diff options
-rw-r--r-- | mod/connections.php | 2 | ||||
-rw-r--r-- | mod/editwebpage.php | 53 | ||||
-rwxr-xr-x | mod/events.php | 2 | ||||
-rw-r--r-- | mod/webpages.php | 6 | ||||
-rwxr-xr-x | view/tpl/nav.tpl | 2 | ||||
-rw-r--r-- | view/tpl/webpagelist.tpl | 13 |
6 files changed, 61 insertions, 17 deletions
diff --git a/mod/connections.php b/mod/connections.php index 88291ba8d..2ba65fc0e 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -159,7 +159,7 @@ function connections_content(&$a) { $sort_type = 0; $o = ''; - nav_set_selected('connections'); + nav_set_selected('intros'); if(! local_user()) { diff --git a/mod/editwebpage.php b/mod/editwebpage.php index d15d9f364..c7323a7f7 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -5,26 +5,50 @@ require_once('acl_selectors.php'); function editwebpage_content(&$a) { +// We first need to figure out who owns the webpage, grab it from an argument + $which = argv(1); + +// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. + $owner = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + + + if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + } + + $o = ''; - // We can do better, but for now, editing only works for your own pages, so... - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - $post_id = ((argc() > 1) ? intval(argv(1)) : 0); +// Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + if(! $post_id) { notice( t('Item not found') . EOL); return; } - // uid and author_xchan alone should be enough - but it doesn't seem to be any more expensive to use both, so keep it in case of edge cases - $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s and author_xchan = '%s' LIMIT 1", +// Now we've got a post and an owner, let's find out if we're allowed to edit it + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + + +// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), - intval(local_user()), - dbesc(get_observer_hash()) + intval($owner) ); @@ -61,9 +85,14 @@ function editwebpage_content(&$a) { //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); +//FIXME A return path with $_SESSION doesn't work for observer (at least, not here it doesn't). It'll WSoD instead of loading a sensible page. So, send folk +//back to the channel address until somebody figures out how to fix it - we can't send them back to webpages, because that could leak private pages they can't see +//when ACL is done. + + $rp = 'channel' . '/' . $which; $o .= replace_macros($tpl,array( - '$return_path' => $_SESSION['return_url'], + '$return_path' => $rp, '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), @@ -93,7 +122,7 @@ function editwebpage_content(&$a) { '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', - '$profile_uid' => local_user(), + '$profile_uid' => (intval($owner)), '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), diff --git a/mod/events.php b/mod/events.php index 44f7522ad..f43a99cba 100755 --- a/mod/events.php +++ b/mod/events.php @@ -135,6 +135,8 @@ function events_content(&$a) { return; } + nav_set_selected('all_events'); + if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { $r = q("update event set ignore = 1 where id = %d and uid = %d limit 1", intval(argv(2)), diff --git a/mod/webpages.php b/mod/webpages.php index cf6a99d1e..f2026ea0b 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -60,10 +60,12 @@ $r = q("select * from item_id where uid = %d and service = 'WEBPAGE'", } - +//Build the base URL for edit links + $url = z_root() . "/editwebpage/" . $a->profile['channel_address']; // This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( - '$editlink' => t('Edit'), + '$baseurl' => $url, + '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $a->profile['channel_address'], '$view' => t('View'), diff --git a/view/tpl/nav.tpl b/view/tpl/nav.tpl index 926e5625e..352eecd42 100755 --- a/view/tpl/nav.tpl +++ b/view/tpl/nav.tpl @@ -97,7 +97,7 @@ {{/if}} {{if $nav.notifications}} - <li id="nav-notify-linkmenu" class="nav-menu fakelink"> + <li id="nav-notify-linkmenu" class="nav-menu fakelink {{$sel.notifications}}"> <a href="{{$nav.notifications.0}}" title="{{$nav.notifications.1}}">{{$nav.notifications.1}}</a> <span id="notify-update" class="nav-notify fakelink" rel="#nav-notify-menu"></span> <ul id="nav-notify-menu" class="menu-popup notify-menus" rel="notify"> diff --git a/view/tpl/webpagelist.tpl b/view/tpl/webpagelist.tpl index 5c00dee6b..d94d78067 100644 --- a/view/tpl/webpagelist.tpl +++ b/view/tpl/webpagelist.tpl @@ -1,9 +1,20 @@ +<script type="text/javascript" charset="utf-8"> + $(document).ready(function(){ + $("a[rel^='prettyPhoto']").prettyPhoto({theme: 'dark_rounded'}); + }); +</script> + {{if $pages}} <div id="pagelist-content-wrapper"> {{foreach $pages as $key => $items}} {{foreach $items as $item}} - <div class="page-list-item"><a href="editwebpage/{{$item.url}}">{{$editlink}}</a> | <a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a> {{$item.title}}</div> + <div class="page-list-item"><a href="{{$baseurl}}/{{$item.url}}">{{$edit}}</a> | + <a href="page/{{$channel}}/{{$item.title}}">{{$view}}</a> + {{$item.title}} | + <a href="page/{{$channel}}/{{$item.title}}?iframe=true&width=80%&height=80%" rel="prettyPhoto[iframes]">Preview</a> + +</div> {{/foreach}} {{/foreach}} </div> |