diff options
author | Andrew Manning <tamanning@zoho.com> | 2016-06-02 22:27:26 -0400 |
---|---|---|
committer | Andrew Manning <tamanning@zoho.com> | 2016-06-02 22:27:26 -0400 |
commit | b70c6809648bb3c78e5e26f9293727b3a7aa4025 (patch) | |
tree | d62b402f57fd133951820759c4589b6d649e315a /include | |
parent | 8d284bab474c7e669ae9a639bdb22f7b28b95cc3 (diff) | |
download | volse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.tar.gz volse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.tar.bz2 volse-hubzilla-b70c6809648bb3c78e5e26f9293727b3a7aa4025.zip |
Major corrections to access control and page construction.
Diffstat (limited to 'include')
-rw-r--r-- | include/widgets.php | 24 | ||||
-rw-r--r-- | include/wiki.php | 13 |
2 files changed, 19 insertions, 18 deletions
diff --git a/include/widgets.php b/include/widgets.php index 536af8818..d9dac1afa 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -857,27 +857,27 @@ function widget_chatroom_members() { function widget_wiki_list($arr) { require_once("include/wiki.php"); - if (argc() > 1) { - $nick = argv(1); - $channel = get_channel_by_nick($nick); - } else { + $channel = null; + if (argc() < 2 && local_channel()) { + // This should not occur because /wiki should redirect to /wiki/channel ... $channel = \App::get_channel(); - $nick = $channel['channel_address']; - } - $wikis = wiki_list($channel, get_observer_hash()); - if (local_channel() === intval($channel['channel_id'])) { - $showControls = true; } else { - $showControls = false; + $channel = get_channel_by_nick(argv(1)); // Channel being viewed by observer } + if (!$channel) { + return ''; + } + $wikis = wiki_list($channel, get_observer_hash()); if ($wikis) { return replace_macros(get_markup_template('wikilist.tpl'), array( '$header' => t('Wiki List'), - '$channel' => $nick, + '$channel' => $channel['channel_address'], '$wikis' => $wikis['wikis'], - '$showControls' => $showControls + // If the observer is the local channel owner, show the wiki controls + '$showControls' => ((local_channel() === intval($channel['channel_id'])) ? true : false) )); } + return ''; } function widget_wiki_pages($arr) { diff --git a/include/wiki.php b/include/wiki.php index 14e8cc53a..84e7d8dfa 100644 --- a/include/wiki.php +++ b/include/wiki.php @@ -9,8 +9,9 @@ define ( 'WIKI_ITEM_RESOURCE_TYPE', 'wiki' ); function wiki_list($channel, $observer_hash) { $sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash); - $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND item_deleted = 0 $sql_extra", - dbesc(WIKI_ITEM_RESOURCE_TYPE) + $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra", + dbesc(WIKI_ITEM_RESOURCE_TYPE), + intval($channel['channel_id']) ); // TODO: query db for wikis the observer can access. Return with two lists, for read and write access return array('wikis' => $wikis); @@ -195,8 +196,8 @@ function wiki_create_page($name, $resource_id) { function wiki_get_page_content($arr) { $page = ((array_key_exists('page',$arr)) ? $arr['page'] : ''); // TODO: look for page resource_id and retrieve that way alternatively - $wiki_resource_id = ((array_key_exists('wiki_resource_id',$arr)) ? $arr['wiki_resource_id'] : ''); - $w = wiki_get_wiki($wiki_resource_id); + $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); + $w = wiki_get_wiki($resource_id); if (!$w['path']) { return array('content' => null, 'message' => 'Error reading wiki', 'success' => false); } @@ -230,7 +231,7 @@ function wiki_page_history($arr) { if($reponame === '') { $reponame = 'repo'; } - $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']); + $git = new GitRepo('', null, false, $w['wiki']['title'], $w['path']); try { $gitlog = $git->git->log('', $page_path , array('limit' => 50)); logger('gitlog: ' . json_encode($gitlog)); @@ -272,7 +273,7 @@ function wiki_git_commit($arr) { if($reponame === '') { $reponame = 'repo'; } - $git = new GitRepo('sys', null, false, $w['wiki']['title'], $w['path']); + $git = new GitRepo($observer['xchan_addr'], null, false, $w['wiki']['title'], $w['path']); try { $git->setIdentity($observer['xchan_name'], $observer['xchan_addr']); if ($files === null) { |