diff options
Diffstat (limited to 'modules-available/news')
| -rw-r--r-- | modules-available/news/config.json | 8 | ||||
| -rw-r--r-- | modules-available/news/lang/de/permissions.json | 9 | ||||
| -rw-r--r-- | modules-available/news/lang/de/template-tags.json | 1 | ||||
| -rw-r--r-- | modules-available/news/lang/en/permissions.json | 9 | ||||
| -rw-r--r-- | modules-available/news/lang/en/template-tags.json | 1 | ||||
| -rw-r--r-- | modules-available/news/page.inc.php | 442 | ||||
| -rw-r--r-- | modules-available/news/permissions/permissions.json | 23 | ||||
| -rw-r--r-- | modules-available/news/templates/page-news.html | 20 |
8 files changed, 264 insertions, 249 deletions
diff --git a/modules-available/news/config.json b/modules-available/news/config.json index e076ea5c..23cd1443 100644 --- a/modules-available/news/config.json +++ b/modules-available/news/config.json @@ -1,4 +1,6 @@ { - "category":"main.content", - "dependencies": [ "js_stupidtable" ] -} + "category": "main.content", + "dependencies": [ + "js_stupidtable" + ] +}
\ No newline at end of file diff --git a/modules-available/news/lang/de/permissions.json b/modules-available/news/lang/de/permissions.json index b2c6fb1b..888bb4a7 100644 --- a/modules-available/news/lang/de/permissions.json +++ b/modules-available/news/lang/de/permissions.json @@ -1,6 +1,7 @@ { - "news.save": "Änderungen am News Text speichern.", - "news.delete": "Alte News Texte löschen.", - "help.save": "Änderungen am Hilfe Text speichern.", - "help.delete": "Alte Hilfe Texte löschen." + "access-page": "Seite sehen.", + "help.delete": "Alte Hilfe Texte l\u00f6schen.", + "help.save": "\u00c4nderungen am Hilfe Text speichern.", + "news.delete": "Alte News Texte l\u00f6schen.", + "news.save": "\u00c4nderungen am News Text speichern." }
\ No newline at end of file diff --git a/modules-available/news/lang/de/template-tags.json b/modules-available/news/lang/de/template-tags.json index d8ad974f..c2b4bddc 100644 --- a/modules-available/news/lang/de/template-tags.json +++ b/modules-available/news/lang/de/template-tags.json @@ -1,4 +1,5 @@ { + "lang_confirmDelete": "Eintrag l\u00f6schen?", "lang_content": "Inhalt", "lang_date": "Datum", "lang_editHelp": "Hilfe bearbeiten", diff --git a/modules-available/news/lang/en/permissions.json b/modules-available/news/lang/en/permissions.json index 90d07aef..37fc7a8e 100644 --- a/modules-available/news/lang/en/permissions.json +++ b/modules-available/news/lang/en/permissions.json @@ -1,6 +1,7 @@ { - "news.save": "Save new news.", - "news.delete": "Delete old news.", - "help.save": "Save new help texts.", - "help.delete": "Delete old help texts" + "access-page": "View page.", + "help.delete": "Delete old help texts.", + "help.save": "Save new help texts.", + "news.delete": "Delete old news.", + "news.save": "Save new news." }
\ No newline at end of file diff --git a/modules-available/news/lang/en/template-tags.json b/modules-available/news/lang/en/template-tags.json index 270fed44..d7567d99 100644 --- a/modules-available/news/lang/en/template-tags.json +++ b/modules-available/news/lang/en/template-tags.json @@ -1,4 +1,5 @@ { + "lang_confirmDelete": "Delete entry?", "lang_content": "Content", "lang_date": "Date", "lang_editHelp": "Edit Help", diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index 399fc307..1e2e3eef 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -26,247 +26,239 @@ class Page_News extends Page private $editHelp = false; private $hasSummernote = false; - /** - * Implementation of the abstract doPreprocess function. - * - * Checks if the user is logged in and processes any - * action if one was specified in the request. - */ - protected function doPreprocess() - { - /* load summernote module if available */ - $this->hasSummernote = Module::isAvailable('summernote'); + /** + * Implementation of the abstract doPreprocess function. + * + * Checks if the user is logged in and processes any + * action if one was specified in the request. + */ + protected function doPreprocess() + { + /* load summernote module if available */ + $this->hasSummernote = Module::isAvailable('summernote'); - // load user, we will need it later - User::load(); - if (!User::isLoggedIn()) { - Message::addError('main.no-permission'); - Util::redirect('?do=Main'); - } + // load user, we will need it later + User::load(); + if (!User::isLoggedIn()) { + Message::addError('main.no-permission'); + Util::redirect('?do=Main'); + } - // check which action we need to do - $action = Request::any('action', 'show'); - if ($action === 'clear') { - // clear news input fields - // TODO: is this the right way? - $this->newsId = false; - $this->newsTitle = false; - $this->newsContent = false; - $this->newsDate = false; - } elseif ($action === 'show') { - /* load latest things */ - $this->loadLatest('help'); - $this->loadLatest('news'); + // check which action we need to do + $action = Request::any('action', 'show'); + if ($action === 'show') { + User::assertPermission('access-page'); + /* load latest things */ + $this->loadLatest('help'); + $this->loadLatest('news'); - /* and also the news (or help) with the given id */ - if (!$this->loadNews(Request::any('newsid'))) { - Message::addError('news-empty'); - } + /* and also the news (or help) with the given id */ + if (!$this->loadNews(Request::any('newsid'))) { + Message::addError('news-empty'); + } - if (Request::any('editHelp')) { - $this->editHelp = true; - } - } elseif ($action === 'save') { - // save to DB - /* find out whether it's news or help */ - $pageType = Request::post('news-type'); + if (Request::any('editHelp')) { + $this->editHelp = true; + } + } elseif ($action === 'save') { + // save to DB + /* find out whether it's news or help */ + $pageType = Request::post('news-type'); - if ($pageType == 'news') { - if (User::hasPermission("news.save")) { - if (!$this->saveNews()) { - // re-set the fields we got - Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false; - Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false; - } else { - Message::addSuccess('news-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } - } - } elseif ($pageType == 'help') { - if (User::hasPermission("help.save")) { - if ($this->saveHelp()) { - Message::addSuccess('help-save-success'); - $lastId = Database::lastInsertId(); - Util::redirect("?do=News&newsid=$lastId"); - } - } - } - } elseif ($action === 'delete') { - // delete it - $pageType = Request::post('news-type'); + if ($pageType === 'news') { + User::assertPermission("news.save"); + if (!$this->saveNews()) { + // re-set the fields we got + $this->newsTitle = Request::post('news-title', false, 'string'); + $this->newsContent = Request::post('news-content', false, 'string'); + } else { + Message::addSuccess('news-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } elseif ($pageType === 'help') { + User::assertPermission("help.save"); + if ($this->saveHelp()) { + Message::addSuccess('help-save-success'); + $lastId = Database::lastInsertId(); + Util::redirect("?do=News&newsid=$lastId"); + } + } + } elseif ($action === 'delete') { + // delete it + $pageType = Request::post('news-type'); - if ($pageType == 'news') { - if(User::hasPermission("news.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } - } elseif ($pageType == 'help') { - if(User::hasPermission("help.delete")) { - $this->delNews(Request::post('newsid')); - Util::redirect('?do=News&editHelp='.Request::any('editHelp')); - } - } - } else { - // unknown action, redirect user - Message::addError('invalid-action', $action); - } - } + if ($pageType === 'news') { + User::assertPermission("news.delete"); + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp=' . Request::any('editHelp')); + } elseif ($pageType === 'help') { + User::assertPermission("help.delete"); + $this->delNews(Request::post('newsid')); + Util::redirect('?do=News&editHelp=' . Request::any('editHelp')); + } + } else { + // unknown action, redirect user + Message::addError('invalid-action', $action); + } + } - /** - * Implementation of the abstract doRender function. - * - * Fetch the list of news from the database and paginate it. - */ - protected function doRender() - { - // fetch the list of the older news - $lines = array(); - $paginate = new Paginate("SELECT newsid, dateline, title, content FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC", 10); - $res = $paginate->exec(); - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $row['date'] = date('d.m.Y H:i', $row['dateline']); + /** + * Implementation of the abstract doRender function. + * + * Fetch the list of news from the database and paginate it. + */ + protected function doRender() + { + // fetch the list of the older news + $lines = array(); + $paginate = new Paginate("SELECT newsid, dateline, title, content FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC", 10); + $res = $paginate->exec(); + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $row['date'] = date('d.m.Y H:i', $row['dateline']); - if ($row['newsid'] == $this->newsId) { - $row['active'] = 'active'; - } - $row['content'] = strip_tags(str_replace('>', '> ', $row['content'])); - $lines[] = $row; - } - // fetch the list of the older helps - $linesHelp = array(); - $paginateHelp = new Paginate("SELECT newsid, dateline, content FROM vmchooser_pages WHERE type='help' ORDER BY dateline DESC", 10); - $resHelp = $paginateHelp->exec(); - while ($row = $resHelp->fetch(PDO::FETCH_ASSOC)) { - $row['date'] = date('d.m.Y H:i', $row['dateline']); - if ($row['newsid'] == $this->newsId) { - $row['active'] = 'active'; - } - $row['content'] = strip_tags(str_replace('>', '> ', $row['content'])); - $linesHelp[] = $row; - } + if ($row['newsid'] == $this->newsId) { + $row['active'] = 'active'; + } + $row['content'] = strip_tags(str_replace('>', '> ', $row['content'])); + $lines[] = $row; + } + // fetch the list of the older helps + $linesHelp = array(); + $paginateHelp = new Paginate("SELECT newsid, dateline, content FROM vmchooser_pages WHERE type='help' ORDER BY dateline DESC", 10); + $resHelp = $paginateHelp->exec(); + while ($row = $resHelp->fetch(PDO::FETCH_ASSOC)) { + $row['date'] = date('d.m.Y H:i', $row['dateline']); + if ($row['newsid'] == $this->newsId) { + $row['active'] = 'active'; + } + $row['content'] = strip_tags(str_replace('>', '> ', $row['content'])); + $linesHelp[] = $row; + } - $paginate->render('page-news', array( - 'token' => Session::get('token'), - 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'), - 'latestContent' => $this->newsContent, - 'latestTitle' => $this->newsTitle, - 'latestHelp' => $this->helpContent, - 'editHelp' => $this->editHelp, - 'list' => $lines, - 'listHelp' => $linesHelp, - 'allowedNewsSave' => User::hasPermission("news.save"), - 'allowedNewsDelete' => User::hasPermission("news.delete"), - 'allowedHelpSave' => User::hasPermission("help.save"), - 'allowedHelpDelete' => User::hasPermission("help.delete"), - 'hasSummernote' => $this->hasSummernote, )); - } - /** - * Loads the news with the given ID into the form. - * - * @param int $newsId ID of the news to be shown. - * - * @return bool true if loading that news worked - */ - private function loadNews($newsId) - { - // check to see if we need to request a specific newsid - if ($newsId !== false) { - $row = Database::queryFirst('SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array( - 'newsid' => $newsId, - )); - } else { - $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC LIMIT 1"); - } + $data = array( + 'token' => Session::get('token'), + 'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'), + 'latestContent' => $this->newsContent, + 'latestTitle' => $this->newsTitle, + 'latestHelp' => $this->helpContent, + 'editHelp' => $this->editHelp, + 'list' => $lines, + 'listHelp' => $linesHelp, + 'hasSummernote' => $this->hasSummernote, + ); + Permission::addGlobalTags($data['perms'], null, ['news.save', 'news.delete', 'help.save', 'help.delete']); - // fetch the news to be shown - if ($row !== false) { - if ($row['type'] == 'news') { - $this->newsId = $row['newsid']; - $this->newsTitle = $row['title']; - $this->newsContent = $row['content']; - $this->newsDate = $row['dateline']; - $this->editHelp = false; - } else { - $this->editHelp = true; - $this->helpContent = $row['content']; - } - } + $paginate->render('page-news', $data); + } - return $row !== false; - } + /** + * Loads the news with the given ID into the form. + * + * @param int $newsId ID of the news to be shown. + * + * @return bool true if loading that news worked + */ + private function loadNews($newsId) + { + // check to see if we need to request a specific newsid + if ($newsId !== false) { + $row = Database::queryFirst('SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array( + 'newsid' => $newsId, + )); + } else { + $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type='news' ORDER BY dateline DESC LIMIT 1"); + } - private function loadLatest($type) - { - $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type=:type ORDER BY dateline DESC LIMIT 1", ['type' => $type]); - if ($row !== false) { - if ($row['type'] == 'news') { - $this->newsId = $row['newsid']; - $this->newsTitle = $row['title']; - $this->newsContent = $row['content']; - $this->newsDate = $row['dateline']; - } else { - $this->helpContent = $row['content']; - } - } - } + // fetch the news to be shown + if ($row !== false) { + if ($row['type'] == 'news') { + $this->newsId = $row['newsid']; + $this->newsTitle = $row['title']; + $this->newsContent = $row['content']; + $this->newsDate = $row['dateline']; + $this->editHelp = false; + } else { + $this->editHelp = true; + $this->helpContent = $row['content']; + } + } - /** - * Save the given $newsTitle and $newsContent as POST'ed into the database. - */ - private function saveNews() - { - // check if news content were set by the user - $newsTitle = Request::post('news-title'); - $newsContent = Request::post('news-content'); - if ($newsContent !== '' && $newsTitle !== '') { - // we got title and content, save it to DB - Database::exec("INSERT INTO vmchooser_pages (dateline, title, content, type) VALUES (:dateline, :title, :content, 'news')", array( - 'dateline' => time(), - 'title' => $newsTitle, - 'content' => $newsContent, - )); + return $row !== false; + } - return true; - } else { - Message::addError('main.empty-field'); + private function loadLatest($type) + { + $row = Database::queryFirst("SELECT newsid, title, content, dateline, type FROM vmchooser_pages WHERE type=:type ORDER BY dateline DESC LIMIT 1", ['type' => $type]); + if ($row !== false) { + if ($row['type'] == 'news') { + $this->newsId = $row['newsid']; + $this->newsTitle = $row['title']; + $this->newsContent = $row['content']; + $this->newsDate = $row['dateline']; + } else { + $this->helpContent = $row['content']; + } + } + } - return false; - } - } - private function saveHelp() - { - $content = Request::post('help-content'); - if ($content !== '') { - Database::exec("INSERT INTO vmchooser_pages (dateline, content, type) VALUES (:dateline, :content, 'help')", array( - 'dateline' => time(), - 'content' => $content, - )); + /** + * Save the given $newsTitle and $newsContent as POST'ed into the database. + */ + private function saveNews() + { + // check if news content were set by the user + $newsTitle = Request::post('news-title'); + $newsContent = Request::post('news-content'); + if ($newsContent !== '' && $newsTitle !== '') { + // we got title and content, save it to DB + Database::exec("INSERT INTO vmchooser_pages (dateline, title, content, type) VALUES (:dateline, :title, :content, 'news')", array( + 'dateline' => time(), + 'title' => $newsTitle, + 'content' => $newsContent, + )); + + return true; + } else { + Message::addError('main.empty-field'); + + return false; + } + } - return true; - } else { - Message::addError('main.empty-field'); + private function saveHelp() + { + $content = Request::post('help-content'); + if ($content !== '') { + Database::exec("INSERT INTO vmchooser_pages (dateline, content, type) VALUES (:dateline, :content, 'help')", array( + 'dateline' => time(), + 'content' => $content, + )); - return false; - } - } + return true; + } else { + Message::addError('main.empty-field'); - /** - * Delete the news entry with ID $newsId. - * - * @param int $newsId ID of the entry to be deleted. - */ - private function delNews($newsId) - { - // sanity check: is newsId even numeric? - if (!is_numeric($newsId)) { - Message::addError('main.value-invalid', 'newsid', $newsId); - } else { - // check passed - do delete - Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array( - 'newsid' => $newsId, - )); - Message::addSuccess('news-del-success'); - } - } + return false; + } + } + + /** + * Delete the news entry with ID $newsId. + * + * @param int $newsId ID of the entry to be deleted. + */ + private function delNews($newsId) + { + // sanity check: is newsId even numeric? + if (!is_numeric($newsId)) { + Message::addError('main.value-invalid', 'newsid', $newsId); + } else { + // check passed - do delete + Database::exec('DELETE FROM vmchooser_pages WHERE newsid = :newsid LIMIT 1', array( + 'newsid' => $newsId, + )); + Message::addSuccess('news-del-success'); + } + } } diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 321e73ea..953599df 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,6 +1,17 @@ -[ - "news.save", - "news.delete", - "help.save", - "help.delete" -]
\ No newline at end of file +{ + "access-page": { + "location-aware": false + }, + "help.delete": { + "location-aware": false + }, + "help.save": { + "location-aware": false + }, + "news.delete": { + "location-aware": false + }, + "news.save": { + "location-aware": false + } +}
\ No newline at end of file diff --git a/modules-available/news/templates/page-news.html b/modules-available/news/templates/page-news.html index 6293b62d..b22b44f5 100644 --- a/modules-available/news/templates/page-news.html +++ b/modules-available/news/templates/page-news.html @@ -11,18 +11,18 @@ <p>{{lang_newsIntro}}</p> <div class="form-group"> <label for="news-title-id">{{lang_title}}</label> - <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="{{welcome}}" value="{{latestTitle}}"> + <input type="text" name="news-title" id ="news-title-id" class="form-control" placeholder="{{welcome}}" value="{{latestTitle}}" {{perms.news.save.readonly}}> </div> <div class="form-group"> <label for="news-content-id">{{lang_content}}</label> - <textarea name="news-content" id ="news-content-id" class="form-control summernote" rows="5" cols="30" placeholder="">{{latestContent}}</textarea> + <textarea name="news-content" id ="news-content-id" class="form-control summernote" rows="5" cols="30" {{perms.news.save.readonly}}>{{latestContent}}</textarea> </div> <div class="row"> <div class="text-left col-md-6"> <p>{{lang_latestUpdate}}: {{latestDate}}</p> </div> <div class="text-right col-md-6"> - <button {{^allowedNewsSave}}disabled{{/allowedNewsSave}} class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{perms.news.save.disabled}} class="btn btn-primary sn-btn" name="news-type" value="news" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </div> @@ -57,7 +57,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="news"> - <button {{^allowedNewsDelete}}disabled{{/allowedNewsDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{perms.news.delete.disabled}} class="btn btn-danger btn-xs btn-delete" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/list}} @@ -74,10 +74,10 @@ <div class="form-group"> <br/> <label for="news-content-id">{{lang_content}}</label> - <textarea name="help-content" id="help-content-id" class="form-control summernote" style="min-height:400px" placeholder="">{{latestHelp}}</textarea> + <textarea name="help-content" id="help-content-id" class="form-control summernote" style="min-height:400px" {{perms.help.save.readonly}}>{{latestHelp}}</textarea> </div> <div class="text-right"> - <button {{^allowedHelpSave}}disabled{{/allowedHelpSave}} class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> + <button {{perms.help.save.disabled}} class="btn btn-primary sn-btn" name="news-type" value="help" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button> <input type="hidden" name="token" value="{{token}}"> </div> </form> @@ -108,7 +108,7 @@ </td> <td class="text-center"> <input type="hidden" name="news-type" value="help"> - <button {{^allowedHelpDelete}}disabled{{/allowedHelpDelete}} class="btn btn-danger btn-xs" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> + <button {{perms.help.delete.disabled}} class="btn btn-danger btn-xs btn-delete" type="submit" name="newsid" value="{{newsid}}"><span class="glyphicon glyphicon-trash"></span></button> </td> </tr> {{/listHelp}} @@ -129,5 +129,11 @@ document.addEventListener("DOMContentLoaded", function () { $button.click(); } }); + $('.summernote[readonly]').each(function() { $(this).summernote('disable'); }); + $('.btn-delete').click(function (event) { + if (confirm('{{lang_confirmDelete}}')) + return; + event.preventDefault(); + }); }, false); // --></script>
\ No newline at end of file |