From d6f98ab88ec147b317bc9266395320e9cc64329a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Jun 2018 21:12:42 -0700 Subject: some work to make menus editable by visitors with webpage write permissions; this needed to revise the link structure so that the page specified an owner channel in the url. Otherwise we could only operate on menus owned by local_channel(). Have done some basic regression testing but have not yet fully tested guest editing functionality. --- Zotlabs/Module/Menu.php | 117 +++++++++++++++++++++++++++++++++++----------- Zotlabs/Module/Mitem.php | 99 +++++++++++++++++++++++---------------- view/tpl/design_tools.tpl | 2 +- view/tpl/menuedit.tpl | 2 +- view/tpl/menulist.tpl | 6 +-- view/tpl/mitemedit.tpl | 2 +- view/tpl/mitemlist.tpl | 4 +- 7 files changed, 157 insertions(+), 75 deletions(-) diff --git a/Zotlabs/Module/Menu.php b/Zotlabs/Module/Menu.php index 1dec65c1f..1687a4414 100644 --- a/Zotlabs/Module/Menu.php +++ b/Zotlabs/Module/Menu.php @@ -7,18 +7,36 @@ require_once('include/channel.php'); class Menu extends \Zotlabs\Web\Controller { + function init() { - if (array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); - if ($sys && intval($sys['channel_id'])) { + if($sys && intval($sys['channel_id'])) { \App::$is_sys = true; } } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($which); + } + - function post() { + function post() { - $uid = local_channel(); + if(! \App::$profile) { + return; + } + + $which = argv(1); + + + $uid = \App::$profile['channel_id']; if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { $sys = get_sys_channel(); @@ -43,7 +61,7 @@ class Menu extends \Zotlabs\Web\Controller { if($r) { menu_sync_packet($uid,get_observer_hash(),$menu_id); //info( t('Menu updated.') . EOL); - goaway(z_root() . '/mitem/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu.'). EOL); @@ -54,7 +72,7 @@ class Menu extends \Zotlabs\Web\Controller { menu_sync_packet($uid,get_observer_hash(),$r); //info( t('Menu created.') . EOL); - goaway(z_root() . '/mitem/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to create menu.'). EOL); @@ -67,27 +85,71 @@ class Menu extends \Zotlabs\Web\Controller { function get() { + + + if(! \App::$profile) { + notice( t('Requested profile is not available.') . EOL ); + \App::$error = 404; + return; + } + + $which = argv(1); + + $_SESSION['return_url'] = \App::$query_string; + $uid = local_channel(); - - if (\App::$is_sys && is_site_admin()) { + $owner = 0; + $channel = null; + $observer = \App::get_observer(); + + $channel = \App::get_channel(); + + if(\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); - $uid = intval($sys['channel_id']); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - - if(! $uid) { + + if(! $owner) { + // Figure out who the page owner is. + $r = channelx_by_nick($which); + if($r) { + $owner = intval($r['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { notice( t('Permission denied.') . EOL); - return ''; + return; } + + // Get the observer, check their permissions + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + if(argc() == 2) { - if(argc() == 1) { - - $channel = (($sys) ? $sys : \App::get_channel()); + $channel = (($sys) ? $sys : channelx_by_n($owner)); // list menus - $x = menu_list($uid); + $x = menu_list($owner); if($x) { for($y = 0; $y < count($x); $y ++) { - $m = menu_fetch($x[$y]['menu_name'],$uid,get_observer_hash()); + $m = menu_fetch($x[$y]['menu_name'],$owner,get_observer_hash()); if($m) $x[$y]['element'] = '[element]' . base64url_encode(json_encode(menu_element($channel,$m))) . '[/element]'; $x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false); @@ -100,6 +162,7 @@ class Menu extends \Zotlabs\Web\Controller { '$menu_bookmark' => array('menu_bookmark', t('Allow Bookmarks'), 0 , t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))), '$submit' => t('Submit and proceed'), '$sys' => \App::$is_sys, + '$nick' => $which, '$display' => 'none' )); @@ -119,6 +182,7 @@ class Menu extends \Zotlabs\Web\Controller { '$hintdrop' => t('Delete this menu'), '$hintcontent' => t('Edit menu contents'), '$hintedit' => t('Edit this menu'), + '$nick' => $which, '$sys' => \App::$is_sys )); @@ -126,19 +190,19 @@ class Menu extends \Zotlabs\Web\Controller { } - if(argc() > 1) { - if(intval(argv(1))) { + if(argc() > 2) { + if(intval(argv(2))) { - if(argc() == 3 && argv(2) == 'drop') { - menu_sync_packet($uid,get_observer_hash(),intval(argv(1)),true); - $r = menu_delete_id(intval(argv(1)),$uid); + if(argc() == 4 && argv(3) == 'drop') { + menu_sync_packet($owner,get_observer_hash(),intval(argv(1)),true); + $r = menu_delete_id(intval(argv(2)),$owner); if(!$r) notice( t('Menu could not be deleted.'). EOL); - goaway(z_root() . '/menu' . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } - $m = menu_fetch_id(intval(argv(1)),$uid); + $m = menu_fetch_id(intval(argv(2)),$owner); if(! $m) { notice( t('Menu not found.') . EOL); @@ -148,14 +212,15 @@ class Menu extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('menuedit.tpl'), array( '$header' => t('Edit Menu'), '$sys' => \App::$is_sys, - '$menu_id' => intval(argv(1)), - '$menu_edit_link' => 'mitem/' . intval(argv(1)) . ((\App::$is_sys) ? '?f=&sys=1' : ''), + '$menu_id' => intval(argv(2)), + '$menu_edit_link' => 'mitem/' . $which . '/' . intval(argv(1)) . ((\App::$is_sys) ? '?f=&sys=1' : ''), '$hintedit' => t('Add or remove entries to this menu'), '$editcontents' => t('Edit menu contents'), '$menu_name' => array('menu_name', t('Menu name'), $m['menu_name'], t('Must be unique, only seen by you'), '*'), '$menu_desc' => array('menu_desc', t('Menu title'), $m['menu_desc'], t('Menu title as seen by others'), ''), '$menu_bookmark' => array('menu_bookmark', t('Allow bookmarks'), (($m['menu_flags'] & MENU_BOOKMARK) ? 1 : 0), t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))), '$menu_system' => (($m['menu_flags'] & MENU_SYSTEM) ? 1 : 0), + '$nick' => $which, '$submit' => t('Submit and proceed') )); diff --git a/Zotlabs/Module/Mitem.php b/Zotlabs/Module/Mitem.php index 28f51b81b..ac7470e13 100644 --- a/Zotlabs/Module/Mitem.php +++ b/Zotlabs/Module/Mitem.php @@ -8,22 +8,25 @@ require_once('include/acl_selectors.php'); class Mitem extends \Zotlabs\Web\Controller { function init() { - - $uid = local_channel(); - - if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); - $uid = intval($sys['channel_id']); - \App::$is_sys = true; + if($sys && intval($sys['channel_id'])) { + \App::$is_sys = true; + } } - - if(! $uid) + + if(argc() > 1) + $which = argv(1); + else return; + + profile_load($which); - if(argc() < 2) + if(argc() < 3) return; - $m = menu_fetch_id(intval(argv(1)),$uid); + $m = menu_fetch_id(intval(argv(2)),\App::$profile['channel_id']); if(! $m) { notice( t('Menu not found.') . EOL); return ''; @@ -32,19 +35,27 @@ class Mitem extends \Zotlabs\Web\Controller { } - function post() { + function post() { - $uid = local_channel(); + if(! \App::$profile) { + return; + } + + $which = argv(1); + + + $uid = \App::$profile['channel_id']; - if(\App::$is_sys && is_site_admin()) { + if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { $sys = get_sys_channel(); $uid = intval($sys['channel_id']); + \App::$is_sys = true; } - if(! $uid) { + if(! $uid) return; - } - + + if(! \App::$data['menu']) return; @@ -63,14 +74,14 @@ class Mitem extends \Zotlabs\Web\Controller { $_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN; - $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); + $mitem_id = ((argc() > 3) ? intval(argv(3)) : 0); if($mitem_id) { $_REQUEST['mitem_id'] = $mitem_id; $r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']); //info( t('Menu element updated.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu element.') . EOL); @@ -82,10 +93,10 @@ class Mitem extends \Zotlabs\Web\Controller { menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']); //info( t('Menu element added.') . EOL); if($_REQUEST['submit']) { - goaway(z_root() . '/menu' . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } if($_REQUEST['submit-more']) { - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') ); + goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') ); } } else @@ -96,12 +107,15 @@ class Mitem extends \Zotlabs\Web\Controller { } - function get() { + function get() { $uid = local_channel(); - $channel = \App::get_channel(); + $owner = \App::$profile['channel_id']; + $channel = channelx_by_n($owner); $observer = \App::get_observer(); - + + $which = argv(1); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); if(\App::$is_sys && is_site_admin()) { @@ -116,15 +130,15 @@ class Mitem extends \Zotlabs\Web\Controller { return ''; } - if(argc() < 2 || (! \App::$data['menu'])) { + if(argc() < 3 || (! \App::$data['menu'])) { notice( t('Not found.') . EOL); return ''; } - $m = menu_fetch(\App::$data['menu']['menu_name'],$uid,$ob_hash); + $m = menu_fetch(\App::$data['menu']['menu_name'],$owner,$ob_hash); \App::$data['menu_item'] = $m; - $menu_list = menu_list($uid); + $menu_list = menu_list($owner); foreach($menu_list as $menus) { if($menus['menu_name'] != $m['menu']['menu_name']) @@ -135,10 +149,10 @@ class Mitem extends \Zotlabs\Web\Controller { $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); - if(argc() == 2) { + if(argc() == 3) { $r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc", intval(\App::$data['menu']['menu_id']), - intval($uid) + intval($owner) ); if($_GET['display']) { @@ -167,6 +181,7 @@ class Mitem extends \Zotlabs\Web\Controller { '$display' => $display, '$lockstate' => $lockstate, '$menu_names' => $menu_names, + '$nick' => $which, '$sys' => \App::$is_sys )); @@ -187,40 +202,41 @@ class Mitem extends \Zotlabs\Web\Controller { '$hintnew' => t('Add menu element'), '$hintdrop' => t('Delete this menu item'), '$hintedit' => t('Edit this menu item'), + '$nick' => $which, )); return $o; } - if(argc() > 2) { - - if(intval(argv(2))) { + if(argc() > 3) { + + if(intval(argv(3))) { $m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1", - intval(argv(2)), - intval($uid) + intval(argv(3)), + intval($owner) ); if(! $m) { notice( t('Menu item not found.') . EOL); - goaway(z_root() . '/menu'. ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/menu/'. $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } $mitem = $m[0]; $lockstate = (($mitem['allow_cid'] || $mitem['allow_gid'] || $mitem['deny_cid'] || $mitem['deny_gid']) ? 'lock' : 'unlock'); - if(argc() == 4 && argv(3) == 'drop') { - menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']); - $r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2))); - menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']); + if(argc() == 5 && argv(4) == 'drop') { + menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']); + $r = menu_del_item($mitem['mitem_menu_id'], $owner, intval(argv(3))); + menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']); if($r) info( t('Menu item deleted.') . EOL); else notice( t('Menu item could not be deleted.'). EOL); - goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); } // edit menu item @@ -234,7 +250,7 @@ class Mitem extends \Zotlabs\Web\Controller { '$allow_gid' => acl2json($mitem['allow_gid']), '$deny_cid' => acl2json($mitem['deny_cid']), '$deny_gid' => acl2json($mitem['deny_gid']), - '$mitem_id' => intval(argv(2)), + '$mitem_id' => intval(argv(3)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('Link or Submenu Target'), $mitem['mitem_link'], 'Enter URL of the link or select a menu name to create a submenu', '*', 'list="menu-names"'), '$usezid' => array('usezid', t('Use magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), '', array(t('No'), t('Yes'))), @@ -242,7 +258,8 @@ class Mitem extends \Zotlabs\Web\Controller { '$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')), '$submit' => t('Submit'), '$lockstate' => $lockstate, - '$menu_names' => $menu_names + '$menu_names' => $menu_names, + '$nick' => $which )); return $o; diff --git a/view/tpl/design_tools.tpl b/view/tpl/design_tools.tpl index bc7d46dc1..b4657cb7f 100644 --- a/view/tpl/design_tools.tpl +++ b/view/tpl/design_tools.tpl @@ -2,7 +2,7 @@

{{$title}}

{{$blocks}} - {{$menus}} + {{$menus}} {{$layout}} {{$pages}}
diff --git a/view/tpl/menuedit.tpl b/view/tpl/menuedit.tpl index 84b16dc0b..3558bdbaa 100644 --- a/view/tpl/menuedit.tpl +++ b/view/tpl/menuedit.tpl @@ -11,7 +11,7 @@ {{/if}}
-
{{/if}}
- + {{if $mitem_id}} diff --git a/view/tpl/mitemlist.tpl b/view/tpl/mitemlist.tpl index b28cdfc7e..1e6302868 100644 --- a/view/tpl/mitemlist.tpl +++ b/view/tpl/mitemlist.tpl @@ -24,8 +24,8 @@ {{$m.mitem_desc}} {{$m.mitem_link}} {{if $m.allow_cid || $m.allow_gid || $m.deny_cid || $m.deny_gid}}{{/if}} - - + + {{/foreach}} -- cgit v1.2.3