[news] Make nicer

1) Delete via POST
2) Error message if newsId is missing on delete
3) Highlight last news if not editing a specific news entry
4) Fix html syntax (missing <tr> in <thead>)

2 files changed, 80 insertions, 89 deletions

diff --git a/modules/news.inc.php b/modules/news.inc.php
index 4ec6fddd..3b7ef2bc 100644
--- a/modules/news.inc.php
+++ b/modules/news.inc.php
@@ -12,48 +12,39 @@ class Page_News extends Page
 		// load user, we will need it later
 		User::load();
 		
-		// get the newsid given per GET
-		$newsId = Request::get('newsid');
-		if ($newsId !== false) $this->newsId = $newsId;
+		// only admins should be able to edit news
+		if (!User::hasPermission('superadmin')) {
+			Message::addError('no-permission');
+			return;
+		}
 		
 		// check which action we need to do
 		$action = Request::any('action', 'show');
 		if ($action === 'show') {
 			// show news
-			$this->showNews();
+			if (!$this->loadNews(Request::any('newsid'))) {
+				Message::addError('news-empty');
+			}
 		} elseif ($action === 'save') {
 			// save to DB
 			$this->saveNews();
 		} elseif ($action === 'delete') {
 			// delete it
-			$this->delNews();
+			$this->delNews(Request::post('newsid'));
 		} else {
 			Message::addError('invalid-action', $action);
+			Util::redirect('?do=News');
 		}
 	}
 
 	protected function doRender()
 	{
-		// user must be logged in
-		if (!User::isLoggedIn()) {
-			Render::addTemplate('page-main-guest');
-			return;
-		}
-		
-		// only admins should be able to edit news
-		if (!User::hasPermission('superadmin')) {
-			Message::addError('no-permission');
-			return;
-		}
-		
-
 		// prepare the list of the older news
 		$lines = array();
 		$paginate = new Paginate("SELECT newsid, dateline, title, content FROM news ORDER BY dateline DESC", 10);
 		$res = $paginate->exec();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$day = date('d.m.Y', $row['dateline']);
-			$row['date'] = $day . date(' H:i', $row['dateline']);
+			$row['date'] = date('d.m.Y H:i', $row['dateline']);
 			
 			if ($row['newsid'] == $this->newsId) $row['active'] = "active";
 			$lines[] = $row;
@@ -61,7 +52,7 @@ class Page_News extends Page
 		
 		$paginate->render('page-news', array(
 				'token' => Session::get('token'),
-				'latestDate' => date('Y-m-d H:i:s (T)', $this->newsDate),
+				'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'),
 				'latestContent' => $this->newsContent,
 				'latestTitle' => $this->newsTitle,
 				'list'     => $lines
@@ -69,12 +60,12 @@ class Page_News extends Page
 
 	}
 	
-	private function showNews()
+	private function loadNews($newsId)
 	{
 		// check to see if we need to request a specific newsid
-		if ($this->newsId !== false) {
+		if ($newsId !== false) {
 			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news WHERE newsid = :newsid LIMIT 1", array(
-				'newsid' => $this->newsId
+				'newsid' => $newsId
 			));
 		} else {
 			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news ORDER BY dateline DESC LIMIT 1");
@@ -82,13 +73,12 @@ class Page_News extends Page
 		
 		// fetch the news to be shown
 		if ($row !== false) {
+			$this->newsId = $row['newsid'];
 			$this->newsTitle = $row['title'];
 			$this->newsContent = $row['content'];
 			$this->newsDate = $row['dateline'];
-		} else {
-			Message::addError('news-empty');
 		}
-		
+		return $row !== false;
 	}
 
 	private function saveNews()
@@ -109,12 +99,16 @@ class Page_News extends Page
 		}
 	}
 	
-	private function delNews()
+	private function delNews($newsId)
 	{
-		Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array(
-			'newsid' => $this->newsId
-		));
-		Message::addSuccess('news-del-success');
+		if (!is_numeric($newsId)) {
+			Message::addError('value-invalid', 'newsid', $newsId);
+		} else {
+			Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array(
+				'newsid' => $newsId
+			));
+			Message::addSuccess('news-del-success');
+		}
 		Util::redirect('?do=News');
 	}
 
diff --git a/templates/page-news.html b/templates/page-news.html
index b8d575a1..00b4ea01 100644
--- a/templates/page-news.html
+++ b/templates/page-news.html
@@ -1,62 +1,59 @@
-<p>Hier haben Sie die Möglichkeit, die von bwLehrpool-Clients angezeigten News zu editieren.</p>
-<div class="panel panel-default">
-<div class="panel-heading">
-	<label>Aktive News</label>
-</div>
-<div class="panel-body">
-<form action="?do=News&amp;action=save" method="post">
-	<div class="form-group">
-		<div class="panel panel-default">
-			<div class="panel-heading">
-				<label for="news-title-id">Titel</label>
-			</div>
-			<div class="panel-body">
-				<input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="Willkommen!" value="{{latestTitle}}">
-			</div>
+<div class="container">
+	<p>Hier haben Sie die Möglichkeit, die von bwLehrpool-Clients angezeigten News zu editieren.</p>
+	<div class="panel panel-default">
+		<div class="panel-heading">
+			Aktive News
 		</div>
-		<div class="panel panel-default">
-			<div class="panel-heading">
-				<label for="news-content-id">Inhalt</label>
-			</div>
-			<div class="panel-body">
-				<textarea name="news-content" id ="news-content-id" class="form-control" rows="5" cols="30"  placeholder="Willkommen beim bwLehrpool-System!">{{latestContent}}</textarea>
-			</div>
+		<div class="panel-body">
+			<form action="?do=News&amp;action=save" method="post">
+				<div class="form-group">
+					<label for="news-title-id">Titel</label>
+					<input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="Willkommen!" value="{{latestTitle}}">
+				</div>
+				<div class="form-group">
+					<label for="news-content-id">Inhalt</label>
+					<textarea name="news-content" id ="news-content-id" class="form-control" rows="5" cols="30"  placeholder="Willkommen beim bwLehrpool-System!">{{latestContent}}</textarea>
+				</div>
+				<p>Letzte Aktualisierung: {{latestDate}}</p>
+				<button class="btn btn-primary btn-sm" type="submit">Speichern</button>
+				<input type="hidden" name="token" value="{{token}}">
+			</form>
 		</div>
 	</div>
-	<div>Letzte Aktualisierung: {{latestDate}}</div>
-	<br>
-	<button class="btn btn-primary btn-sm" type="submit">Speichern</button>
-	<input type="hidden" name="token" value="{{token}}">
-</form>
-</div>
-</div>
 
-<div class="panel panel-default">
-<div class="panel-heading">
-	<label>Alte News</label>
-</div>
-<div class="panel-body">
-<div class="table-responsive">
-<table class="table table-stripped table-condensed">
-	<thead>
-		<th class="col-sm-2">Datum</th>
-		<th class="col-sm-2">Titel</th>
-		<th class="col-sm-8">Inhalt</th>
-		<th></th>
-		<th></th>
-	</thead>
-	<tbody>
-	{{#list}}
-		<tr {{#active}}class="active"{{/active}}>
-			<td class="text-left" nowrap="nowrap">{{date}}</td>
-			<td>{{title}}</td>
-			<td>{{content}}</td>
-			<td><a class="btn btn-primary btn-sm glyphicon glyphicon-share-alt" href="?do=news&amp;newsid={{newsid}}&amp;action=show"> Übernehmen</a></td>
-			<td><a class="btn btn-danger btn-sm glyphicon glyphicon-remove" href="?do=news&amp;newsid={{newsid}}&amp;action=delete"> Löschen</a></td>
-		</tr>
-	{{/list}}
-	</tbody>
-</table>
-</div>
-</div>
+	<div class="panel panel-default">
+		<div class="panel-heading">
+			Alte News
+		</div>
+		<div class="panel-body">
+			<div class="table-responsive">
+				<form method="post" action="?do=News&amp;action=delete">
+					<input type="hidden" name="token" value="{{token}}">
+					<table class="table table-stripped table-condensed">
+						<thead>
+							<tr>
+								<th>Datum</th>
+								<th>Titel</th>
+								<th>Inhalt</th>
+								<th></th>
+							</tr>
+						</thead>
+						<tbody>
+							{{#list}}
+							<tr {{#active}}class="active"{{/active}}>
+								<td class="text-left nowrap">{{date}}</td>
+								<td>{{title}}</td>
+								<td>{{content}}</td>
+								<td>
+									<a class="btn btn-primary btn-xs" href="?do=news&amp;newsid={{newsid}}&amp;action=show"><span class="glyphicon glyphicon-share-alt"></span> Verwenden</a>
+									<button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-remove"></span> Löschen</button>
+								</td>
+							</tr>
+							{{/list}}
+						</tbody>
+					</table>
+				</form>
+			</div>
+		</div>
+	</div>
 </div>
\ No newline at end of file