diff options
| author | Christian Hofmaier | 2017-09-29 18:00:10 +0200 |
|---|---|---|
| committer | Christian Hofmaier | 2017-09-29 18:00:10 +0200 |
| commit | 707e2af9d1907d4508c01cc10929fb410e565e70 (patch) | |
| tree | 5b244e53f82ef7bcaa05bf8e607a1571cdf2abc0 /modules-available/news/page.inc.php | |
| parent | [baseconfig][baseconfig_partitions_cdn][eventlog][minilinux][permissionmanage... (diff) | |
| download | slx-admin-707e2af9d1907d4508c01cc10929fb410e565e70.tar.gz slx-admin-707e2af9d1907d4508c01cc10929fb410e565e70.tar.xz slx-admin-707e2af9d1907d4508c01cc10929fb410e565e70.zip | |
[news] small design change + implemented new permission system
Diffstat (limited to 'modules-available/news/page.inc.php')
| -rw-r--r-- | modules-available/news/page.inc.php | 65 |
1 files changed, 43 insertions, 22 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index ee377dc4..bf70f1a8 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -32,12 +32,6 @@ class Page_News extends Page // load user, we will need it later User::load(); - // only admins should be able to edit news - if (!User::hasPermission('superadmin')) { - Message::addError('main.no-permission'); - Util::redirect('?do=Main'); - } - // check which action we need to do $action = Request::any('action', 'show'); if ($action === 'clear') { @@ -66,26 +60,53 @@ class Page_News extends Page $pageType = Request::post('news-type'); if ($pageType == 'news') { - if (!$this->saveNews()) { - // re-set the fields we got - Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; - Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; - } else { - Message::addSuccess('news-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if(User::hasPermission("news.save")) { + if (!$this->saveNews()) { + // re-set the fields we got + Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; + Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; + } else { + Message::addSuccess('news-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } } elseif ($pageType == 'help') { - if ($this->saveHelp()) { - Message::addSuccess('help-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if(User::hasPermission("help.save")) { + if ($this->saveHelp()) { + Message::addSuccess('help-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } } } elseif ($action === 'delete') { // delete it - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + $pageType = Request::post('news-type'); + + if ($pageType == 'news') { + if (User::hasPermission("news.delete")) { + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } + } elseif ($pageType == 'help') { + if (User::hasPermission("help.delete")) { + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } + } } else { // unknown action, redirect user Message::addError('invalid-action', $action); |