From 49a392942cbea18432c44f227804e3cc8f5d79b0 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 14 Nov 2013 14:19:20 -0800 Subject: acl in webpages and a couple of other little bits related to webpages - sort the list of pages by last edited and use prepare_body() so we get private stuff (and attachments, categories, etc.) formatted correctly --- mod/page.php | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) (limited to 'mod/page.php') diff --git a/mod/page.php b/mod/page.php index 452341cb1..403016eb2 100644 --- a/mod/page.php +++ b/mod/page.php @@ -53,20 +53,38 @@ function page_content(&$a) { else $revision = " order by revision desc "; + require_once('include/security.php'); + $sql_options = item_permissions_sql($u[0]['channel_id']); $r = q("select item.* from item left join item_id on item.id = item_id.iid where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and - item_restrict = %d $revision limit 1", + item_restrict = %d $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE) ); if(! $r) { - notice( t('Item not found.') . EOL); + + // Check again with no permissions clause to see if it is a permissions issue + + $x = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and + item_restrict = %d $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_WEBPAGE) + ); + if($x) { + // Yes, it's there. You just aren't allowed to see it. + notice( t('Permission denied.') . EOL); + } + else { + notice( t('Page not found.') . EOL); + } return; } -dbg(1); + if($r[0]['layout_mid']) { $l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), @@ -78,12 +96,11 @@ dbg(1); comanche_parser(get_app(),$l[0]['body']); } } -dbg(0); -logger('layout: ' . print_r($a->layout,true)); + // logger('layout: ' . print_r($a->layout,true)); - // Use of widgets should be determined by Comanche, but we don't have it yet, so... + // Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so... if ($perms['write_pages']) { $chan = $a->channel['channel_id']; @@ -95,7 +112,7 @@ logger('layout: ' . print_r($a->layout,true)); xchan_query($r); $r = fetch_post_tags($r,true); - $o .= prepare_page($r[0]); + $o .= prepare_body($r[0],true); return $o; } -- cgit v1.2.3