aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-06-02 22:27:26 -0400
committerAndrew Manning <tamanning@zoho.com>2016-06-02 22:27:26 -0400
commitb70c6809648bb3c78e5e26f9293727b3a7aa4025 (patch)
treed62b402f57fd133951820759c4589b6d649e315a /include
parent8d284bab474c7e669ae9a639bdb22f7b28b95cc3 (diff)
downloadvolse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.tar.gz
volse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.tar.bz2
volse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.zip
Major corrections to access control and page construction.
Diffstat (limited to 'include')
-rw-r--r--include/widgets.php24
-rw-r--r--include/wiki.php13
2 files changed, 19 insertions, 18 deletions
diff --git a/include/widgets.php b/include/widgets.php
index 536af8818..d9dac1afa 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -857,27 +857,27 @@ function widget_chatroom_members() {
function widget_wiki_list($arr) {
require_once("include/wiki.php");
- if (argc() > 1) {
- $nick = argv(1);
- $channel = get_channel_by_nick($nick);
- } else {
+ $channel = null;
+ if (argc() < 2 && local_channel()) {
+ // This should not occur because /wiki should redirect to /wiki/channel ...
$channel = \App::get_channel();
- $nick = $channel['channel_address'];
- }
- $wikis = wiki_list($channel, get_observer_hash());
- if (local_channel() === intval($channel['channel_id'])) {
- $showControls = true;
} else {
- $showControls = false;
+ $channel = get_channel_by_nick(argv(1)); // Channel being viewed by observer
}
+ if (!$channel) {
+ return '';
+ }
+ $wikis = wiki_list($channel, get_observer_hash());
if ($wikis) {
return replace_macros(get_markup_template('wikilist.tpl'), array(
'$header' => t('Wiki List'),
- '$channel' => $nick,
+ '$channel' => $channel['channel_address'],
'$wikis' => $wikis['wikis'],
- '$showControls' => $showControls
+ // If the observer is the local channel owner, show the wiki controls
+ '$showControls' => ((local_channel() === intval($channel['channel_id'])) ? true : false)
));
}
+ return '';
}
function widget_wiki_pages($arr) {
diff --git a/include/wiki.php b/include/wiki.php
index 14e8cc53a..84e7d8dfa 100644
--- a/include/wiki.php
+++ b/include/wiki.php
@@ -9,8 +9,9 @@ define ( 'WIKI_ITEM_RESOURCE_TYPE', 'wiki' );
function wiki_list($channel, $observer_hash) {
$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
- $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND item_deleted = 0 $sql_extra",
- dbesc(WIKI_ITEM_RESOURCE_TYPE)
+ $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra",
+ dbesc(WIKI_ITEM_RESOURCE_TYPE),
+ intval($channel['channel_id'])
);
// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
return array('wikis' => $wikis);
@@ -195,8 +196,8 @@ function wiki_create_page($name, $resource_id) {
function wiki_get_page_content($arr) {
$page = ((array_key_exists('page',$arr)) ? $arr['page'] : '');
// TODO: look for page resource_id and retrieve that way alternatively
- $wiki_resource_id = ((array_key_exists('wiki_resource_id',$arr)) ? $arr['wiki_resource_id'] : '');
- $w = wiki_get_wiki($wiki_resource_id);
+ $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+ $w = wiki_get_wiki($resource_id);
if (!$w['path']) {
return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
}
@@ -230,7 +231,7 @@ function wiki_page_history($arr) {
if($reponame === '') {
$reponame = 'repo';
}
- $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']);
+ $git = new GitRepo('', null, false, $w['wiki']['title'], $w['path']);
try {
$gitlog = $git->git->log('', $page_path , array('limit' => 50));
logger('gitlog: ' . json_encode($gitlog));
@@ -272,7 +273,7 @@ function wiki_git_commit($arr) {
if($reponame === '') {
$reponame = 'repo';
}
- $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']);
+ $git = new GitRepo($observer['xchan_addr'], null, false, $w['wiki']['title'], $w['path']);
try {
$git->setIdentity($observer['xchan_name'], $observer['xchan_addr']);
if ($files === null) {