diff options
author | Simon Rettberg | 2018-02-14 15:00:21 +0100 |
---|---|---|
committer | Simon Rettberg | 2018-02-14 15:00:21 +0100 |
commit | 43f8d697965354855af0988a88242885c734ae3a (patch) | |
tree | f4b401caf47ef61762970179974b7d55d2a58563 /modules-available/news | |
parent | [minilinux] Use new permission helpers (diff) | |
download | slx-admin-43f8d697965354855af0988a88242885c734ae3a.tar.gz slx-admin-43f8d697965354855af0988a88242885c734ae3a.tar.xz slx-admin-43f8d697965354855af0988a88242885c734ae3a.zip |
[news] Use permission helpers; make inputs readonly if no permission to edit
Diffstat (limited to 'modules-available/news')
-rw-r--r-- | modules-available/news/page.inc.php | 80 | ||||
-rw-r--r-- | modules-available/news/templates/page-news.html | 15 |
2 files changed, 46 insertions, 49 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index 399fc307..f6f3d251 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -71,41 +71,37 @@ class Page_News extends Page /* find out whether it's news or help */ $pageType = Request::post('news-type'); - if ($pageType == 'news') { - if (User::hasPermission("news.save")) { - if (!$this->saveNews()) { - // re-set the fields we got - Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; - Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; - } else { - Message::addSuccess('news-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if ($pageType === 'news') { + User::assertPermission("news.save"); + if (!$this->saveNews()) { + // re-set the fields we got + $this->newsTitle = Request::post('news-title', false, 'string'); + $this->newsContent = Request::post('news-content', false, 'string'); + } else { + Message::addSuccess('news-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); } - } elseif ($pageType == 'help') { - if (User::hasPermission("help.save")) { - if ($this->saveHelp()) { - Message::addSuccess('help-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + } elseif ($pageType === 'help') { + User::assertPermission("help.save"); + if ($this->saveHelp()) { + Message::addSuccess('help-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); } } } elseif ($action === 'delete') { // delete it $pageType = Request::post('news-type'); - if ($pageType == 'news') { - if(User::hasPermission("news.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } - } elseif ($pageType == 'help') { - if(User::hasPermission("help.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } + if ($pageType === 'news') { + User::assertPermission("news.delete"); + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + } elseif ($pageType === 'help') { + User::assertPermission("help.delete"); + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); } } else { // unknown action, redirect user @@ -146,20 +142,20 @@ class Page_News extends Page $linesHelp[] = $row; } - $paginate->render('page-news', array( - 'token' => Session::get('token'), - 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'), - 'latestContent' => $this->newsContent, - 'latestTitle' => $this->newsTitle, - 'latestHelp' => $this->helpContent, - 'editHelp' => $this->editHelp, - 'list' => $lines, - 'listHelp' => $linesHelp, - 'allowedNewsSave' => User::hasPermission("news.save"), - 'allowedNewsDelete' => User::hasPermission("news.delete"), - 'allowedHelpSave' => User::hasPermission("help.save"), - 'allowedHelpDelete' => User::hasPermission("help.delete"), - 'hasSummernote' => $this->hasSummernote, )); + $data = array( + 'token' => Session::get('token'), + 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'), + 'latestContent' => $this->newsContent, + 'latestTitle' => $this->newsTitle, + 'latestHelp' => $this->helpContent, + 'editHelp' => $this->editHelp, + 'list' => $lines, + 'listHelp' => $linesHelp, + 'hasSummernote' => $this->hasSummernote, + ); + Permission::addGlobalTags($data['perms'], null, ['news.save', 'news.delete', 'help.save', 'help.delete']); + + $paginate->render('page-news', $data); } /** * Loads the news with the given ID into the form. diff --git a/modules-available/news/templates/page-news.html b/modules-available/news/templates/page-news.html index 6293b62d..fde95781 100644 --- a/modules-available/news/templates/page-news.html +++ b/modules-available/news/templates/page-news.html @@ -11,18 +11,18 @@ <p>{{lang_newsIntro}}</p> <div class="form-group"> <label for="news-title-id">{{lang_title}}</label> - <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="{{welcome}}" value="{{latestTitle}}"> + <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="{{welcome}}" value="{{latestTitle}}" {{perms.news.save.readonly}}> </div> <div class="form-group"> <label for="news-content-id">{{lang_content}}</label> - <textarea name="news-content" id ="news-content-id" class="form-control summernote" rows="5" cols="30" placeholder="">{{latestContent}}</textarea> + <textarea name="news-content" id ="news-content-id" class="form-control summernote" rows="5" cols="30" {{perms.news.save.readonly}}>{{latestContent}}</textarea> </div> <div class="row"> <div class="text-left col-md-6"> <p>{{lang_latestUpdate}}: {{latestDate}}</p> </div> <div class="text-right col-md-6"> - <button {{^allowedNewsSave}}disabled{{/allowedNewsSave}} class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{perms.news.save.disabled}} class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </div> @@ -57,7 +57,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="news"> - <button {{^allowedNewsDelete}}disabled{{/allowedNewsDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{perms.news.delete.disabled}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/list}} @@ -74,10 +74,10 @@ <div class="form-group"> <br/> <label for="news-content-id">{{lang_content}}</label> - <textarea name="help-content" id="help-content-id" class="form-control summernote" style="min-height:400px" placeholder="">{{latestHelp}}</textarea> + <textarea name="help-content" id="help-content-id" class="form-control summernote" style="min-height:400px" {{perms.help.save.readonly}}>{{latestHelp}}</textarea> </div> <div class="text-right"> - <button {{^allowedHelpSave}}disabled{{/allowedHelpSave}} class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{perms.help.save.disabled}} class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </form> @@ -108,7 +108,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="help"> - <button {{^allowedHelpDelete}}disabled{{/allowedHelpDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{perms.help.delete.disabled}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/listHelp}} @@ -129,5 +129,6 @@ document.addEventListener("DOMContentLoaded", function () { $button.click(); } }); + $('.summernote[readonly]').each(function() { $(this).summernote('disable'); }); }, false); // --></script>
\ No newline at end of file |