diff options
author | redmatrix <git@macgirvin.com> | 2016-04-18 20:38:38 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-04-18 20:38:38 -0700 |
commit | 2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289 (patch) | |
tree | 2376d950ba2bdc7753336a3e2b94865c95c238f2 /Zotlabs/Module/Editwebpage.php | |
parent | 2a61817bad96526994c0499f1fc0a843a9cc9405 (diff) | |
download | volse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.tar.gz volse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.tar.bz2 volse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.zip |
module updates
Diffstat (limited to 'Zotlabs/Module/Editwebpage.php')
-rw-r--r-- | Zotlabs/Module/Editwebpage.php | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php new file mode 100644 index 000000000..01d9e8aad --- /dev/null +++ b/Zotlabs/Module/Editwebpage.php @@ -0,0 +1,239 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + + +class Editwebpage extends \Zotlabs\Web\Controller { + + function init() { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + \App::$is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + + } + + + function get() { + + if(! \App::$profile) { + notice( t('Requested profile is not available.') . EOL ); + \App::$error = 404; + return; + } + + $which = argv(1); + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = \App::get_observer(); + + $channel = \App::get_channel(); + + if(\App::$is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + // We've already figured out which item we want and whose copy we need, + // so we don't need anything fancy here + + $sql_extra = item_permissions_sql($owner); + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1", + intval($post_id), + intval($owner) + ); + + if(! $itm) { + notice( t('Permission denied.') . EOL); + return; + } + + if(intval($itm[0]['item_obscured'])) { + $key = get_config('system','prvkey'); + if($itm[0]['title']) + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); + if($itm[0]['body']) + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); + } + + $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $page_title = $item_id[0]['sid']; + + $plaintext = true; + + $mimetype = $itm[0]['mimetype']; + + if($mimetype === 'application/x-php') { + if((! $uid) || ($uid != $itm[0]['uid'])) { + notice( t('Permission denied.') . EOL); + return; + } + } + + $mimeselect = ''; + + if($mimetype != 'text/bbcode') + $plaintext = true; + + if(get_config('system','page_mimetype')) + $mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />'; + else + $mimeselect = mimetype_select($itm[0]['uid'],$mimetype); + + $layout = get_config('system','page_layout'); + if($layout) + $layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />'; + else + $layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']); + + \App::$page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => z_root(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$pretext' => '', + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], + '$confirmdelete' => t('Delete webpage?'), + '$bbco_autocomplete'=> (($mimetype == 'text/bbcode') ? 'bbcode' : '') + )); + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. + + $rp = 'webpages/' . $which; + + $editor = replace_macros($tpl,array( + '$return_path' => $rp, + '$webpage' => ITEM_TYPE_WEBPAGE, + '$placeholdpagetitle' => t('Page link title'), + '$pagetitle' => $page_title, + '$writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_storage'), + '$action' => 'item', + '$share' => t('Edit'), + '$bold' => t('Bold'), + '$italic' => t('Italic'), + '$underline' => t('Underline'), + '$quote' => t('Quote'), + '$code' => t('Code'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => ((get_pconfig($uid, 'system', 'use_browser_location')) ? t('Clear browser location') : ''), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => z_root(), + '$defloc' => $itm[0]['location'], + '$visitor' => ($is_owner) ? true : false, + '$acl' => populate_acl($itm[0],false), + '$showacl' => ($is_owner) ? true : false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$mimeselect' => $mimeselect, + '$layoutselect' => $layoutselect, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Title (optional)'), + '$category' => '', + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => t('Preview'), + '$jotplugins' => $jotplugins, + '$sourceapp' => \App::$sourcename, + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), + '$bbcode' => (($mimetype == 'text/bbcode') ? true : false) + )); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Webpage'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$editor' => $editor, + '$id' => $itm[0]['id'] + )); + + return $o; + + } + + + +} |