aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-11-11 22:55:24 -0800
committerfriendica <info@friendica.com>2014-11-11 22:55:24 -0800
commit9be4fcce551f32b19af0ba8cbbc71c6e3ef66632 (patch)
tree6b8e7bd48330b913b954ad8616d27e69df8e7fd4 /mod
parent4b9ec6645b79f4da1ad5e7dd20a04ca6ca4a3e4a (diff)
downloadvolse-hubzilla-9be4fcce551f32b19af0ba8cbbc71c6e3ef66632.tar.gz
volse-hubzilla-9be4fcce551f32b19af0ba8cbbc71c6e3ef66632.tar.bz2
volse-hubzilla-9be4fcce551f32b19af0ba8cbbc71c6e3ef66632.zip
uid not set in webpages.php, start on editwebpage.php
Diffstat (limited to 'mod')
-rw-r--r--mod/editwebpage.php108
-rw-r--r--mod/webpages.php2
2 files changed, 72 insertions, 38 deletions
diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index 41b5bb3e7..7b5f9f602 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -1,26 +1,74 @@
<?php
-// Required for setting permissions. (FIXME)
+require_once('include/identity.php');
+require_once('include/acl_selectors.php');
+
+function editwebpage_init(&$a) {
+
+ if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
+ $sys = get_sys_channel();
+ if($sys && intval($sys['channel_id'])) {
+ $a->is_sys = true;
+ }
+ }
+
+ if(argc() > 1)
+ $which = argv(1);
+ else
+ return;
+
+ profile_load($a,$which);
+
+}
-require_once('acl_selectors.php');
function editwebpage_content(&$a) {
- // We first need to figure out who owns the webpage, grab it from an argument
+ if(! $a->profile) {
+ notice( t('Requested profile is not available.') . EOL );
+ $a->error = 404;
+ return;
+ }
$which = argv(1);
- // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves.
-
- $r = q("select channel_id from channel where channel_address = '%s'",
- dbesc($which)
- );
- if($r) {
- $owner = intval($r[0]['channel_id']);
- //logger('owner: ' . print_r($owner,true));
+ $uid = local_user();
+ $owner = 0;
+ $channel = null;
+ $observer = $a->get_observer();
+
+ $channel = $a->get_channel();
+
+ if($a->is_sys && is_site_admin()) {
+ $sys = get_sys_channel();
+ if($sys && intval($sys['channel_id'])) {
+ $uid = $owner = intval($sys['channel_id']);
+ $channel = $sys;
+ $observer = $sys;
+ }
}
- $is_owner = ((local_user() && local_user() == $owner) ? true : false);
+ if(! $owner) {
+ // Figure out who the page owner is.
+ $r = q("select channel_id from channel where channel_address = '%s'",
+ dbesc($which)
+ );
+ if($r) {
+ $owner = intval($r[0]['channel_id']);
+ }
+ }
+
+ $ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+ $perms = get_all_perms($owner,$ob_hash);
+
+ if(! $perms['write_pages']) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
+
+ $is_owner = (($uid && $uid == $owner) ? true : false);
$o = '';
@@ -33,9 +81,6 @@ function editwebpage_content(&$a) {
return;
}
- // Now we've got a post and an owner, let's find out if we're allowed to edit it
-
- $observer = $a->get_observer();
$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
$perms = get_all_perms($owner,$ob_hash);
@@ -45,14 +90,13 @@ function editwebpage_content(&$a) {
return;
}
+ // We've already figured out which item we want and whose copy we need,
+ // so we don't need anything fancy here
-
- // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
intval($post_id),
intval($owner)
- );
-
+ );
if($itm[0]['item_flags'] & ITEM_OBSCURED) {
$key = get_config('system','prvkey');
@@ -63,23 +107,17 @@ function editwebpage_content(&$a) {
}
$item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1",
- $itm[0]['id']
+ intval($itm[0]['id'])
);
if($item_id)
$page_title = $item_id[0]['sid'];
-
-
-
$plaintext = true;
-// if(feature_enabled($itm[0]['uid'],'richtext'))
-// $plaintext = false;
-
$mimetype = $itm[0]['mimetype'];
if($mimetype === 'application/x-php') {
- if((! local_user()) || (local_user() != $itm[0]['uid'])) {
+ if((! $uid) || ($uid != $itm[0]['uid'])) {
notice( t('Permission denied.') . EOL);
return;
}
@@ -101,7 +139,6 @@ function editwebpage_content(&$a) {
else
$layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']);
-
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
'$title' => t('Edit Webpage')
));
@@ -112,7 +149,7 @@ function editwebpage_content(&$a) {
'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
'$ispublic' => '&nbsp;', // t('Visible to <strong>everybody</strong>'),
'$geotag' => $geotag,
- '$nickname' => $a->user['nickname'],
+ '$nickname' => $channel['channel_address'],
'$confirmdelete' => t('Delete webpage?')
));
@@ -124,12 +161,9 @@ function editwebpage_content(&$a) {
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
-
- $channel = $a->get_channel();
-
- //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
-//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list.
+ // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD
+ // instead of loading a sensible page. So, send folk to the webpage list.
$rp = 'webpages/' . $which;
@@ -171,16 +205,16 @@ function editwebpage_content(&$a) {
'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'),
'$bang' => '',
'$profile_uid' => (intval($owner)),
- '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
+ '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''),
'$jotplugins' => $jotplugins,
- '$sourceapp' => t($a->sourcename),
+ '$sourceapp' => $a->sourcename,
'$defexpire' => '',
'$feature_expire' => false,
'$expires' => t('Set expiration date'),
));
- $ob = get_observer_hash();
+ $ob = (($observer) ? $observer['xchan_hash'] : '');
if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob))
$o .= '<br /><br /><a class="page-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Webpage') . '</a><br />';
diff --git a/mod/webpages.php b/mod/webpages.php
index aca7559f9..baddebec8 100644
--- a/mod/webpages.php
+++ b/mod/webpages.php
@@ -33,7 +33,7 @@ function webpages_content(&$a) {
$which = argv(1);
- $uid = 0;
+ $uid = local_user();
$owner = 0;
$channel = null;
$observer = $a->get_observer();