diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/blocks.php | 160 | ||||
-rw-r--r-- | mod/editblock.php | 197 | ||||
-rw-r--r-- | mod/editlayout.php | 5 | ||||
-rw-r--r-- | mod/editwebpage.php | 5 |
4 files changed, 211 insertions, 156 deletions
diff --git a/mod/blocks.php b/mod/blocks.php index 3f2bef116..6237a645b 100644 --- a/mod/blocks.php +++ b/mod/blocks.php @@ -1,108 +1,140 @@ <?php -function blocks_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +function blocks_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function blocks_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - profile_load($a,$which,0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - } + $channel = $a->get_channel(); - // Block design features from visitors + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } - if((! local_user()) || (local_user() != $owner)) { - notice( t('Permission denied.') . EOL); - return; + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } } + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } -// Get the observer, check their permissions - $observer = $a->get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + // Block design features from visitors - $perms = get_all_perms($owner,$ob_hash); + if((! $uid) || ($uid != $owner)) { + notice( t('Permission denied.') . EOL); + return; + } - if(! $perms['write_pages']) { - notice( t('Permission denied.') . EOL); - return; - } + if(feature_enabled($owner,'expert')) { + $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + if(! $mimetype) + $mimetype = 'choose'; + } + else { + $mimetype = 'text/bbcode'; + } -// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages -// Nickname is set to the observers xchan, and profile_uid to the owners. -// This lets you post pages at other people's channels. -require_once ('include/conversation.php'); - $x = array( - 'webpage' => ITEM_BUILDBLOCK, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'showacl' => false, - 'visitor' => true, - 'mimetype' => 'choose', - 'ptlabel' => t('Block Name'), - 'profile_uid' => intval($owner), - ); - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; + $x = array( + 'webpage' => ITEM_BUILDBLOCK, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => true, + 'mimetype' => $mimetype, + 'ptlabel' => t('Block Name'), + 'profile_uid' => intval($owner), + ); + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; - $o .= status_editor($a,$x); - //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. -//TODO - this should be replaced with pagelist_widget + $o .= status_editor($a,$x); -$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", - intval($owner) -); + $r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", + intval($owner) + ); - $pages = null; + $pages = null; - if($r) { - $pages = array(); - foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); - } - } + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } + //Build the base URL for edit links + $url = z_root() . '/editblock/' . $which; -//Build the base URL for edit links - $url = z_root() . "/editblock/" . $which; -// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). - return $o . replace_macros(get_markup_template("blocklist.tpl"), array( + $o .= replace_macros(get_markup_template('blocklist.tpl'), array( '$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1', - - )); + )); - + return $o; } diff --git a/mod/editblock.php b/mod/editblock.php index 3b6ce4bbf..c58a93410 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -1,50 +1,92 @@ <?php +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); -function editblock_content(&$a) { +function editblock_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } - if(argc() < 2) { - notice( t('Item not found') . EOL); + if(argc() > 1) + $which = argv(1); + else return; - } - $channel = get_channel_by_nick(argv(1)); + profile_load($a,$which); - if($c) { - $owner = intval($channel['channel_id']); - } +} - $o = ''; +function editblock_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } - // Figure out which post we're editing - $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - if(! ($post_id && $channel)) { - notice( t('Item not found') . EOL); - return; + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - // Now we've got a post and an owner, let's find out if we're allowed to edit it + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'write_pages')) { + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! ($post_id && $owner)) { + notice( t('Item not found') . EOL); + return; + } + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), - intval($channel['channel_id']) + intval($owner) ); if($itm) { $item_id = q("select * from item_id where service = 'BUILDBLOCK' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $block_title = $item_id[0]['sid']; @@ -57,10 +99,6 @@ function editblock_content(&$a) { $plaintext = true; - // You may or may not be a local user. -// if(local_user() && feature_enabled(local_user(),'richtext')) -// $plaintext = false; - $mimeselect = ''; $mimetype = $itm[0]['mimetype']; @@ -79,11 +117,11 @@ function editblock_content(&$a) { $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => $a->get_baseurl(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => '', - '$nickname' => $channel['channel_address'], + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => '', + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete block?') )); @@ -96,79 +134,70 @@ function editblock_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); - - // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. - //So, send folk to the webpage list. - $rp = 'blocks/' . $channel['channel_address']; $o .= replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_BUILDBLOCK, - '$share' => t('Edit'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$mimeselect' => $mimeselect, - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Set title'), - '$pagetitle' => $block_title, - '$category' => '', + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_BUILDBLOCK, + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$mimeselect' => $mimeselect, + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Set title'), + '$pagetitle' => $block_title, + '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($channel['channel_id'])), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), - '$jotplugins' => $jotplugins, - '$sourceapp' => $itm[0]['app'], - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($channel['channel_id'])), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => $itm[0]['app'], + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="block-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Block') . '</a><br />'; $x = array( - 'type' => 'block', - 'title' => $itm[0]['title'], - 'body' => $itm[0]['body'], - 'term' => $itm[0]['term'], - 'created' => $itm[0]['created'], - 'edited' => $itm[0]['edited'], - 'mimetype' => $itm[0]['mimetype'], + 'type' => 'block', + 'title' => $itm[0]['title'], + 'body' => $itm[0]['body'], + 'term' => $itm[0]['term'], + 'created' => $itm[0]['created'], + 'edited' => $itm[0]['edited'], + 'mimetype' => $itm[0]['mimetype'], 'pagetitle' => $page_title, - 'mid' => $itm[0]['mid'] + 'mid' => $itm[0]['mid'] ); $o .= EOL . EOL . t('Share') . EOL . '<textarea onclick="this.select();" class="shareable_element_text" >[element]' . base64url_encode(json_encode($x)) . '[/element]</textarea>' . EOL . EOL; - return $o; } diff --git a/mod/editlayout.php b/mod/editlayout.php index 27e6ef410..94e2e628c 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -60,14 +60,11 @@ function editlayout_content(&$a) { $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($owner,$ob_hash); - - if(! $perms['write_pages']) { + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } - $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 8181415b8..2acb3bd84 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -60,14 +60,11 @@ function editwebpage_content(&$a) { $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($owner,$ob_hash); - - if(! $perms['write_pages']) { + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } - $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; |