diff options
-rw-r--r-- | modules/news.inc.php | 58 | ||||
-rw-r--r-- | templates/page-news.html | 111 |
2 files changed, 80 insertions, 89 deletions
diff --git a/modules/news.inc.php b/modules/news.inc.php index 4ec6fddd..3b7ef2bc 100644 --- a/modules/news.inc.php +++ b/modules/news.inc.php @@ -12,48 +12,39 @@ class Page_News extends Page // load user, we will need it later User::load(); - // get the newsid given per GET - $newsId = Request::get('newsid'); - if ($newsId !== false) $this->newsId = $newsId; + // only admins should be able to edit news + if (!User::hasPermission('superadmin')) { + Message::addError('no-permission'); + return; + } // check which action we need to do $action = Request::any('action', 'show'); if ($action === 'show') { // show news - $this->showNews(); + if (!$this->loadNews(Request::any('newsid'))) { + Message::addError('news-empty'); + } } elseif ($action === 'save') { // save to DB $this->saveNews(); } elseif ($action === 'delete') { // delete it - $this->delNews(); + $this->delNews(Request::post('newsid')); } else { Message::addError('invalid-action', $action); + Util::redirect('?do=News'); } } protected function doRender() { - // user must be logged in - if (!User::isLoggedIn()) { - Render::addTemplate('page-main-guest'); - return; - } - - // only admins should be able to edit news - if (!User::hasPermission('superadmin')) { - Message::addError('no-permission'); - return; - } - - // prepare the list of the older news $lines = array(); $paginate = new Paginate("SELECT newsid, dateline, title, content FROM news ORDER BY dateline DESC", 10); $res = $paginate->exec(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $day = date('d.m.Y', $row['dateline']); - $row['date'] = $day . date(' H:i', $row['dateline']); + $row['date'] = date('d.m.Y H:i', $row['dateline']); if ($row['newsid'] == $this->newsId) $row['active'] = "active"; $lines[] = $row; @@ -61,7 +52,7 @@ class Page_News extends Page $paginate->render('page-news', array( 'token' => Session::get('token'), - 'latestDate' => date('Y-m-d H:i:s (T)', $this->newsDate), + 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'), 'latestContent' => $this->newsContent, 'latestTitle' => $this->newsTitle, 'list' => $lines @@ -69,12 +60,12 @@ class Page_News extends Page } - private function showNews() + private function loadNews($newsId) { // check to see if we need to request a specific newsid - if ($this->newsId !== false) { + if ($newsId !== false) { $row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news WHERE newsid = :newsid LIMIT 1", array( - 'newsid' => $this->newsId + 'newsid' => $newsId )); } else { $row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news ORDER BY dateline DESC LIMIT 1"); @@ -82,13 +73,12 @@ class Page_News extends Page // fetch the news to be shown if ($row !== false) { + $this->newsId = $row['newsid']; $this->newsTitle = $row['title']; $this->newsContent = $row['content']; $this->newsDate = $row['dateline']; - } else { - Message::addError('news-empty'); } - + return $row !== false; } private function saveNews() @@ -109,12 +99,16 @@ class Page_News extends Page } } - private function delNews() + private function delNews($newsId) { - Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array( - 'newsid' => $this->newsId - )); - Message::addSuccess('news-del-success'); + if (!is_numeric($newsId)) { + Message::addError('value-invalid', 'newsid', $newsId); + } else { + Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array( + 'newsid' => $newsId + )); + Message::addSuccess('news-del-success'); + } Util::redirect('?do=News'); } diff --git a/templates/page-news.html b/templates/page-news.html index b8d575a1..00b4ea01 100644 --- a/templates/page-news.html +++ b/templates/page-news.html @@ -1,62 +1,59 @@ -<p>Hier haben Sie die Möglichkeit, die von bwLehrpool-Clients angezeigten News zu editieren.</p> -<div class="panel panel-default"> -<div class="panel-heading"> - <label>Aktive News</label> -</div> -<div class="panel-body"> -<form action="?do=News&action=save" method="post"> - <div class="form-group"> - <div class="panel panel-default"> - <div class="panel-heading"> - <label for="news-title-id">Titel</label> - </div> - <div class="panel-body"> - <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="Willkommen!" value="{{latestTitle}}"> - </div> +<div class="container"> + <p>Hier haben Sie die Möglichkeit, die von bwLehrpool-Clients angezeigten News zu editieren.</p> + <div class="panel panel-default"> + <div class="panel-heading"> + Aktive News </div> - <div class="panel panel-default"> - <div class="panel-heading"> - <label for="news-content-id">Inhalt</label> - </div> - <div class="panel-body"> - <textarea name="news-content" id ="news-content-id" class="form-control" rows="5" cols="30" placeholder="Willkommen beim bwLehrpool-System!">{{latestContent}}</textarea> - </div> + <div class="panel-body"> + <form action="?do=News&action=save" method="post"> + <div class="form-group"> + <label for="news-title-id">Titel</label> + <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="Willkommen!" value="{{latestTitle}}"> + </div> + <div class="form-group"> + <label for="news-content-id">Inhalt</label> + <textarea name="news-content" id ="news-content-id" class="form-control" rows="5" cols="30" placeholder="Willkommen beim bwLehrpool-System!">{{latestContent}}</textarea> + </div> + <p>Letzte Aktualisierung: {{latestDate}}</p> + <button class="btn btn-primary btn-sm" type="submit">Speichern</button> + <input type="hidden" name="token" value="{{token}}"> + </form> </div> </div> - <div>Letzte Aktualisierung: {{latestDate}}</div> - <br> - <button class="btn btn-primary btn-sm" type="submit">Speichern</button> - <input type="hidden" name="token" value="{{token}}"> -</form> -</div> -</div> -<div class="panel panel-default"> -<div class="panel-heading"> - <label>Alte News</label> -</div> -<div class="panel-body"> -<div class="table-responsive"> -<table class="table table-stripped table-condensed"> - <thead> - <th class="col-sm-2">Datum</th> - <th class="col-sm-2">Titel</th> - <th class="col-sm-8">Inhalt</th> - <th></th> - <th></th> - </thead> - <tbody> - {{#list}} - <tr {{#active}}class="active"{{/active}}> - <td class="text-left" nowrap="nowrap">{{date}}</td> - <td>{{title}}</td> - <td>{{content}}</td> - <td><a class="btn btn-primary btn-sm glyphicon glyphicon-share-alt" href="?do=news&newsid={{newsid}}&action=show"> Übernehmen</a></td> - <td><a class="btn btn-danger btn-sm glyphicon glyphicon-remove" href="?do=news&newsid={{newsid}}&action=delete"> Löschen</a></td> - </tr> - {{/list}} - </tbody> -</table> -</div> -</div> + <div class="panel panel-default"> + <div class="panel-heading"> + Alte News + </div> + <div class="panel-body"> + <div class="table-responsive"> + <form method="post" action="?do=News&action=delete"> + <input type="hidden" name="token" value="{{token}}"> + <table class="table table-stripped table-condensed"> + <thead> + <tr> + <th>Datum</th> + <th>Titel</th> + <th>Inhalt</th> + <th></th> + </tr> + </thead> + <tbody> + {{#list}} + <tr {{#active}}class="active"{{/active}}> + <td class="text-left nowrap">{{date}}</td> + <td>{{title}}</td> + <td>{{content}}</td> + <td> + <a class="btn btn-primary btn-xs" href="?do=news&newsid={{newsid}}&action=show"><span class="glyphicon glyphicon-share-alt"></span> Verwenden</a> + <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-remove"></span> Löschen</button> + </td> + </tr> + {{/list}} + </tbody> + </table> + </form> + </div> + </div> + </div> </div>
\ No newline at end of file |