diff options
| author | Andrew Manning <tamanning@zoho.com> | 2016-04-20 21:05:01 -0400 |
|---|---|---|
| committer | Andrew Manning <tamanning@zoho.com> | 2016-04-20 21:05:01 -0400 |
| commit | b96eb1c8230ae2f5986d6f22934c606bbca9728e (patch) | |
| tree | fecd2279927b61da28801094dc7d6b1cfa8d98fe /Zotlabs/Module/Block.php | |
| parent | 7594796ee11c0b245d02d145868a13ac3d84ebfc (diff) | |
| parent | 635580091a227529cb491e6441a5acbfff3177be (diff) | |
| download | volse-hubzilla-b96eb1c8230ae2f5986d6f22934c606bbca9728e.tar.gz volse-hubzilla-b96eb1c8230ae2f5986d6f22934c606bbca9728e.tar.bz2 volse-hubzilla-b96eb1c8230ae2f5986d6f22934c606bbca9728e.zip | |
Merge branch 'dev' into toggle-context-help
Diffstat (limited to 'Zotlabs/Module/Block.php')
| -rw-r--r-- | Zotlabs/Module/Block.php | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/Zotlabs/Module/Block.php b/Zotlabs/Module/Block.php new file mode 100644 index 000000000..062befdb5 --- /dev/null +++ b/Zotlabs/Module/Block.php @@ -0,0 +1,92 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/items.php'); +require_once('include/conversation.php'); +require_once('include/page_widgets.php'); + + +class Block extends \Zotlabs\Web\Controller { + + function init() { + + $which = argv(1); + $profile = 0; + profile_load($a,$which,$profile); + + if(\App::$profile['profile_uid']) + head_set_icon(\App::$profile['thumb']); + + } + + + function get() { + + if(! perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'view_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + if(argc() < 3) { + notice( t('Invalid item.') . EOL); + return; + } + + $channel_address = argv(1); + $page_id = argv(2); + + $u = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_address) + ); + + if(! $u) { + notice( t('Channel not found.') . EOL); + return; + } + + if($_REQUEST['rev']) + $revision = " and revision = " . intval($_REQUEST['rev']) . " "; + else + $revision = " order by revision desc "; + + require_once('include/security.php'); + $sql_options = item_permissions_sql($u[0]['channel_id']); + + $r = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + item_type = %d $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_BLOCK) + ); + + if(! $r) { + + // Check again with no permissions clause to see if it is a permissions issue + + $x = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + item_type = %d $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_BLOCK) + ); + if($x) { + // Yes, it's there. You just aren't allowed to see it. + notice( t('Permission denied.') . EOL); + } + else { + notice( t('Page not found.') . EOL); + } + return; + } + + xchan_query($r); + $r = fetch_post_tags($r,true); + + $o .= prepare_page($r[0]); + return $o; + + } + +} |