mirror of
https://github.com/silverstripe/silverstripe-blog
synced 2024-10-22 11:05:58 +02:00
BUGFIX: fixed permissions to allow non-admin user to post and manage blog entries
This commit is contained in:
parent
5755d3e679
commit
038cad9b63
@ -5,47 +5,47 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* Blog holder to display summarised blog entries.
|
||||
*
|
||||
* Blog holder to display summarised blog entries.
|
||||
*
|
||||
* A blog holder is the leaf end of a BlogTree, but can also be used standalone in simpler circumstances.
|
||||
* BlogHolders can only hold BlogEntries, BlogTrees can only hold BlogTrees and BlogHolders
|
||||
* BlogHolders have a form on them for easy posting, and an owner that can post to them, BlogTrees don't
|
||||
*/
|
||||
class BlogHolder extends BlogTree {
|
||||
|
||||
class BlogHolder extends BlogTree implements PermissionProvider {
|
||||
|
||||
static $icon = "blog/images/blogholder";
|
||||
|
||||
|
||||
static $db = array(
|
||||
'TrackBacksEnabled' => 'Boolean',
|
||||
'AllowCustomAuthors' => 'Boolean',
|
||||
);
|
||||
|
||||
|
||||
static $has_one = array(
|
||||
'Owner' => 'Member',
|
||||
);
|
||||
|
||||
|
||||
static $allowed_children = array(
|
||||
'BlogEntry'
|
||||
);
|
||||
|
||||
|
||||
function getCMSFields() {
|
||||
$fields = parent::getCMSFields();
|
||||
|
||||
$fields->addFieldToTab('Root.Content.Main', new CheckboxField('TrackBacksEnabled', 'Enable TrackBacks'));
|
||||
$fields->addFieldToTab('Root.Content.Main', new DropdownField('OwnerID', 'Blog owner', DataObject::get('Member')->toDropDownMap('ID', 'Name', 'None')));
|
||||
$fields->addFieldToTab('Root.Content.Main', new CheckboxField('AllowCustomAuthors', 'Allow non-admins to have a custom author field'));
|
||||
|
||||
|
||||
return $fields;
|
||||
}
|
||||
|
||||
public function BlogHolderIDs() {
|
||||
return array( $this->ID );
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @todo: These next few functions don't really belong in the model. Can we remove them?
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* Only display the blog entries that have the specified tag
|
||||
*/
|
||||
@ -54,63 +54,64 @@ class BlogHolder extends BlogTree {
|
||||
return Convert::raw2xml(Director::urlParam('ID'));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if url has "/post"
|
||||
*/
|
||||
function isPost() {
|
||||
return Director::urlParam('Action') == 'post';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Link for creating a new blog entry
|
||||
*/
|
||||
function postURL(){
|
||||
return $this->Link('post');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns true if the current user is an admin, or is the owner of this blog
|
||||
*
|
||||
* @return Boolean
|
||||
*/
|
||||
function IsOwner() {
|
||||
return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
|
||||
return (Permission::check('BLOGMANAGEMENT') || Permission::check('ADMIN'));
|
||||
//return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Create default blog setup
|
||||
*/
|
||||
function requireDefaultRecords() {
|
||||
parent::requireDefaultRecords();
|
||||
|
||||
|
||||
if(!DataObject::get_one('BlogHolder')) {
|
||||
$blogholder = new BlogHolder();
|
||||
$blogholder->Title = "Blog";
|
||||
$blogholder->URLSegment = "blog";
|
||||
$blogholder->Status = "Published";
|
||||
|
||||
|
||||
$widgetarea = new WidgetArea();
|
||||
$widgetarea->write();
|
||||
|
||||
|
||||
$blogholder->SideBarID = $widgetarea->ID;
|
||||
$blogholder->write();
|
||||
$blogholder->publish("Stage", "Live");
|
||||
|
||||
|
||||
$managementwidget = new BlogManagementWidget();
|
||||
$managementwidget->ParentID = $widgetarea->ID;
|
||||
$managementwidget->write();
|
||||
|
||||
|
||||
$tagcloudwidget = new TagCloudWidget();
|
||||
$tagcloudwidget->ParentID = $widgetarea->ID;
|
||||
$tagcloudwidget->write();
|
||||
|
||||
|
||||
$archivewidget = new ArchiveWidget();
|
||||
$archivewidget->ParentID = $widgetarea->ID;
|
||||
$archivewidget->write();
|
||||
|
||||
|
||||
$widgetarea->write();
|
||||
|
||||
|
||||
$blog = new BlogEntry();
|
||||
$blog->Title = _t('BlogHolder.SUCTITLE', "SilverStripe blog module successfully installed");
|
||||
$blog->URLSegment = 'sample-blog-entry';
|
||||
@ -120,7 +121,7 @@ class BlogHolder extends BlogTree {
|
||||
$blog->ParentID = $blogholder->ID;
|
||||
$blog->write();
|
||||
$blog->publish("Stage", "Live");
|
||||
|
||||
|
||||
Database::alteration_message("Blog page created","created");
|
||||
}
|
||||
}
|
||||
@ -131,30 +132,34 @@ class BlogHolder_Controller extends BlogTree_Controller {
|
||||
parent::init();
|
||||
Requirements::themedCSS("bbcodehelp");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return list of usable tags for help
|
||||
*/
|
||||
function BBTags() {
|
||||
return BBCodeParser::usable_tags();
|
||||
}
|
||||
|
||||
|
||||
function providePermissions() {
|
||||
return array("BLOGMANAGEMENT" => "Blog management");
|
||||
}
|
||||
|
||||
/**
|
||||
* Post a new blog entry
|
||||
*/
|
||||
function post(){
|
||||
if(!$this->IsOwner()){
|
||||
Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'Posting blogs is an administrator task. Please log in.'));
|
||||
Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'You do not have sufficient permissions to post blog entries. Please log in.'));
|
||||
}
|
||||
|
||||
|
||||
$page = $this->customise(array(
|
||||
'Content' => false,
|
||||
'Form' => $this->BlogEntryForm()
|
||||
));
|
||||
|
||||
|
||||
return $page->renderWith('Page');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* A simple form for creating blog entries
|
||||
*/
|
||||
@ -164,25 +169,25 @@ class BlogHolder_Controller extends BlogTree_Controller {
|
||||
Requirements::javascript('jsparty/scriptaculous/effects.js');
|
||||
Requirements::javascript('cms/javascript/PageCommentInterface.js');
|
||||
Requirements::javascript('blog/javascript/bbcodehelp.js');
|
||||
|
||||
|
||||
$id = 0;
|
||||
if(Director::urlParam('ID')) {
|
||||
$id = (int) Director::urlParam('ID');
|
||||
}
|
||||
|
||||
|
||||
$codeparser = new BBCodeParser();
|
||||
$membername = Member::currentMember() ? Member::currentMember()->getName() : "";
|
||||
|
||||
|
||||
if(BlogEntry::$allow_wysiwyg_editing) {
|
||||
$contentfield = new HtmlEditorField("BlogPost", _t("BlogEntry.CN"));
|
||||
} else {
|
||||
$contentfield = new CompositeField(
|
||||
$contentfield = new CompositeField(
|
||||
new LiteralField("BBCodeHelper","<a id=\"BBCodeHint\" target='new'>"._t("BlogEntry.BBH")."</a><div class='clear'><!-- --></div>" ),
|
||||
new TextareaField("BlogPost", _t("BlogEntry.CN"),20), // This is called BlogPost as the id #Content is generally used already
|
||||
new LiteralField("BBCodeTags","<div id=\"BBTagsHolder\">".$codeparser->useable_tagsHTML()."</div>")
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
if(class_exists('TagField')) {
|
||||
$tagfield = new TagField('Tags', null, null, 'BlogEntry');
|
||||
$tagfield->setSeparator(', ');
|
||||
@ -201,14 +206,14 @@ class BlogHolder_Controller extends BlogTree_Controller {
|
||||
$tagfield,
|
||||
new LiteralField("Tagsnote"," <label id='tagsnote'>"._t('BlogHolder.TE', "For example: sport, personal, science fiction")."<br/>" .
|
||||
_t('BlogHolder.SPUC', "Please separate tags using commas.")."</label>")
|
||||
);
|
||||
|
||||
);
|
||||
|
||||
$submitAction = new FormAction('postblog', _t('BlogHolder.POST', 'Post blog entry'));
|
||||
$actions = new FieldSet($submitAction);
|
||||
$validator = new RequiredFields('Title','Content');
|
||||
|
||||
|
||||
$form = new Form($this, 'BlogEntryForm',$fields, $actions,$validator);
|
||||
|
||||
|
||||
if($id != 0) {
|
||||
$entry = DataObject::get_by_id('BlogEntry', $id);
|
||||
if($entry->IsOwner()) {
|
||||
@ -218,33 +223,33 @@ class BlogHolder_Controller extends BlogTree_Controller {
|
||||
} else {
|
||||
$form->loadDataFrom(array("Author" => Cookie::get("BlogHolder_Name")));
|
||||
}
|
||||
|
||||
|
||||
return $form;
|
||||
}
|
||||
|
||||
|
||||
function postblog($data, $form) {
|
||||
Cookie::set("BlogHolder_Name", $data['Author']);
|
||||
$blogentry = false;
|
||||
|
||||
|
||||
if($data['ID']) {
|
||||
$blogentry = DataObject::get_by_id("BlogEntry", $data['ID']);
|
||||
if(!$blogentry->IsOwner()) {
|
||||
unset($blogentry);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if(!$blogentry) {
|
||||
$blogentry = new BlogEntry();
|
||||
}
|
||||
|
||||
|
||||
$form->saveInto($blogentry);
|
||||
$blogentry->ParentID = $this->ID;
|
||||
$blogentry->Content = $form->datafieldByName('BlogPost')->dataValue();
|
||||
|
||||
|
||||
$blogentry->Status = "Published";
|
||||
$blogentry->writeToStage("Stage");
|
||||
$blogentry->publish("Stage", "Live");
|
||||
|
||||
|
||||
Director::redirect($this->Link());
|
||||
}
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
|
||||
}
|
||||
|
||||
function CommentLink() {
|
||||
if(!Permission::check('ADMIN')) {
|
||||
if(!Permission::check('BLOGMANAGEMENT')) {
|
||||
return false;
|
||||
}
|
||||
$unmoderatedcount = DB::query("SELECT COUNT(*) FROM PageComment WHERE NeedsModeration=1")->value();
|
||||
@ -46,11 +46,11 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
|
||||
}
|
||||
|
||||
function providePermissions() {
|
||||
return array("BLOGMANAGEMENTWIDGET_VIEW" => "View blog management widget");
|
||||
return array("BLOGMANAGEMENT" => "Blog management");
|
||||
}
|
||||
|
||||
function WidgetHolder() {
|
||||
if(Permission::check("BLOGMANAGEMENTWIDGET_VIEW")) {
|
||||
if(Permission::check("BLOGMANAGEMENT")) {
|
||||
return $this->renderWith("WidgetHolder");
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user