summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2018-02-14 15:01:06 +0100
committerSimon Rettberg2018-02-14 15:01:06 +0100
commit85e5217168b291c08a36c93b27488545e0e13967 (patch)
tree0dee936188acb3b89576e75f82c32e883544a602
parent[news] Use permission helpers; make inputs readonly if no permission to edit (diff)
downloadslx-admin-85e5217168b291c08a36c93b27488545e0e13967.tar.gz
slx-admin-85e5217168b291c08a36c93b27488545e0e13967.tar.xz
slx-admin-85e5217168b291c08a36c93b27488545e0e13967.zip
[news] Fix formatting
-rw-r--r--modules-available/news/page.inc.php442
1 files changed, 222 insertions, 220 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php
index f6f3d251..e7b70c0f 100644
--- a/modules-available/news/page.inc.php
+++ b/modules-available/news/page.inc.php
@@ -26,243 +26,245 @@ class Page_News extends Page
private $editHelp = false;
private $hasSummernote = false;
- /**
- * Implementation of the abstract doPreprocess function.
- *
- * Checks if the user is logged in and processes any
- * action if one was specified in the request.
- */
- protected function doPreprocess()
- {
- /* load summernote module if available */
- $this->hasSummernote = Module::isAvailable('summernote');
+ /**
+ * Implementation of the abstract doPreprocess function.
+ *
+ * Checks if the user is logged in and processes any
+ * action if one was specified in the request.
+ */
+ protected function doPreprocess()
+ {
+ /* load summernote module if available */
+ $this->hasSummernote = Module::isAvailable('summernote');
+
+ // load user, we will need it later
+ User::load();
+ if (!User::isLoggedIn()) {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=Main');
+ }
- // load user, we will need it later
- User::load();
- if (!User::isLoggedIn()) {
- Message::addError('main.no-permission');
- Util::redirect('?do=Main');
- }
+ // check which action we need to do
+ $action = Request::any('action', 'show');
+ if ($action === 'clear') {
+ // clear news input fields
+ // TODO: is this the right way?
+ $this->newsId = false;
+ $this->newsTitle = false;
+ $this->newsContent = false;
+ $this->newsDate = false;
+ } elseif ($action === 'show') {
+ /* load latest things */
+ $this->loadLatest('help');
+ $this->loadLatest('news');
- // check which action we need to do
- $action = Request::any('action', 'show');
- if ($action === 'clear') {
- // clear news input fields
- // TODO: is this the right way?
- $this->newsId = false;
- $this->newsTitle = false;
- $this->newsContent = false;
- $this->newsDate = false;
- } elseif ($action === 'show') {
- /* load latest things */
- $this->loadLatest('help');
- $this->loadLatest('news');
+ /* and also the news (or help) with the given id */
+ if (!$this->loadNews(Request::any('newsid'))) {
+ Message::addError('news-empty');
+ }
- /* and also the news (or help) with the given id */
- if (!$this->loadNews(Request::any('newsid'))) {
- Message::addError('news-empty');
- }
+ if (Request::any('editHelp')) {
+ $this->editHelp = true;
+ }
+ } elseif ($action === 'save') {
+ // save to DB
+ /* find out whether it's news or help */
+ $pageType = Request::post('news-type');
- if (Request::any('editHelp')) {
- $this->editHelp = true;
- }
- } elseif ($action === 'save') {
- // save to DB
- /* find out whether it's news or help */
- $pageType = Request::post('news-type');
+ if ($pageType === 'news') {
+ User::assertPermission("news.save");
+ if (!$this->saveNews()) {
+ // re-set the fields we got
+ $this->newsTitle = Request::post('news-title', false, 'string');
+ $this->newsContent = Request::post('news-content', false, 'string');
+ } else {
+ Message::addSuccess('news-save-success');
+ $lastId = Database::lastInsertId();
+ Util::redirect("?do=News&newsid=$lastId");
+ }
+ } elseif ($pageType === 'help') {
+ User::assertPermission("help.save");
+ if ($this->saveHelp()) {
+ Message::addSuccess('help-save-success');
+ $lastId = Database::lastInsertId();
+ Util::redirect("?do=News&newsid=$lastId");
+ }
+ }
+ } elseif ($action === 'delete') {
+ // delete it
+ $pageType = Request::post('news-type');
- if ($pageType === 'news') {
- User::assertPermission("news.save");
- if (!$this->saveNews()) {
- // re-set the fields we got
- $this->newsTitle = Request::post('news-title', false, 'string');
- $this->newsContent = Request::post('news-content', false, 'string');
- } else {
- Message::addSuccess('news-save-success');
- $lastId = Database::lastInsertId();
- Util::redirect("?do=News&newsid=$lastId");
- }
- } elseif ($pageType === 'help') {
- User::assertPermission("help.save");
- if ($this->saveHelp()) {
- Message::addSuccess('help-save-success');
- $lastId = Database::lastInsertId();
- Util::redirect("?do=News&newsid=$lastId");
- }
- }
- } elseif ($action === 'delete') {
- // delete it
- $pageType = Request::post('news-type');
+ if ($pageType === 'news') {
+ User::assertPermission("news.delete");
+ $this->delNews(Request::post('newsid'));
+ Util::redirect('?do=News&editHelp=' . Request::any('editHelp'));
+ } elseif ($pageType === 'help') {
+ User::assertPermission("help.delete");
+ $this->delNews(Request::post('newsid'));
+ Util::redirect('?do=News&editHelp=' . Request::any('editHelp'));
+ }
+ } else {
+ // unknown action, redirect user
+ Message::addError('invalid-action', $action);
+ }
+ }
+
+ /**
+ * Implementation of the abstract doRender function.
+ *
+ * Fetch the list of news from the database and paginate it.
+ */
+ protected function doRender()
+ {
+ // fetch the list of the older news
+ $lines = array();
+ $paginate = new Paginate("SELECT newsid, dateline, title, content FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC", 10);
+ $res = $paginate->exec();
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $row['date'] = date('d.m.Y H:i', $row['dateline']);
- if ($pageType === 'news') {
- User::assertPermission("news.delete");
- $this->delNews(Request::post('newsid'));
- Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
- } elseif ($pageType === 'help') {
- User::assertPermission("help.delete");
- $this->delNews(Request::post('newsid'));
- Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
- }
- } else {
- // unknown action, redirect user
- Message::addError('invalid-action', $action);
- }
- }
+ if ($row['newsid'] == $this->newsId) {
+ $row['active'] = 'active';
+ }
+ $row['content'] = strip_tags(str_replace('>', '> ', $row['content']));
+ $lines[] = $row;
+ }
+ // fetch the list of the older helps
+ $linesHelp = array();
+ $paginateHelp = new Paginate("SELECT newsid, dateline, content FROM vmchooser_pages WHERE type='help' ORDER BY dateline DESC", 10);
+ $resHelp = $paginateHelp->exec();
+ while ($row = $resHelp->fetch(PDO::FETCH_ASSOC)) {
+ $row['date'] = date('d.m.Y H:i', $row['dateline']);
+ if ($row['newsid'] == $this->newsId) {
+ $row['active'] = 'active';
+ }
+ $row['content'] = strip_tags(str_replace('>', '> ', $row['content']));
+ $linesHelp[] = $row;
+ }
- /**
- * Implementation of the abstract doRender function.
- *
- * Fetch the list of news from the database and paginate it.
- */
- protected function doRender()
- {
- // fetch the list of the older news
- $lines = array();
- $paginate = new Paginate("SELECT newsid, dateline, title, content FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC", 10);
- $res = $paginate->exec();
- while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
- $row['date'] = date('d.m.Y H:i', $row['dateline']);
+ $data = array(
+ 'token' => Session::get('token'),
+ 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'),
+ 'latestContent' => $this->newsContent,
+ 'latestTitle' => $this->newsTitle,
+ 'latestHelp' => $this->helpContent,
+ 'editHelp' => $this->editHelp,
+ 'list' => $lines,
+ 'listHelp' => $linesHelp,
+ 'hasSummernote' => $this->hasSummernote,
+ );
+ Permission::addGlobalTags($data['perms'], null, ['news.save', 'news.delete', 'help.save', 'help.delete']);
- if ($row['newsid'] == $this->newsId) {
- $row['active'] = 'active';
- }
- $row['content'] = strip_tags(str_replace('>', '> ', $row['content']));
- $lines[] = $row;
- }
- // fetch the list of the older helps
- $linesHelp = array();
- $paginateHelp = new Paginate("SELECT newsid, dateline, content FROM vmchooser_pages WHERE type='help' ORDER BY dateline DESC", 10);
- $resHelp = $paginateHelp->exec();
- while ($row = $resHelp->fetch(PDO::FETCH_ASSOC)) {
- $row['date'] = date('d.m.Y H:i', $row['dateline']);
- if ($row['newsid'] == $this->newsId) {
- $row['active'] = 'active';
- }
- $row['content'] = strip_tags(str_replace('>', '> ', $row['content']));
- $linesHelp[] = $row;
- }
+ $paginate->render('page-news', $data);
+ }
- $data = array(
- 'token' => Session::get('token'),
- 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'),
- 'latestContent' => $this->newsContent,
- 'latestTitle' => $this->newsTitle,
- 'latestHelp' => $this->helpContent,
- 'editHelp' => $this->editHelp,
- 'list' => $lines,
- 'listHelp' => $linesHelp,
- 'hasSummernote' => $this->hasSummernote,
- );
- Permission::addGlobalTags($data['perms'], null, ['news.save', 'news.delete', 'help.save', 'help.delete']);
+ /**
+ * Loads the news with the given ID into the form.
+ *
+ * @param int $newsId ID of the news to be shown.
+ *
+ * @return bool true if loading that news worked
+ */
+ private function loadNews($newsId)
+ {
+ // check to see if we need to request a specific newsid
+ if ($newsId !== false) {
+ $row = Database::queryFirst('SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array(
+ 'newsid' => $newsId,
+ ));
+ } else {
+ $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC LIMIT 1");
+ }
- $paginate->render('page-news', $data);
- }
- /**
- * Loads the news with the given ID into the form.
- *
- * @param int $newsId ID of the news to be shown.
- *
- * @return bool true if loading that news worked
- */
- private function loadNews($newsId)
- {
- // check to see if we need to request a specific newsid
- if ($newsId !== false) {
- $row = Database::queryFirst('SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array(
- 'newsid' => $newsId,
- ));
- } else {
- $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC LIMIT 1");
- }
+ // fetch the news to be shown
+ if ($row !== false) {
+ if ($row['type'] == 'news') {
+ $this->newsId = $row['newsid'];
+ $this->newsTitle = $row['title'];
+ $this->newsContent = $row['content'];
+ $this->newsDate = $row['dateline'];
+ $this->editHelp = false;
+ } else {
+ $this->editHelp = true;
+ $this->helpContent = $row['content'];
+ }
+ }
- // fetch the news to be shown
- if ($row !== false) {
- if ($row['type'] == 'news') {
- $this->newsId = $row['newsid'];
- $this->newsTitle = $row['title'];
- $this->newsContent = $row['content'];
- $this->newsDate = $row['dateline'];
- $this->editHelp = false;
- } else {
- $this->editHelp = true;
- $this->helpContent = $row['content'];
- }
- }
+ return $row !== false;
+ }
- return $row !== false;
- }
+ private function loadLatest($type)
+ {
+ $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type=:type ORDER BY dateline DESC LIMIT 1", ['type' => $type]);
+ if ($row !== false) {
+ if ($row['type'] == 'news') {
+ $this->newsId = $row['newsid'];
+ $this->newsTitle = $row['title'];
+ $this->newsContent = $row['content'];
+ $this->newsDate = $row['dateline'];
+ } else {
+ $this->helpContent = $row['content'];
+ }
+ }
+ }
- private function loadLatest($type)
- {
- $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type=:type ORDER BY dateline DESC LIMIT 1", ['type' => $type]);
- if ($row !== false) {
- if ($row['type'] == 'news') {
- $this->newsId = $row['newsid'];
- $this->newsTitle = $row['title'];
- $this->newsContent = $row['content'];
- $this->newsDate = $row['dateline'];
- } else {
- $this->helpContent = $row['content'];
- }
- }
- }
+ /**
+ * Save the given $newsTitle and $newsContent as POST'ed into the database.
+ */
+ private function saveNews()
+ {
+ // check if news content were set by the user
+ $newsTitle = Request::post('news-title');
+ $newsContent = Request::post('news-content');
+ if ($newsContent !== '' && $newsTitle !== '') {
+ // we got title and content, save it to DB
+ Database::exec("INSERT INTO vmchooser_pages (dateline, title, content, type) VALUES (:dateline, :title, :content, 'news')", array(
+ 'dateline' => time(),
+ 'title' => $newsTitle,
+ 'content' => $newsContent,
+ ));
- /**
- * Save the given $newsTitle and $newsContent as POST'ed into the database.
- */
- private function saveNews()
- {
- // check if news content were set by the user
- $newsTitle = Request::post('news-title');
- $newsContent = Request::post('news-content');
- if ($newsContent !== '' && $newsTitle !== '') {
- // we got title and content, save it to DB
- Database::exec("INSERT INTO vmchooser_pages (dateline, title, content, type) VALUES (:dateline, :title, :content, 'news')", array(
- 'dateline' => time(),
- 'title' => $newsTitle,
- 'content' => $newsContent,
- ));
+ return true;
+ } else {
+ Message::addError('main.empty-field');
- return true;
- } else {
- Message::addError('main.empty-field');
+ return false;
+ }
+ }
- return false;
- }
- }
- private function saveHelp()
- {
- $content = Request::post('help-content');
- if ($content !== '') {
- Database::exec("INSERT INTO vmchooser_pages (dateline, content, type) VALUES (:dateline, :content, 'help')", array(
- 'dateline' => time(),
- 'content' => $content,
- ));
+ private function saveHelp()
+ {
+ $content = Request::post('help-content');
+ if ($content !== '') {
+ Database::exec("INSERT INTO vmchooser_pages (dateline, content, type) VALUES (:dateline, :content, 'help')", array(
+ 'dateline' => time(),
+ 'content' => $content,
+ ));
- return true;
- } else {
- Message::addError('main.empty-field');
+ return true;
+ } else {
+ Message::addError('main.empty-field');
- return false;
- }
- }
+ return false;
+ }
+ }
- /**
- * Delete the news entry with ID $newsId.
- *
- * @param int $newsId ID of the entry to be deleted.
- */
- private function delNews($newsId)
- {
- // sanity check: is newsId even numeric?
- if (!is_numeric($newsId)) {
- Message::addError('main.value-invalid', 'newsid', $newsId);
- } else {
- // check passed - do delete
- Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array(
- 'newsid' => $newsId,
- ));
- Message::addSuccess('news-del-success');
- }
- }
+ /**
+ * Delete the news entry with ID $newsId.
+ *
+ * @param int $newsId ID of the entry to be deleted.
+ */
+ private function delNews($newsId)
+ {
+ // sanity check: is newsId even numeric?
+ if (!is_numeric($newsId)) {
+ Message::addError('main.value-invalid', 'newsid', $newsId);
+ } else {
+ // check passed - do delete
+ Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array(
+ 'newsid' => $newsId,
+ ));
+ Message::addSuccess('news-del-success');
+ }
+ }
}