diff options
-rw-r--r-- | modules-available/news/page.inc.php | 65 | ||||
-rw-r--r-- | modules-available/news/permissions/permissions.json | 6 | ||||
-rw-r--r-- | modules-available/news/templates/page-news.html | 26 |
3 files changed, 66 insertions, 31 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index ee377dc4..bf70f1a8 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -32,12 +32,6 @@ class Page_News extends Page // load user, we will need it later User::load(); - // only admins should be able to edit news - if (!User::hasPermission('superadmin')) { - Message::addError('main.no-permission'); - Util::redirect('?do=Main'); - } - // check which action we need to do $action = Request::any('action', 'show'); if ($action === 'clear') { @@ -66,26 +60,53 @@ class Page_News extends Page $pageType = Request::post('news-type'); if ($pageType == 'news') { - if (!$this->saveNews()) { - // re-set the fields we got - Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; - Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; - } else { - Message::addSuccess('news-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if(User::hasPermission("news.save")) { + if (!$this->saveNews()) { + // re-set the fields we got + Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; + Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; + } else { + Message::addSuccess('news-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } } elseif ($pageType == 'help') { - if ($this->saveHelp()) { - Message::addSuccess('help-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } + if(User::hasPermission("help.save")) { + if ($this->saveHelp()) { + Message::addSuccess('help-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } } } elseif ($action === 'delete') { // delete it - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + $pageType = Request::post('news-type'); + + if ($pageType == 'news') { + if (User::hasPermission("news.delete")) { + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } + } elseif ($pageType == 'help') { + if (User::hasPermission("help.delete")) { + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp='.Request::any('editHelp')); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=news'); + } + } } else { // unknown action, redirect user Message::addError('invalid-action', $action); diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json new file mode 100644 index 00000000..90d07aef --- /dev/null +++ b/modules-available/news/permissions/permissions.json @@ -0,0 +1,6 @@ +{ + "news.save": "Save new news.", + "news.delete": "Delete old news.", + "help.save": "Save new help texts.", + "help.delete": "Delete old help texts" +}
\ No newline at end of file diff --git a/modules-available/news/templates/page-news.html b/modules-available/news/templates/page-news.html index 37e3471d..ad1a08c8 100644 --- a/modules-available/news/templates/page-news.html +++ b/modules-available/news/templates/page-news.html @@ -1,5 +1,5 @@ - <h1>{{lang_vmChooser_title}}</h1> + <ul class="nav nav-tabs" role="tablist"> <li role="presentation" class="{{^editHelp}}active{{/editHelp}}"><a href="#news" role="tab" data-toggle="tab">{{lang_editNews}}</a></li> <li role="presentation" class="{{#editHelp}}active{{/editHelp}}" ><a href="#help" role="tab" data-toggle="tab">{{lang_editHelp}}</a></li> @@ -42,7 +42,8 @@ <th data-sort="int">{{lang_date}}</th> <th data-sort="string">{{lang_title}}</th> <th data-sort="string">{{lang_content}}</th> - <th></th> + <th class="text-center">{{lang_show}}</th> + <th class="text-center">{{lang_delete}}</th> </tr> </thead> <tbody> @@ -51,9 +52,12 @@ <td class="text-left text-nowrap" data-sort-value={{dateline}}>{{date}}</td> <td><table class="slx-ellipsis"><tr><td>{{title}}</td></tr></table></td> <td><table class="slx-ellipsis"><tr><td>{{content}}</td></tr></table></td> - <td class="text-nowrap"> - <a class="btn btn-primary btn-xs" href="?do=news&newsid={{newsid}}&action=show"><span class="glyphicon glyphicon-share-alt"></span> {{lang_show}}</a> - <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-remove"></span> {{lang_delete}}</button> + <td class="text-center"> + <a class="btn btn-primary btn-xs" href="?do=news&newsid={{newsid}}&action=show"><span class="glyphicon glyphicon-share-alt"></span></a> + </td> + <td class="text-center"> + <input type="hidden" name="news-type" value="news"> + <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/list}} @@ -90,7 +94,8 @@ <tr> <th data-sort="int">{{lang_date}}</th> <th data-sort="string">{{lang_content}}</th> - <th></th> + <th class="text-center">{{lang_show}}</th> + <th class="text-center">{{lang_delete}}</th> </tr> </thead> <tbody> @@ -98,9 +103,12 @@ <tr {{#active}}class="active"{{/active}}> <td class="text-left text-nowrap" data-sort-value={{dateline}}>{{date}}</td> <td><table class="slx-ellipsis"><tr><td>{{content}}</td></tr></table></td> - <td class="text-nowrap"> - <a class="btn btn-primary btn-xs" href="?do=news&newsid={{newsid}}&action=show"><span class="glyphicon glyphicon-share-alt"></span> {{lang_show}}</a> - <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-remove"></span> {{lang_delete}}</button> + <td class="text-center"> + <a class="btn btn-primary btn-xs" href="?do=news&newsid={{newsid}}&action=show"><span class="glyphicon glyphicon-share-alt"></span></a> + </td> + <td class="text-center"> + <input type="hidden" name="news-type" value="help"> + <button class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/listHelp}} |