ return( true );
+ }
+
+ /**
+ * tbd
+ */
+ function requirePermission( $perm )
+ {
+ $this->_permissions[] = $perm;
+ }
+
+ /**
+ * tbd
+ */
+ function getRequiredPermissions()
+ {
+ return( $this->_permissions );
+ }
}
?>
\ No newline at end of file
Modified: plog/trunk/class/action/admin/adminaddbloguseraction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddbloguseraction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaddbloguseraction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -20,6 +20,7 @@
var $_sendNotification;
var $_notificationText;
var $_newUsername;
+ var $_permissions;
function AdminAddBlogUserAction( $actionInfo, $request )
{
@@ -61,6 +62,7 @@
{
$this->_notificationText = $this->_request->getValue( "newBlogUserText" );
$this->_newUsername = Textfilter::filterAllHTML($this->_request->getValue( "newBlogUserName" ));
+ $this->_perms = $this->_request->getValue( "perm" );
// see if the user exists
$users = new Users();
@@ -75,10 +77,13 @@
}
$this->notifyEvent( EVENT_USER_LOADED, Array( "user" => &$userInfo ));
- // now we can add this user to the blog
+ // get the permissions that this user will be granted
$userPerms = new UserPermissions();
- $perm = new UserPermission( $userInfo->getId(), $this->_blogInfo->getId(), PERMISSION_BLOG_USER );
- $res = $userPerms->grantPermission( $perm );
+ foreach( $this->_perms as $val => $permId ) {
+ $perm = new UserPermission( $userInfo->getId(), $this->_blogInfo->getId(), $permId );
+ $res = $userPerms->grantPermission( $perm );
+ }
+
$this->notifyEvent( EVENT_PRE_USER_UPDATE, Array( "user" => &$userInfo ));
if( !$res ) {
// there was an error adding the user to the blog
Modified: plog/trunk/class/action/admin/adminaddcustomfieldaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddcustomfieldaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaddcustomfieldaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -36,16 +36,10 @@
$this->_form->registerField( "fieldId" );
$this->_form->registerField( "fieldValues" );
$this->setValidationErrorView( new AdminTemplatedView( $this->_blogInfo, "newcustomfield" ));
+
+ $this->requirePermission( "add_custom_field" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_custom_field" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminaddlinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddlinkaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaddlinkaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -43,16 +43,10 @@
$view = new AdminNewLinkView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_adding_link" ));
$this->setValidationErrorView( $view );
+
+ $this->requirePermission( "add_link" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_link" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminaddlinkcategoryaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddlinkcategoryaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaddlinkcategoryaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -29,16 +29,10 @@
// data validation
$this->registerFieldValidator( "linkCategoryName", new StringValidator());
$this->setValidationErrorView( new AdminTemplatedView( $this->_blogInfo, "newlinkcategory" ));
+
+ $this->requirePermission( "add_link_category" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_link_category" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminaddpostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddpostaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminaddpostaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -45,16 +45,11 @@
$this->registerField( "customField" );
$this->registerField( "postDateTime" );
$this->registerField( "trackbackUrls" );
+
+ // security checks
+ $this->requirePermission( "add_post" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_post" ));
- }
-
/**
* @private
*
Modified: plog/trunk/class/action/admin/adminblogsettingsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminblogsettingsaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminblogsettingsaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -19,16 +19,10 @@
function AdminBlogSettingsAction( $actionInfo, $request )
{
$this->BlogOwnerAdminAction( $actionInfo, $request );
+
+ $this->requirePermission( "update_blog" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_blog" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/admindeletebloguserpermissionsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletebloguserpermissionsaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admindeletebloguserpermissionsaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -4,6 +4,7 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/adminbloguserslistview.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/dao/permissions.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
@@ -57,8 +58,11 @@
$errorMessage = "";
$totalOk = 0;
+ $perms = new Permissions();
+ $accessBlogPerm = $perms->getPermissionByName( "blog_access" );
+
foreach( $this->_userIds as $userId ) {
- $res = $userPermissions->revokePermission( $userId, $this->_blogInfo->getId(), PERMISSION_BLOG_USER );
+ $res = $userPermissions->revokePermission( $userId, $this->_blogInfo->getId(), $accessBlogPerm->getId());
$userInfo = $users->getUserInfoFromId( $userId );
if( $res ) {
$totalOk++;
Modified: plog/trunk/class/action/admin/admindeletecustomfieldsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletecustomfieldsaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admindeletecustomfieldsaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -32,16 +32,10 @@
$view = new AdminCustomFieldsListView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_incorrect_field_id"));
$this->setValidationErrorView( $view );
+
+ $this->requirePermission( "update_custom_field" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_custom_field" ));
- }
-
/**
* prepares the data for AdminDeleteCustomFieldsAction::_deleteFields
*/
Modified: plog/trunk/class/action/admin/admindeletelinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletelinkaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admindeletelinkaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -28,7 +28,7 @@
$this->_op = $actionInfo->getActionParamValue();
- $view = new AdminLinksListView( $this->_blogInfo );
+ $view = new AdminLinksListView( $this->_blogInfo );
if( $this->_op == "deleteLink" ) {
$this->registerFieldValidator( "linkId", new IntegerValidator());
$view->setErrorMessage( $this->_locale->tr("error_incorrect_link_id"));
@@ -39,14 +39,8 @@
}
$this->setValidationErrorView( $view );
- }
-
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link" ));
+ // permission checks
+ $this->requirePermission( "update_link" );
}
function perform()
Modified: plog/trunk/class/action/admin/admindeletelinkcategoryaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletelinkcategoryaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admindeletelinkcategoryaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -35,14 +35,9 @@
$this->registerFieldValidator( "categoryIds", new ArrayValidator());
$view->setErrorMessage( $this->_locale->tr("error_invalid_link_category_id"));
$this->setValidationErrorView( $view );
- }
-
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link_category" ));
+
+ // permission checks
+ $this->requirePermission( "update_link_category" );
}
function perform()
Modified: plog/trunk/class/action/admin/admineditcustomfieldaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditcustomfieldaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admineditcustomfieldaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -33,16 +33,10 @@
$this->_form->registerField( "fieldSearchable" );
$this->_form->registerField( "fieldHidden" );
$this->_form->registerField( "fieldValues" );
+
+ $this->requirePermission( "update_custom_field" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_custom_field" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/admineditlinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditlinkaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admineditlinkaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -35,16 +35,11 @@
$view = new AdminLinksListView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_fetching_link" ));
$this->setValidationErrorView( $view );
+
+ // permission checks
+ $this->requirePermission( "update_link" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/admineditlinkcategoryaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditlinkcategoryaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admineditlinkcategoryaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -31,16 +31,11 @@
$view = new AdminLinkCategoriesListView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_incorrect_link_category_id"));
$this->setValidationErrorView( $view );
+
+ // permission checks
+ $this->requirePermission( "update_link_category" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link_category" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/admineditlinksaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditlinksaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admineditlinksaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -32,6 +32,9 @@
Array( "showCategory" => 0,
"searchTerms" => "",
"showOrder" => $this->_linkCategoriesOrder )));
+
+
+ $this->requirePermission( "view_links" );
}
/**
Modified: plog/trunk/class/action/admin/admineditpostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditpostaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/admineditpostaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -35,16 +35,10 @@
$view = new AdminPostsListView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_incorrect_article_id"));
$this->setValidationErrorView( $view );
+
+ $this->requirePermission( "update_post" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_post" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminloginaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminloginaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminloginaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -39,12 +39,12 @@
$this->_config =& Config::getConfig();
$this->_locale =& Locales::getLocale( $this->_config->getValue( "default_locale" ));
- // data validation
- $this->registerFieldValidator( "userName", new StringValidator());
- $this->registerFieldValidator( "userPassword", new StringValidator());
- $view = new AdminDefaultView();
- $view->setErrorMessage( $this->_locale->tr("error_incorrect_username_or_password"));
- $this->setValidationErrorView( $view );
+ // data validation
+ $this->registerFieldValidator( "userName", new StringValidator());
+ $this->registerFieldValidator( "userPassword", new StringValidator());
+ $view = new AdminDefaultView();
+ $view->setErrorMessage( $this->_locale->tr("error_incorrect_username_or_password"));
+ $this->setValidationErrorView( $view );
}
/**
@@ -57,7 +57,7 @@
$this->_userPassword = $this->_request->getValue( "userPassword" );
$this->_op = Textfilter::filterAllHTML($this->_request->getValue( "op" ));
- // create a plugin manager
+ // create a plugin manager
$pm =& PluginManager::getPluginManager();
// try to authenticate the user
@@ -83,6 +83,16 @@
return false;
}
+ // check if the user has the "login_perm" permission and is allowed to log in
+ if( !$userInfo->hasPermissionByName( "login_perm" )) {
+ $this->_view = new AdminDefaultView();
+ $this->_view->setErrorMessage( $this->_locale->tr("error_cannot_login"));
+ $this->setCommonData();
+
+ $pm->notifyEvent( EVENT_LOGIN_FAILURE, Array( "user" => $this->_userName ));
+ return false;
+ }
+
$pm->notifyEvent( EVENT_USER_LOADED, Array( "user" => &$userInfo, "from" => "Login" ));
// get the list of blogs to which the user belongs
Modified: plog/trunk/class/action/admin/adminnewcustomfieldaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminnewcustomfieldaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminnewcustomfieldaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -15,16 +15,10 @@
function AdminBlogCustomFieldsAction( $actionInfo, $request )
{
$this->BlogOwnerAdminAction( $actionInfo, $request );
+
+ $this->requirePermission( "add_custom_field" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_custom_field" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminnewlinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminnewlinkaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminnewlinkaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -22,16 +22,10 @@
function AdminNewLinkAction( $actionInfo, $request )
{
$this->AdminAction( $actionInfo, $request );
+
+ $this->requirePermission( "add_link" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_link" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminnewlinkcategoryaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminnewlinkcategoryaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminnewlinkcategoryaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -19,16 +19,10 @@
function AdminNewLinkCategoryAction( $actionInfo, $request )
{
$this->AdminAction( $actionInfo, $request );
+
+ $this->requirePermission( "add_link_category" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_link_category" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminnewpostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminnewpostaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminnewpostaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -2,6 +2,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminnewpostview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
/**
@@ -21,16 +22,11 @@
function AdminNewPostAction( $actionInfo, $request )
{
$this->AdminAction( $actionInfo, $request );
+
+ // security checks
+ $this->requirePermission( "add_post" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_post" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminpermissionrequiredaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminpermissionrequiredaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminpermissionrequiredaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -12,8 +12,8 @@
{
function perform()
{
- $this->_view = new AdminErrorView( $this->_blogInfo );
- $this->_view->setMessage( $this->_locale->tr( "error_permission_required" ));
+ $this->_view = new AdminTemplatedView( $this->_blogInfo, "main" );
+ $this->_view->setErrorMessage( $this->_locale->tr( "error_permission_required" ));
$this->setCommonData();
}
}
Modified: plog/trunk/class/action/admin/adminstatisticsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminstatisticsaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminstatisticsaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -22,16 +22,10 @@
function AdminStatisticsAction( $actionInfo, $request )
{
$this->BlogOwnerAdminAction( $actionInfo, $request );
+
+ $this->requirePermission( "blog_statistics" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "blog_statistics" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminupdateblogsettingsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdateblogsettingsaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminupdateblogsettingsaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -60,16 +60,10 @@
$view = new AdminBlogSettingsView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_updating_settings"));
$this->setValidationErrorView( $view );
+
+ $this->requirePermission( "update_blog" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_blog" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminupdatecustomfieldaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdatecustomfieldaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminupdatecustomfieldaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -36,16 +36,10 @@
$this->_form->registerField( "fieldHidden" );
$this->_form->registerField( "fieldValues" );
$this->setValidationErrorView( new AdminTemplatedView( $this->_blogInfo, "editcustomfield" ));
+
+ $this->requirePermission( "update_custom_field" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_custom_field" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminupdatelinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdatelinkaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminupdatelinkaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -43,17 +43,11 @@
$view = new AdminEditLinkView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_updating_link" ));
$this->setValidationErrorView( $view );
-
+
+ // permission checks
+ $this->requirePermission( "update_link" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminupdatelinkcategoryaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdatelinkcategoryaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminupdatelinkcategoryaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -33,16 +33,11 @@
$errorView = new AdminTemplatedView( $this->_blogInfo, "editlinkcategory" );
$errorView->setErrorMessage( $this->_locale->tr("error_updating_link_category"));
$this->setValidationErrorView( $errorView );
+
+ // permission checks
+ $this->requirePermission( "update_link_category" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "update_link_category" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/action/admin/adminupdatepostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdatepostaction.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/action/admin/adminupdatepostaction.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -66,16 +66,10 @@
$this->registerField( "customField" );
$this->registerField( "postDateTime" );
$this->registerField( "trackbackUrls" );
+
+ $this->requirePermission( "add_post" );
}
- /**
- * check user permissions and reject if needed
- */
- function canPerform()
- {
- return( $this->userHasPermission( "add_post" ));
- }
-
/**
* Carries out the specified action
*/
Modified: plog/trunk/class/dao/userinfo.class.php
===================================================================
--- plog/trunk/class/dao/userinfo.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/dao/userinfo.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -302,8 +302,8 @@
return( get_object_vars( $this ));
}*/
-
- function hasPermission( $permission, $blogId )
+
+ function hasPermission( $permission, $blogId = 0 )
{
if( !isset($this->perms[$blogId] )) {
lt_include( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
@@ -314,9 +314,9 @@
return( isset( $this->perms[$blogId][$permission] ));
}
- function hasPermissionByName( $permName, $blogId )
+ function hasPermissionByName( $permName, $blogId = 0 )
{
- $ok = false;
+ $ok = false;
if( !isset($this->perms[$blogId] )) {
lt_include( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
@@ -334,7 +334,7 @@
return( $ok );
}
- function getPermissions( $blogId )
+ function getPermissions( $blogId = 0 )
{
if( !isset($this->perms[$blogId] )) {
lt_include( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
Modified: plog/trunk/class/dao/userpermissions.class.php
===================================================================
--- plog/trunk/class/dao/userpermissions.class.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/dao/userpermissions.class.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -38,18 +38,6 @@
{
$perms = Array();
- // check if the user is the blog owner
- /*lt_include( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
- $blogs = new Blogs();
- $blogInfo = $blogs->getBlogInfo( $blogId );
- if( !$blogInfo )
- return Array();
-
- if( $blogInfo->getOwnerId() == $userId ) {
- $perm = new UserPermission( $userId, $blogId, PERMISSION_BLOG_OWNER, 0 );
- $perms[] = $perm;
- }*/
-
// get all the user permissions from the db table
$userPerms = $this->getMany( "user_id",
$userId,
Added: plog/trunk/class/template/smarty/plugins/block.check_perms.php
===================================================================
--- plog/trunk/class/template/smarty/plugins/block.check_perms.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/class/template/smarty/plugins/block.check_perms.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * Function used in the admin interface as a shorthand to check whether the user has the given permission
+ *
+ * @param perm
+ * @param user
+ * @param blog
+ */
+function smarty_block_check_perms($params, $content, &$smarty)
+{
+
+ if( isset( $content )) {
+ // fetch the user
+ if( isset( $params["user"]))
+ $user = $params["user"];
+ else {
+ // see if we can load the user from the smarty context
+ if( isset( $smarty->_tpl_vars["user"] ))
+ $user = $smarty->_tpl_vars["user"];
+ else
+ $smarty->trigger_error( "Cannot load a user" );
+ }
+
+ // fetch the blog
+ if( isset( $params["blog"]))
+ $blog = $params["blog"];
+ else {
+ // see if we can load the user from the smarty context
+ if( isset( $smarty->_tpl_vars["blog"] ))
+ $blog = $smarty->_tpl_vars["blog"];
+ else
+ $smarty->trigger_error( "Cannot load a blog" );
+ }
+
+ // fetch the permission name
+ if( !isset( $params["perm"] ))
+ $smarty->trigger_error( "Permission to check is missing!" );
+
+ $perm = $params["perm"];
+
+ // if the user is an admin, he should be allowed
+ if( $user->isSiteAdmin())
+ return $content;
+
+ // if the user is the blog owner, he should be allowed
+ if( $user->getId() == $blog->getOwnerId())
+ return $content;
+
+ // check the permission
+ if( $user->hasPermissionByName( $perm, $blog->getId()))
+ return $content;
+
+ return "";
+ }
+}
+?>
\ No newline at end of file
Modified: plog/trunk/install/corepermissions.properties.php
===================================================================
--- plog/trunk/install/corepermissions.properties.php 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/install/corepermissions.properties.php 2006-10-21 22:56:19 UTC (rev 4149)
@@ -15,26 +15,37 @@
*/
$permissions = Array(
Array( "login_perm", "login_perm_desc", true, true ),
+ Array( "blog_access", "blog_access_desc", true, true ),
Array( "add_post", "add_post_desc", true, false ),
Array( "update_post", "update_post_desc", true, false ),
+ Array( "view_posts", "view_posts_desc", true, false ),
Array( "add_category", "add_category_desc", true, false ),
Array( "update_category", "update_category_desc", true, false ),
+ Array( "view_categories", "view_categories_desc", true, false ),
Array( "add_link", "add_link_desc", true, false ),
Array( "update_link", "update_link_desc", true, false ),
+ Array( "view_links", "view_links_desc", true, false ),
Array( "add_link_category", "add_link_category_desc", true, false ),
Array( "update_link_category", "update_link_category_desc", true, false ),
+ Array( "view_link_categories", "view_link_categories_desc", true, false ),
Array( "update_comment", "update_comment_desc", true, false ),
+ Array( "view_comments", "view_comments_desc", true, false ),
Array( "update_trackback", "update_trackback_desc", true, false ),
+ Array( "view_trackbacks", "view_trackbacks_desc", true, false ),
Array( "add_custom_field", "add_custom_field_desc", true, false ),
Array( "update_custom_field", "update_custom_field_desc", true, false ),
+ Array( "view_custom_fields", "view_custom_fields_desc", true, false ),
Array( "add_resource", "add_resource_desc", true, false ),
- Array( "update_resource", "update_resource_desc", true, false ),
+ Array( "update_resource", "update_resource_desc", true, false ),
Array( "add_album", "add_album_desc", true, false ),
Array( "update_album", "update_album_desc", true, false ),
+ Array( "view_resources", "view_resources_desc", true, false ),
Array( "update_blog", "update_blog_desc", true, false ),
Array( "add_blog_user", "add_blog_user_desc", true, false ),
Array( "update_blog_user", "update_blog_user_desc", true, false ),
+ Array( "view_blog_users", "view_blog_users_desc", true, false ),
Array( "add_blog_template", "add_blog_template_desc", true, false ),
- Array( "update_blog_template", "update_blog_template_desc", true, false )
+ Array( "update_blog_template", "update_blog_template_desc", true, false ),
+ Array( "view_blog_templates", "view_blog_templates_desc", true, false )
);
?>
\ No newline at end of file
Modified: plog/trunk/templates/admin/editlinkcategories.template
===================================================================
--- plog/trunk/templates/admin/editlinkcategories.template 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/templates/admin/editlinkcategories.template 2006-10-21 22:56:19 UTC (rev 4149)
@@ -52,8 +52,12 @@
</td>
<td>
<div class="list_action_button">
+ {check_perms perm="update_link_category"}
<a href="?op=editLinkCategory&categoryId={$category->getId()}"><img src="imgs/admin/icon_edit-16.png" alt="{$locale->tr("edit")}" /></a>
+ {/check_perms}
+ {check_perms perm="update_link_category"}
<a href="?op=deleteLinkCategory&categoryId={$category->getId()}"><img src="imgs/admin/icon_delete-16.png" alt="{$locale->tr("delete")}" /></a>
+ {/check_perms}
</div>
</td>
</tr>
@@ -64,7 +68,9 @@
<div id="list_action_bar">
{adminpager style=list}
<input type="hidden" name="op" value="deleteLinkCategories"/>
- <input type="submit" name="Delete selected" value="{$locale->tr("delete")}"/>
+ {check_perms perm="update_link_category"}
+ <input type="submit" name="Delete selected" value="{$locale->tr("delete")}"/>
+ {/check_perms}
</div>
</form>
Modified: plog/trunk/templates/admin/editlinks.template
===================================================================
--- plog/trunk/templates/admin/editlinks.template 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/templates/admin/editlinks.template 2006-10-21 22:56:19 UTC (rev 4149)
@@ -39,9 +39,11 @@
</div>
<form id="links" action="admin.php" method="post">
-<div class="optionIcon">
- <a id="optionIconLink" href="#bulkEdit" title="{$locale->tr("show_massive_change_option")}" onclick="switchMassiveOption()">{$locale->tr("show_massive_change_option")}</a>
-</div>
+{check_perms perm="update_link"}
+ <div class="optionIcon">
+ <a id="optionIconLink" href="#bulkEdit" title="{$locale->tr("show_massive_change_option")}" onclick="switchMassiveOption()">{$locale->tr("show_massive_change_option")}</a>
+ </div>
+{/check_perms}
<div id="list">
{include file="$admintemplatepath/successmessage.template"}
{include file="$admintemplatepath/errormessage.template"}
@@ -76,12 +78,17 @@
</td>
<td>
<div class="list_action_button">
+ {check_perms perm="update_link"}
<a href="?op=editLink&linkId={$link->getId()}" title="{$locale->tr("edit")}">
<img src="imgs/admin/icon_edit-16.png" alt="{$locale->tr("edit")}" />
</a>
- <a href="?op=deleteLink&linkId={$link->getId()}" title="{$locale->tr("delete")}">
- <img src="imgs/admin/icon_delete-16.png" alt="{$locale->tr("delete")}" />
- </a>
+ {/check_perms}
+ {check_perms perm="update_link"}
+ {** if $user->hasPermissionByName("update_link",$blog->getId()) **}
+ <a href="?op=deleteLink&linkId={$link->getId()}" title="{$locale->tr("delete")}">
+ <img src="imgs/admin/icon_delete-16.png" alt="{$locale->tr("delete")}" />
+ </a>
+ {/check_perms}
</div>
</td>
</tr>
@@ -93,7 +100,9 @@
<div id="list_action_bar">
{adminpager style=list}
<input type="hidden" name="op" value="deleteLinks"/>
- <input type="submit" name="Delete selected" value="{$locale->tr("delete")}"/>
+ {check_perms perm="update_link"}
+ <input type="submit" name="Delete selected" value="{$locale->tr("delete")}"/>
+ {/check_perms}
<div id="massiveChangeOption" style="display: none; text-align: left;">
<fieldset>
<legend>{$locale->tr("massive_change_option")}</legend>
Modified: plog/trunk/templates/admin/main.template
===================================================================
--- plog/trunk/templates/admin/main.template 2006-10-21 21:41:59 UTC (rev 4148)
+++ plog/trunk/templates/admin/main.template 2006-10-21 22:56:19 UTC (rev 4149)
@@ -1,5 +1,11 @@
{include file="$admintemplatepath/header.template"}
{include file="$admintemplatepath/navigation.template" showOpt=Manage title=$locale->tr("Manage")}
+
+<div id="list">
+{include file="$admintemplatepath/successmessage.template"}
+{include file="$admintemplatepath/errormessage.template"}
+</div>
+
{$menu->generateAt("Manage",2)}
{include file="$admintemplatepath/footernavigation.template"}
{include file="$admintemplatepath/footer.template"}
More information about the pLog-svn
mailing list