diff options
Diffstat (limited to 'modules-available/news/page.inc.php')
| -rw-r--r-- | modules-available/news/page.inc.php | 162 |
1 files changed, 85 insertions, 77 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index 7a09d437..291f15fc 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -39,6 +39,10 @@ class Page_News extends Page * @var int Unix epoch date when the news expires. */ private $newsExpires = false; + /** + * @var int location id + */ + private $locationId = 0; /** @@ -63,30 +67,33 @@ class Page_News extends Page User::assertPermission('access-page'); /* and also the news (or help) with the given id */ - $newsId = Request::get('newsid', false, 'int'); - $pageType = Request::get('type', false, 'string'); - if ($pageType === false && $newsId === false) { - Util::redirect('?do=news&type=news'); + $newsId = Request::get('newsid', null, 'int'); + $pageType = Request::get('type', null, 'string'); + $this->locationId = Request::get('locationid', 0, 'int'); + if ($pageType === null && $newsId === null) { + Util::redirect('?do=news&type=news&locationid=' . $this->locationId); } - $this->pageType = $pageType === false ? 'news' : $pageType; - $this->loadNews($newsId, $pageType); + $this->pageType = $pageType ?? 'news'; + $this->loadNews($newsId); foreach (self::TYPES as $type => $entry) { - Dashboard::addSubmenu('?do=news&type=' . $type, Dictionary::translate('type_' . $type, true)); + Dashboard::addSubmenu('?do=news&type=' . $type . '&locationid=' . $this->locationId, + Dictionary::translate('type_' . $type)); } } else { $action = Request::post('action', false, 'string'); $pageType = Request::post('type', false, 'string'); + $this->locationId = Request::post('locationid', Request::REQUIRED_EMPTY, 'int'); if (!array_key_exists($pageType, self::TYPES)) { Message::addError('invalid-type', $pageType); - Util::redirect('?do=news'); + Util::redirect('?do=news&locationid=' . $this->locationId); } if ($action === 'save') { // save to DB - User::assertPermission("$pageType.save"); + User::assertPermission("$pageType.save", $this->locationId); if (!$this->saveNews($pageType)) { Message::addError('save-error'); } else { @@ -95,14 +102,14 @@ class Page_News extends Page } elseif ($action === 'delete') { // delete it - User::assertPermission("$pageType.delete"); - $this->delNews(Request::post('newsid', false, 'int'), $pageType); + User::assertPermission("$pageType.delete", $this->locationId); + $this->delNews(Request::post('newsid', Request::REQUIRED, 'int'), $pageType); } else { // unknown action, redirect user Message::addError('invalid-action', $action); } - Util::redirect('?do=news&type=' . $pageType); + Util::redirect('?do=news&type=' . $pageType . '&locationid=' . $this->locationId); } /* load summernote module if available */ @@ -119,10 +126,11 @@ class Page_News extends Page // fetch the list of the older news $NOW = time(); $lines = array(); + $str = $this->locationId === 0 ? 'IS NULL' : ' = ' . $this->locationId; $res = Database::simpleQuery("SELECT newsid, dateline, expires, title, content FROM vmchooser_pages - WHERE type = :type ORDER BY dateline DESC LIMIT 20", ['type' => $this->pageType]); + WHERE type = :type AND locationid $str ORDER BY dateline DESC LIMIT 20", ['type' => $this->pageType]); $foundActive = false; - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + foreach ($res as $row) { $row['dateline_s'] = Util::prettyTime($row['dateline']); $row['expires_s'] = $this->formatExpires($row['expires']); if ($row['newsid'] == $this->newsId) { @@ -141,7 +149,7 @@ class Page_News extends Page $data = array( 'withTitle' => self::TYPES[$this->pageType]['headline'], - 'newsTypeName' => Dictionary::translate('type_' . $this->pageType, true), + 'newsTypeName' => Dictionary::translate('type_' . $this->pageType), 'dateline_s' => Util::prettyTime($this->newsDateline), 'expires_s' => $this->formatExpires($this->newsExpires), 'currentContent' => $this->newsContent, @@ -169,10 +177,19 @@ class Page_News extends Page 'disabled' => 'disabled', ]; } + $data['locationid'] = $this->locationId; + if ($this->locationId > 0) { + $data['location_name'] = Location::getName($this->locationId); + } else { + // Superadmin can see all overridden locations + $data['overridden'] = Database::queryAll("SELECT DISTINCT l.locationid, l.locationname FROM vmchooser_pages + INNER JOIN location l USING (locationid) + WHERE expires > UNIX_TIMESTAMP() ORDER BY locationname ASC"); + } Render::addTemplate('page-news', $data); } - private function formatExpires($ts) + private function formatExpires(int $ts): string { if ($ts - 86400 * 365 * 5 > time()) return '-'; @@ -182,15 +199,12 @@ class Page_News extends Page /** * Loads the news with the given ID into the form. * - * @param int $newsId ID of the news to be shown. - * @param string $pageType type if news id is not given. - * - * @return bool true if loading that news worked + * @param ?int $newsId ID of the news to be shown, or latest if null */ - private function loadNews($newsId, $pageType) + private function loadNews(?int $newsId): void { // check to see if we need to request a specific newsid - if ($newsId !== false) { + if ($newsId !== null) { $row = Database::queryFirst('SELECT newsid, title, content, dateline, expires, type FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', [ 'newsid' => $newsId, @@ -199,74 +213,74 @@ class Page_News extends Page Message::addError('news-empty'); } } else { + $str = $this->locationId === 0 ? 'IS NULL' : ' = ' . $this->locationId; $row = Database::queryFirst("SELECT newsid, title, content, dateline, expires, type FROM vmchooser_pages - WHERE type = :type AND expires > UNIX_TIMESTAMP() ORDER BY dateline DESC LIMIT 1", [ - 'type' => $pageType, + WHERE type = :type AND locationid $str AND expires > UNIX_TIMESTAMP() ORDER BY dateline DESC LIMIT 1", [ + 'type' => $this->pageType, ]); } if ($row === false) - return false; + return; // fetch the news to be shown - if ($row !== false) { - $this->newsId = $row['newsid']; - $this->newsTitle = $row['title']; - $this->newsContent = $row['content']; - $this->newsDateline = (int)$row['dateline']; - $this->newsExpires = (int)$row['expires']; - $this->pageType = $row['type']; - } - return true; + $this->newsId = $row['newsid']; + $this->newsTitle = $row['title']; + $this->newsContent = $row['content']; + $this->newsDateline = (int)$row['dateline']; + $this->newsExpires = (int)$row['expires']; + $this->pageType = $row['type']; } /** * Save the given $newsTitle and $newsContent as POST'ed into the database. */ - private function saveNews($pageType) + private function saveNews(string $pageType): bool { // check if news content were set by the user $newsTitle = Request::post('news-title', '', 'string'); - $newsContent = Request::post('news-content', false, 'string'); + $newsContent = Request::post('news-content', Request::REQUIRED, 'string'); + $test = trim(html_entity_decode(strip_tags($newsContent), ENT_QUOTES, 'UTF-8')); + if (empty($test)) { + Message::addError('main.empty-field'); + return false; + } $infinite = (Request::post('infinite', '', 'string') !== ''); if ($infinite) { - $expires = strtotime('+10 years 0:00'); + $expires = strtotime('+20 years 0:00'); } else { $expires = strtotime(Request::post('enddate', 'today', 'string') . ' ' - . Request::post('endtime', '23:59', 'string')); + . Request::post('endtime', '23:59', 'string')); } - if (!empty($newsContent)) { - // we got title and content, save it to DB - // dup check first - $row = Database::queryFirst('SELECT newsid FROM vmchooser_pages - WHERE content = :content AND type = :type LIMIT 1', [ - 'content' => $newsContent, - 'type' => $pageType, - ]); - if ($row !== false) { - Database::exec('UPDATE vmchooser_pages SET dateline = :dateline, expires = :expires, title = :title - WHERE newsid = :newsid LIMIT 1', [ - 'newsid' => $row['newsid'], - 'dateline' => time(), - 'expires' => $expires, - 'title' => $newsTitle, - ]); - return true; - } - // new one - Database::exec("INSERT INTO vmchooser_pages (dateline, expires, title, content, type) - VALUES (:dateline, :expires, :title, :content, :type)", array( + $str = $this->locationId === 0 ? 'IS NULL' : ' = ' . $this->locationId; + // we got title and content, save it to DB + // dup check first + $row = Database::queryFirst("SELECT newsid FROM vmchooser_pages + WHERE content = :content AND type = :type AND locationid $str LIMIT 1", [ + 'content' => $newsContent, + 'type' => $pageType, + ]); + if ($row !== false) { + Database::exec('UPDATE vmchooser_pages SET dateline = :dateline, expires = :expires, title = :title + WHERE newsid = :newsid LIMIT 1', [ + 'newsid' => $row['newsid'], 'dateline' => time(), 'expires' => $expires, 'title' => $newsTitle, - 'content' => $newsContent, - 'type' => $pageType, - )); - + ]); return true; } + // new one + Database::exec("INSERT INTO vmchooser_pages (dateline, expires, locationid, title, content, type) + VALUES (:dateline, :expires, :locationid, :title, :content, :type)", array( + 'dateline' => time(), + 'expires' => $expires, + 'locationid' => $this->locationId === 0 ? null : $this->locationId, + 'title' => $newsTitle, + 'content' => $newsContent, + 'type' => $pageType, + )); - Message::addError('main.empty-field'); - return false; + return true; } /** @@ -275,18 +289,12 @@ class Page_News extends Page * @param int $newsId ID of the entry to be deleted. * @param string $pageType type of news to be deleted. Must match the ID, otherwise do nothing. */ - private function delNews($newsId, $pageType) + private function delNews(int $newsId, string $pageType): void { - // sanity check: is newsId even numeric? - if (!is_numeric($newsId)) { - Message::addError('main.value-invalid', 'newsid', $newsId); - } else { - // check passed - do delete - Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid AND type = :type LIMIT 1', array( - 'newsid' => $newsId, - 'type' => $pageType, - )); - Message::addSuccess('news-del-success'); - } + Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid AND type = :type LIMIT 1', array( + 'newsid' => $newsId, + 'type' => $pageType, + )); + Message::addSuccess('news-del-success'); } } |