diff options
| author | Christian Hofmaier | 2017-11-21 17:28:11 +0100 |
|---|---|---|
| committer | Christian Hofmaier | 2017-11-21 17:28:11 +0100 |
| commit | 7cbf43d4082f06eb2cc6fda47b356bbb8d1604b9 (patch) | |
| tree | baad8cc0b7259cbba11eb1f035534ea563ca13c2 /modules-available/news | |
| parent | [permissionmanager] added key relationships to install script; (diff) | |
| download | slx-admin-7cbf43d4082f06eb2cc6fda47b356bbb8d1604b9.tar.gz slx-admin-7cbf43d4082f06eb2cc6fda47b356bbb8d1604b9.tar.xz slx-admin-7cbf43d4082f06eb2cc6fda47b356bbb8d1604b9.zip | |
[news] reworked permission system from "click and you get error" to "button is disabled due to lack of permission"
Diffstat (limited to 'modules-available/news')
| -rw-r--r-- | modules-available/news/page.inc.php | 54 | ||||
| -rw-r--r-- | modules-available/news/templates/page-news.html | 8 |
2 files changed, 23 insertions, 39 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index d6ad03dd..920b9861 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -64,30 +64,20 @@ class Page_News extends Page $pageType = Request::post('news-type'); if ($pageType == 'news') { - if(User::hasPermission("news.save")) { - if (!$this->saveNews()) { - // re-set the fields we got - Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; - Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; - } else { - Message::addSuccess('news-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if (!$this->saveNews()) { + // re-set the fields we got + Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; + Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; } else { - Message::addError('main.no-permission'); - Util::redirect('?do=news'); + Message::addSuccess('news-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); } } elseif ($pageType == 'help') { - if(User::hasPermission("help.save")) { - if ($this->saveHelp()) { - Message::addSuccess('help-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } - } else { - Message::addError('main.no-permission'); - Util::redirect('?do=news'); + if ($this->saveHelp()) { + Message::addSuccess('help-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); } } } elseif ($action === 'delete') { @@ -95,21 +85,11 @@ class Page_News extends Page $pageType = Request::post('news-type'); if ($pageType == 'news') { - if (User::hasPermission("news.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } else { - Message::addError('main.no-permission'); - Util::redirect('?do=news'); - } + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); } elseif ($pageType == 'help') { - if (User::hasPermission("help.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } else { - Message::addError('main.no-permission'); - Util::redirect('?do=news'); - } + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); } } else { // unknown action, redirect user @@ -159,6 +139,10 @@ class Page_News extends Page 'editHelp' => $this->editHelp, 'list' => $lines, 'listHelp' => $linesHelp, + 'allowedNewsSave' => User::hasPermission("news.save"), + 'allowedNewsDelete' => User::hasPermission("news.delete"), + 'allowedHelpSave' => User::hasPermission("help.save"), + 'allowedHelpDelete' => User::hasPermission("help.delete"), 'hasSummernote' => $this->hasSummernote, )); } /** diff --git a/modules-available/news/templates/page-news.html b/modules-available/news/templates/page-news.html index ad1a08c8..6293b62d 100644 --- a/modules-available/news/templates/page-news.html +++ b/modules-available/news/templates/page-news.html @@ -22,7 +22,7 @@ <p>{{lang_latestUpdate}}: {{latestDate}}</p> </div> <div class="text-right col-md-6"> - <button class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{^allowedNewsSave}}disabled{{/allowedNewsSave}} class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </div> @@ -57,7 +57,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="news"> - <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{^allowedNewsDelete}}disabled{{/allowedNewsDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/list}} @@ -77,7 +77,7 @@ <textarea name="help-content" id="help-content-id" class="form-control summernote" style="min-height:400px" placeholder="">{{latestHelp}}</textarea> </div> <div class="text-right"> - <button class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{^allowedHelpSave}}disabled{{/allowedHelpSave}} class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </form> @@ -108,7 +108,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="help"> - <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{^allowedHelpDelete}}disabled{{/allowedHelpDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/listHelp}} |