diff options
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Wiki.php | 217 |
1 files changed, 102 insertions, 115 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 9fd1234e3..edcd6ec58 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -54,41 +54,41 @@ class Wiki extends \Zotlabs\Web\Controller { // init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1 $nick = argv(1); - $channel = channelx_by_nick($nick); // The channel who owns the wikis being viewed - if(! $channel) { - notice('Invalid channel' . EOL); + $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed + if(! $owner) { + notice( t('Invalid channel') . EOL); goaway('/' . argv(0)); } // Determine if the observer is the channel owner so the ACL dialog can be populated - if (local_channel() === intval($channel['channel_id'])) { - $local_observer = \App::get_channel(); + if (local_channel() === intval($owner['channel_id'])) { + $wiki_owner = true; // Obtain the default permission settings of the channel - $channel_acl = array( - 'allow_cid' => $local_observer['channel_allow_cid'], - 'allow_gid' => $local_observer['channel_allow_gid'], - 'deny_cid' => $local_observer['channel_deny_cid'], - 'deny_gid' => $local_observer['channel_deny_gid'] + $owner_acl = array( + 'allow_cid' => $owner['channel_allow_cid'], + 'allow_gid' => $owner['channel_allow_gid'], + 'deny_cid' => $owner['channel_deny_cid'], + 'deny_gid' => $owner['channel_deny_gid'] ); // Initialize the ACL to the channel default permissions $x = array( - 'lockstate' => (( $local_observer['channel_allow_cid'] || - $local_observer['channel_allow_gid'] || - $local_observer['channel_deny_cid'] || - $local_observer['channel_deny_gid']) + 'lockstate' => (( $owner['channel_allow_cid'] || + $owner['channel_allow_gid'] || + $owner['channel_deny_cid'] || + $owner['channel_deny_gid']) ? 'lock' : 'unlock' ), - 'acl' => populate_acl($channel_acl), - 'allow_cid' => acl2json($channel_acl['allow_cid']), - 'allow_gid' => acl2json($channel_acl['allow_gid']), - 'deny_cid' => acl2json($channel_acl['deny_cid']), - 'deny_gid' => acl2json($channel_acl['deny_gid']), + 'acl' => populate_acl($owner_acl), + 'allow_cid' => acl2json($owner_acl['allow_cid']), + 'allow_gid' => acl2json($owner_acl['allow_gid']), + 'deny_cid' => acl2json($owner_acl['deny_cid']), + 'deny_gid' => acl2json($owner_acl['deny_gid']), 'bang' => '' ); } else { // Not the channel owner - $channel_acl = $x = array(); + $owner_acl = $x = array(); } // Download a wiki @@ -96,13 +96,13 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = argv(4); $w = wiki_get_wiki($resource_id); if (!$w['path']) { - notice('Error retrieving wiki' . EOL); + notice(t('Error retrieving wiki') . EOL); } $zip_folder_name = random_string(10); $zip_folderpath = '/tmp/' . $zip_folder_name; if (!mkdir($zip_folderpath, 0770, false)) { logger('Error creating zip file export folder: ' . $zip_folderpath, LOGGER_NORMAL); - notice('Error creating zip file export folder' . EOL); + notice(t('Error creating zip file export folder') . EOL); } $zip_filename = $w['urlName']; $zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename; @@ -144,9 +144,9 @@ class Wiki extends \Zotlabs\Web\Controller { // Fetch the wiki info and determine observer permissions $wikiUrlName = urlencode(argv(2)); $pageUrlName = urlencode(argv(3)); - $w = wiki_exists_by_name($channel['channel_id'], $wikiUrlName); + $w = wiki_exists_by_name($owner['channel_id'], $wikiUrlName); if(!$w['resource_id']) { - notice('Wiki not found' . EOL); + notice(t('Wiki not found') . EOL); goaway('/'.argv(0).'/'.argv(1)); } $resource_id = $w['resource_id']; @@ -154,9 +154,9 @@ class Wiki extends \Zotlabs\Web\Controller { if (!$wiki_owner) { // Check for observer permissions $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); if(!$perms['read']) { - notice('Permission denied.' . EOL); + notice(t('Permission denied.') . EOL); goaway('/'.argv(0).'/'.argv(1)); } if($perms['write']) { @@ -171,7 +171,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if(!$p['success']) { - notice('Error retrieving page content' . EOL); + notice(t('Error retrieving page content') . EOL); goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } $content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"'); @@ -216,7 +216,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$showNewPageButton'=> $showNewPageButton, '$hidePageHistory' => $hidePageHistory, '$showCommitMsg' => $showCommitMsg, - '$channel' => $channel['channel_address'], + '$channel' => $owner['channel_address'], '$resource_id' => $resource_id, '$page' => $pageUrlName, '$lockstate' => $x['lockstate'], @@ -253,6 +253,16 @@ class Wiki extends \Zotlabs\Web\Controller { function post() { require_once('include/wiki.php'); + + $nick = argv(1); + $owner = channelx_by_nick($nick); + $observer_hash = get_observer_hash(); + + if(! $owner) { + notice( t('Permission denied.') . EOL); + return; + } + // /wiki/channel/preview // Render mardown-formatted text in HTML for preview @@ -271,15 +281,14 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a new wiki // /wiki/channel/create/wiki if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) { - $nick = argv(1); - $channel = channelx_by_nick($nick); - // Determine if observer has permission to create wiki - $observer_hash = get_observer_hash(); + // Only the channel owner can create a wiki, at least until we create a // more detail permissions framework - if (local_channel() !== intval($channel['channel_id'])) { - goaway('/'.argv(0).'/'.$nick.'/'); + + if (local_channel() !== intval($owner['channel_id'])) { + goaway('/' . argv(0) . '/' . $nick . '/'); } + $wiki = array(); // Generate new wiki info from input name $wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1); @@ -287,34 +296,33 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode($_POST['wikiName']); if($wiki['urlName'] === '') { - notice('Error creating wiki. Invalid name.'); + notice( t('Error creating wiki. Invalid name.') . EOL); goaway('/wiki'); } // Get ACL for permissions - $acl = new \Zotlabs\Access\AccessList($channel); + $acl = new \Zotlabs\Access\AccessList($owner); $acl->set_from_array($_POST); - $r = wiki_create_wiki($channel, $observer_hash, $wiki, $acl); + $r = wiki_create_wiki($owner, $observer_hash, $wiki, $acl); if ($r['success']) { $homePage = wiki_create_page('Home', $r['item']['resource_id']); if(!$homePage['success']) { - notice('Wiki created, but error creating Home page.'); + notice( t('Wiki created, but error creating Home page.')); goaway('/wiki/'.$nick.'/'.$wiki['urlName']); } goaway('/wiki/'.$nick.'/'.$wiki['urlName'].'/'.$homePage['page']['urlName']); } else { - notice('Error creating wiki'); + notice(t('Error creating wiki')); goaway('/wiki'); } } // Delete a wiki if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) { - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Only the channel owner can delete a wiki, at least until we create a // more detail permissions framework - if (local_channel() !== intval($channel['channel_id'])) { - logger('Wiki delete permission denied.' . EOL); + if (local_channel() !== intval($owner['channel_id'])) { + logger('Wiki delete permission denied.'); json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false)); } $resource_id = $_POST['resource_id']; @@ -330,18 +338,17 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a page if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) { - $nick = argv(1); + $resource_id = $_POST['resource_id']; // Determine if observer has permission to create a page - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $name = $_POST['name']; //Get new page name if(urlencode(escape_tags($_POST['name'])) === '') { json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); @@ -358,15 +365,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Fetch page list for a wiki if ((argc() === 5) && (argv(2) === 'get') && (argv(3) === 'page') && (argv(4) === 'list')) { $resource_id = $_POST['resource_id']; // resource_id for wiki in db - $channel = channelx_by_nick(argv(1)); - $observer_hash = get_observer_hash(); - if (local_channel() !== intval($channel['channel_id'])) { - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); } + $page_list_html = widget_wiki_pages(array( 'resource_id' => $resource_id, 'refresh' => true, @@ -385,16 +390,12 @@ class Wiki extends \Zotlabs\Web\Controller { if ($commitMsg === '') { $commitMsg = 'Updated ' . $pageHtmlName; } - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Determine if observer has permission to save content - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } $saved = wiki_save_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content)); @@ -423,17 +424,15 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = $_POST['resource_id']; $pageUrlName = $_POST['name']; - $nick = argv(1); - $channel = channelx_by_nick($nick); + // Determine if observer has permission to read content - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); } + $historyHTML = widget_wiki_page_history(array( 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName @@ -449,16 +448,13 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => 'Cannot delete Home','success' => false)); } // Determine if observer has permission to delete pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $deleted = wiki_delete_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($deleted['success']) { $ob = \App::get_observer(); @@ -484,16 +480,13 @@ class Wiki extends \Zotlabs\Web\Controller { $pageUrlName = $_POST['name']; $commitHash = $_POST['commitHash']; // Determine if observer has permission to revert pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied.' . EOL); + json_return_and_die(array('success' => false)); } + $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($reverted['success']) { json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true)); @@ -509,16 +502,13 @@ class Wiki extends \Zotlabs\Web\Controller { $compareCommit = $_POST['compareCommit']; $currentCommit = $_POST['currentCommit']; // Determine if observer has permission to revert pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['read']) { - logger('Wiki read permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('success' => false)); } + $compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($compare['success']) { $diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff']; @@ -540,16 +530,13 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false)); } // Determine if observer has permission to rename pages - $nick = argv(1); - $channel = channelx_by_nick($nick); - if (local_channel() !== intval($channel['channel_id'])) { - $observer_hash = get_observer_hash(); - $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); - if(!$perms['write']) { - logger('Wiki write permission denied. ' . EOL); - json_return_and_die(array('success' => false)); - } + + $perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); } + $renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName)); if($renamed['success']) { $ob = \App::get_observer(); @@ -570,7 +557,7 @@ class Wiki extends \Zotlabs\Web\Controller { } } - //notice('You must be authenticated.'); + //notice( t('You must be authenticated.')); json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false)); } |