[pLog-svn] r4191 - in plog/trunk: class/action/admin install locale
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Thu Oct 26 22:19:47 GMT 2006
Author: oscar
Date: 2006-10-26 22:19:46 +0000 (Thu, 26 Oct 2006)
New Revision: 4191
Modified:
plog/trunk/class/action/admin/admindeletepostaction.class.php
plog/trunk/class/action/admin/admineditpostaction.class.php
plog/trunk/class/action/admin/adminupdatepostaction.class.php
plog/trunk/install/corepermissions.properties.php
plog/trunk/locale/locale_en_UK.php
Log:
added two new permission: one that will allow users to see somebody else's articles and another one that will allow users to update somebody else's article.
Modified: plog/trunk/class/action/admin/admindeletepostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletepostaction.class.php 2006-10-26 21:54:52 UTC (rev 4190)
+++ plog/trunk/class/action/admin/admindeletepostaction.class.php 2006-10-26 22:19:46 UTC (rev 4191)
@@ -61,14 +61,23 @@
// fire the event
$this->notifyEvent( EVENT_PRE_POST_DELETE, Array( "article" => &$post ));
- //
- // the next if-else branch allows a site administrator or the blog owner to remove
- // anybody's articles. If not, then users can only remove their own articles
- //
- if( $this->_userInfo->isSiteAdmin() || $this->_blogInfo->getOwner() == $this->_userInfo->getId())
+ $canDelete = false;
+ $userId = 0;
+ if( $this->userHasPermission( "update_all_user_articles" ))
+ $canDelete = true;
+ else {
+ if( $post->getUserId() != $this->_userInfo->getId())
+ $canDelete = false;
+ else
+ $canDelete = true;
+ }
+
+ if( $canDelete )
$result = $articles->deleteArticle( $postId, $post->getUser(), $this->_blogInfo->getId(), false );
- else
- $result = $articles->deleteArticle( $postId, $this->_userInfo->getId(), $this->_blogInfo->getId(), false );
+ else {
+ $errorMessage .= $this->_locale->tr("error_can_only_update_own_articles")." ";
+ $result = false;
+ }
if( !$result ) {
$errorMessage .= $this->_locale->pr("error_deleting_article", $post->getTopic())."<br/>";
Modified: plog/trunk/class/action/admin/admineditpostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admineditpostaction.class.php 2006-10-26 21:54:52 UTC (rev 4190)
+++ plog/trunk/class/action/admin/admineditpostaction.class.php 2006-10-26 22:19:46 UTC (rev 4191)
@@ -59,7 +59,22 @@
return false;
}
-
+
+ // if the user does not have the 'view_all_user_articles' permission, then
+ // we have to check whether the original poster of the article and the current
+ // user match
+ if( !$this->userHasPermission( "view_all_user_articles" )) {
+ if( $post->getUserId() != $this->_userInfo->getId()) {
+ $this->_view = new AdminPostsListView( $this->_blogInfo );
+ $this->_view->setErrorMessage( $this->_locale->tr("error_can_only_view_own_articles" ));
+ $this->setCommonData();
+
+ return false;
+ }
+ }
+
+
+
// throw the event
$this->notifyEvent( EVENT_POST_LOADED, Array( "article" => &$post, "from" => "editPost" ));
Modified: plog/trunk/class/action/admin/adminupdatepostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdatepostaction.class.php 2006-10-26 21:54:52 UTC (rev 4190)
+++ plog/trunk/class/action/admin/adminupdatepostaction.class.php 2006-10-26 22:19:46 UTC (rev 4191)
@@ -91,6 +91,19 @@
return false;
}
+ // if the user does not have the 'update_all_user_articles' permission, then
+ // we have to check whether the original poster of the article and the current
+ // user match
+ if( !$this->userHasPermission( "update_all_user_articles" )) {
+ if( $post->getUserId() != $this->_userInfo->getId()) {
+ $this->_view = new AdminPostsListView( $this->_blogInfo );
+ $this->_view->setErrorMessage( $this->_locale->tr("error_can_only_update_own_articles" ));
+ $this->setCommonData();
+
+ return false;
+ }
+ }
+
// if we got it, update some fields
$post->setTopic( stripslashes($this->_postTopic));
$postText = $this->_postText.POST_EXTENDED_TEXT_MODIFIER.$this->_postExtendedText;
Modified: plog/trunk/install/corepermissions.properties.php
===================================================================
--- plog/trunk/install/corepermissions.properties.php 2006-10-26 21:54:52 UTC (rev 4190)
+++ plog/trunk/install/corepermissions.properties.php 2006-10-26 22:19:46 UTC (rev 4191)
@@ -47,6 +47,8 @@
Array( "add_blog_template", "add_blog_template_desc", true, false ),
Array( "update_blog_template", "update_blog_template_desc", true, false ),
Array( "view_blog_templates", "view_blog_templates_desc", true, false ),
- Array( "view_blog_stats", "view_blog_stats_desc", true, false )
+ Array( "view_blog_stats", "view_blog_stats_desc", true, false ),
+ Array( "view_all_user_articles", "view_all_user_articles_desc", true, false ),
+ Array( "update_all_user_articles", "update_all_user_articles_desc", true, false )
);
?>
\ No newline at end of file
Modified: plog/trunk/locale/locale_en_UK.php
===================================================================
--- plog/trunk/locale/locale_en_UK.php 2006-10-26 21:54:52 UTC (rev 4190)
+++ plog/trunk/locale/locale_en_UK.php 2006-10-26 22:19:46 UTC (rev 4191)
@@ -1145,4 +1145,9 @@
$messages['summary_welcome_msg'] = 'Welcome, %s!';
$messages['summary_go_to_admin'] = 'Go to admin interface';
+
+$messages['error_can_only_update_own_articles'] = 'Your permissions allow you only to modify your own articles.';
+$messages['update_all_user_articles_desc'] = 'Allow to modify other users\' articles';
+$messages['error_can_only_view_own_articles'] = 'Your permissions allow you only to see your own articles.';
+$messages['view_all_user_articles_desc'] = 'Allow to view other users\' articles';
?>
\ No newline at end of file
More information about the pLog-svn
mailing list