aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Zotlabs/Module/Wiki.php217
-rw-r--r--include/wiki.php28
2 files changed, 117 insertions, 128 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 9fd1234e3..edcd6ec58 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -54,41 +54,41 @@ class Wiki extends \Zotlabs\Web\Controller {
// init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1
$nick = argv(1);
- $channel = channelx_by_nick($nick); // The channel who owns the wikis being viewed
- if(! $channel) {
- notice('Invalid channel' . EOL);
+ $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed
+ if(! $owner) {
+ notice( t('Invalid channel') . EOL);
goaway('/' . argv(0));
}
// Determine if the observer is the channel owner so the ACL dialog can be populated
- if (local_channel() === intval($channel['channel_id'])) {
- $local_observer = \App::get_channel();
+ if (local_channel() === intval($owner['channel_id'])) {
+
$wiki_owner = true;
// Obtain the default permission settings of the channel
- $channel_acl = array(
- 'allow_cid' => $local_observer['channel_allow_cid'],
- 'allow_gid' => $local_observer['channel_allow_gid'],
- 'deny_cid' => $local_observer['channel_deny_cid'],
- 'deny_gid' => $local_observer['channel_deny_gid']
+ $owner_acl = array(
+ 'allow_cid' => $owner['channel_allow_cid'],
+ 'allow_gid' => $owner['channel_allow_gid'],
+ 'deny_cid' => $owner['channel_deny_cid'],
+ 'deny_gid' => $owner['channel_deny_gid']
);
// Initialize the ACL to the channel default permissions
$x = array(
- 'lockstate' => (( $local_observer['channel_allow_cid'] ||
- $local_observer['channel_allow_gid'] ||
- $local_observer['channel_deny_cid'] ||
- $local_observer['channel_deny_gid'])
+ 'lockstate' => (( $owner['channel_allow_cid'] ||
+ $owner['channel_allow_gid'] ||
+ $owner['channel_deny_cid'] ||
+ $owner['channel_deny_gid'])
? 'lock' : 'unlock'
),
- 'acl' => populate_acl($channel_acl),
- 'allow_cid' => acl2json($channel_acl['allow_cid']),
- 'allow_gid' => acl2json($channel_acl['allow_gid']),
- 'deny_cid' => acl2json($channel_acl['deny_cid']),
- 'deny_gid' => acl2json($channel_acl['deny_gid']),
+ 'acl' => populate_acl($owner_acl),
+ 'allow_cid' => acl2json($owner_acl['allow_cid']),
+ 'allow_gid' => acl2json($owner_acl['allow_gid']),
+ 'deny_cid' => acl2json($owner_acl['deny_cid']),
+ 'deny_gid' => acl2json($owner_acl['deny_gid']),
'bang' => ''
);
} else {
// Not the channel owner
- $channel_acl = $x = array();
+ $owner_acl = $x = array();
}
// Download a wiki
@@ -96,13 +96,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = argv(4);
$w = wiki_get_wiki($resource_id);
if (!$w['path']) {
- notice('Error retrieving wiki' . EOL);
+ notice(t('Error retrieving wiki') . EOL);
}
$zip_folder_name = random_string(10);
$zip_folderpath = '/tmp/' . $zip_folder_name;
if (!mkdir($zip_folderpath, 0770, false)) {
logger('Error creating zip file export folder: ' . $zip_folderpath, LOGGER_NORMAL);
- notice('Error creating zip file export folder' . EOL);
+ notice(t('Error creating zip file export folder') . EOL);
}
$zip_filename = $w['urlName'];
$zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename;
@@ -144,9 +144,9 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch the wiki info and determine observer permissions
$wikiUrlName = urlencode(argv(2));
$pageUrlName = urlencode(argv(3));
- $w = wiki_exists_by_name($channel['channel_id'], $wikiUrlName);
+ $w = wiki_exists_by_name($owner['channel_id'], $wikiUrlName);
if(!$w['resource_id']) {
- notice('Wiki not found' . EOL);
+ notice(t('Wiki not found') . EOL);
goaway('/'.argv(0).'/'.argv(1));
}
$resource_id = $w['resource_id'];
@@ -154,9 +154,9 @@ class Wiki extends \Zotlabs\Web\Controller {
if (!$wiki_owner) {
// Check for observer permissions
$observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
- notice('Permission denied.' . EOL);
+ notice(t('Permission denied.') . EOL);
goaway('/'.argv(0).'/'.argv(1));
}
if($perms['write']) {
@@ -171,7 +171,7 @@ class Wiki extends \Zotlabs\Web\Controller {
$wikiheaderPage = urldecode($pageUrlName);
$p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if(!$p['success']) {
- notice('Error retrieving page content' . EOL);
+ notice(t('Error retrieving page content') . EOL);
goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName);
}
$content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"');
@@ -216,7 +216,7 @@ class Wiki extends \Zotlabs\Web\Controller {
'$showNewPageButton'=> $showNewPageButton,
'$hidePageHistory' => $hidePageHistory,
'$showCommitMsg' => $showCommitMsg,
- '$channel' => $channel['channel_address'],
+ '$channel' => $owner['channel_address'],
'$resource_id' => $resource_id,
'$page' => $pageUrlName,
'$lockstate' => $x['lockstate'],
@@ -253,6 +253,16 @@ class Wiki extends \Zotlabs\Web\Controller {
function post() {
require_once('include/wiki.php');
+
+ $nick = argv(1);
+ $owner = channelx_by_nick($nick);
+ $observer_hash = get_observer_hash();
+
+ if(! $owner) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
// /wiki/channel/preview
// Render mardown-formatted text in HTML for preview
@@ -271,15 +281,14 @@ class Wiki extends \Zotlabs\Web\Controller {
// Create a new wiki
// /wiki/channel/create/wiki
if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) {
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- // Determine if observer has permission to create wiki
- $observer_hash = get_observer_hash();
+
// Only the channel owner can create a wiki, at least until we create a
// more detail permissions framework
- if (local_channel() !== intval($channel['channel_id'])) {
- goaway('/'.argv(0).'/'.$nick.'/');
+
+ if (local_channel() !== intval($owner['channel_id'])) {
+ goaway('/' . argv(0) . '/' . $nick . '/');
}
+
$wiki = array();
// Generate new wiki info from input name
$wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1);
@@ -287,34 +296,33 @@ class Wiki extends \Zotlabs\Web\Controller {
$wiki['htmlName'] = escape_tags($_POST['wikiName']);
$wiki['urlName'] = urlencode($_POST['wikiName']);
if($wiki['urlName'] === '') {
- notice('Error creating wiki. Invalid name.');
+ notice( t('Error creating wiki. Invalid name.') . EOL);
goaway('/wiki');
}
// Get ACL for permissions
- $acl = new \Zotlabs\Access\AccessList($channel);
+ $acl = new \Zotlabs\Access\AccessList($owner);
$acl->set_from_array($_POST);
- $r = wiki_create_wiki($channel, $observer_hash, $wiki, $acl);
+ $r = wiki_create_wiki($owner, $observer_hash, $wiki, $acl);
if ($r['success']) {
$homePage = wiki_create_page('Home', $r['item']['resource_id']);
if(!$homePage['success']) {
- notice('Wiki created, but error creating Home page.');
+ notice( t('Wiki created, but error creating Home page.'));
goaway('/wiki/'.$nick.'/'.$wiki['urlName']);
}
goaway('/wiki/'.$nick.'/'.$wiki['urlName'].'/'.$homePage['page']['urlName']);
} else {
- notice('Error creating wiki');
+ notice(t('Error creating wiki'));
goaway('/wiki');
}
}
// Delete a wiki
if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) {
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Only the channel owner can delete a wiki, at least until we create a
// more detail permissions framework
- if (local_channel() !== intval($channel['channel_id'])) {
- logger('Wiki delete permission denied.' . EOL);
+ if (local_channel() !== intval($owner['channel_id'])) {
+ logger('Wiki delete permission denied.');
json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false));
}
$resource_id = $_POST['resource_id'];
@@ -330,18 +338,17 @@ class Wiki extends \Zotlabs\Web\Controller {
// Create a page
if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) {
- $nick = argv(1);
+
$resource_id = $_POST['resource_id'];
// Determine if observer has permission to create a page
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$name = $_POST['name']; //Get new page name
if(urlencode(escape_tags($_POST['name'])) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false));
@@ -358,15 +365,13 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch page list for a wiki
if ((argc() === 5) && (argv(2) === 'get') && (argv(3) === 'page') && (argv(4) === 'list')) {
$resource_id = $_POST['resource_id']; // resource_id for wiki in db
- $channel = channelx_by_nick(argv(1));
- $observer_hash = get_observer_hash();
- if (local_channel() !== intval($channel['channel_id'])) {
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
}
+
$page_list_html = widget_wiki_pages(array(
'resource_id' => $resource_id,
'refresh' => true,
@@ -385,16 +390,12 @@ class Wiki extends \Zotlabs\Web\Controller {
if ($commitMsg === '') {
$commitMsg = 'Updated ' . $pageHtmlName;
}
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Determine if observer has permission to save content
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
$saved = wiki_save_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content));
@@ -423,17 +424,15 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = $_POST['resource_id'];
$pageUrlName = $_POST['name'];
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
+
// Determine if observer has permission to read content
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
}
+
$historyHTML = widget_wiki_page_history(array(
'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName
@@ -449,16 +448,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Cannot delete Home','success' => false));
}
// Determine if observer has permission to delete pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$deleted = wiki_delete_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($deleted['success']) {
$ob = \App::get_observer();
@@ -484,16 +480,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$pageUrlName = $_POST['name'];
$commitHash = $_POST['commitHash'];
// Determine if observer has permission to revert pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied.' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied.' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($reverted['success']) {
json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true));
@@ -509,16 +502,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$compareCommit = $_POST['compareCommit'];
$currentCommit = $_POST['currentCommit'];
// Determine if observer has permission to revert pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['read']) {
- logger('Wiki read permission denied.' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['read']) {
+ logger('Wiki read permission denied.' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($compare['success']) {
$diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff'];
@@ -540,16 +530,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
}
// Determine if observer has permission to rename pages
- $nick = argv(1);
- $channel = channelx_by_nick($nick);
- if (local_channel() !== intval($channel['channel_id'])) {
- $observer_hash = get_observer_hash();
- $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
- if(!$perms['write']) {
- logger('Wiki write permission denied. ' . EOL);
- json_return_and_die(array('success' => false));
- }
+
+ $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
+ if(!$perms['write']) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
}
+
$renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName));
if($renamed['success']) {
$ob = \App::get_observer();
@@ -570,7 +557,7 @@ class Wiki extends \Zotlabs\Web\Controller {
}
}
- //notice('You must be authenticated.');
+ //notice( t('You must be authenticated.'));
json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false));
}
diff --git a/include/wiki.php b/include/wiki.php
index 1d1e20e27..ffa8b66d3 100644
--- a/include/wiki.php
+++ b/include/wiki.php
@@ -13,11 +13,13 @@ function wiki_list($channel, $observer_hash) {
dbesc(WIKI_ITEM_RESOURCE_TYPE),
intval($channel['channel_id'])
);
- foreach($wikis as &$w) {
- $w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
- $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName');
- $w['urlName'] = get_iconfig($w, 'wiki', 'urlName');
- $w['path'] = get_iconfig($w, 'wiki', 'path');
+ if($wikis) {
+ foreach($wikis as &$w) {
+ $w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
+ $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName');
+ $w['urlName'] = get_iconfig($w, 'wiki', 'urlName');
+ $w['path'] = get_iconfig($w, 'wiki', 'path');
+ }
}
// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
return array('wikis' => $wikis);
@@ -125,7 +127,7 @@ function wiki_create_wiki($channel, $observer_hash, $wiki, $acl) {
$item_id = $post['item_id'];
if ($item_id) {
- proc_run('php', "include/notifier.php", "activity", $item_id);
+ \Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id));
return array('item' => $arr, 'success' => true);
} else {
return array('item' => null, 'success' => false);
@@ -192,23 +194,23 @@ function wiki_exists_by_name($uid, $urlName) {
function wiki_get_permissions($resource_id, $owner_id, $observer_hash) {
// TODO: For now, only the owner can edit
$sql_extra = item_permissions_sql($owner_id, $observer_hash);
+
+ if(local_channel() && local_channel == $owner_id) {
+ return [ 'read' => true, 'write' => true, 'success' => true ];
+ }
+
$r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1",
intval($owner_id),
dbesc(WIKI_ITEM_RESOURCE_TYPE),
dbesc($resource_id)
);
-
+
if (!$r) {
return array('read' => false, 'write' => false, 'success' => true);
} else {
- $perms = get_all_perms($owner_id, $observer_hash);
// TODO: Create a new permission setting for wiki analogous to webpages. Until
// then, use webpage permissions
- if (!$perms['write_pages']) {
- $write = false;
- } else {
- $write = true;
- }
+ $write = perm_is_allowed($owner_id, $observer_hash,'write_pages');
return array('read' => true, 'write' => $write, 'success' => true);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 16:12:53 +0000