tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-10-22 09:05:58 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: fixed permissions to allow non-admin user to post and manage blog entries

Browse Source
This commit is contained in:
Julian Seidenberg 2009-05-27 01:26:34 +00:00
parent 5755d3e679
commit 038cad9b63
2 changed files with 55 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
code/BlogHolder.php
View File

@ -5,47 +5,47 @@
*/ */
/** /**
* Blog holder to display summarised blog entries. * Blog holder to display summarised blog entries.
* *
* A blog holder is the leaf end of a BlogTree, but can also be used standalone in simpler circumstances. * A blog holder is the leaf end of a BlogTree, but can also be used standalone in simpler circumstances.
* BlogHolders can only hold BlogEntries, BlogTrees can only hold BlogTrees and BlogHolders * BlogHolders can only hold BlogEntries, BlogTrees can only hold BlogTrees and BlogHolders
* BlogHolders have a form on them for easy posting, and an owner that can post to them, BlogTrees don't * BlogHolders have a form on them for easy posting, and an owner that can post to them, BlogTrees don't
*/ */
class BlogHolder extends BlogTree { class BlogHolder extends BlogTree implements PermissionProvider {
static $icon = "blog/images/blogholder"; static $icon = "blog/images/blogholder";
static $db = array( static $db = array(
'TrackBacksEnabled' => 'Boolean', 'TrackBacksEnabled' => 'Boolean',
'AllowCustomAuthors' => 'Boolean', 'AllowCustomAuthors' => 'Boolean',
); );
static $has_one = array( static $has_one = array(
'Owner' => 'Member', 'Owner' => 'Member',
); );
static $allowed_children = array( static $allowed_children = array(
'BlogEntry' 'BlogEntry'
); );
function getCMSFields() { function getCMSFields() {
$fields = parent::getCMSFields(); $fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Content.Main', new CheckboxField('TrackBacksEnabled', 'Enable TrackBacks')); $fields->addFieldToTab('Root.Content.Main', new CheckboxField('TrackBacksEnabled', 'Enable TrackBacks'));
$fields->addFieldToTab('Root.Content.Main', new DropdownField('OwnerID', 'Blog owner', DataObject::get('Member')->toDropDownMap('ID', 'Name', 'None'))); $fields->addFieldToTab('Root.Content.Main', new DropdownField('OwnerID', 'Blog owner', DataObject::get('Member')->toDropDownMap('ID', 'Name', 'None')));
$fields->addFieldToTab('Root.Content.Main', new CheckboxField('AllowCustomAuthors', 'Allow non-admins to have a custom author field')); $fields->addFieldToTab('Root.Content.Main', new CheckboxField('AllowCustomAuthors', 'Allow non-admins to have a custom author field'));
return $fields; return $fields;
} }
public function BlogHolderIDs() { public function BlogHolderIDs() {
return array( $this->ID ); return array( $this->ID );
} }
/* /*
* @todo: These next few functions don't really belong in the model. Can we remove them? * @todo: These next few functions don't really belong in the model. Can we remove them?
*/ */
/** /**
* Only display the blog entries that have the specified tag * Only display the blog entries that have the specified tag
*/ */
@ -54,63 +54,64 @@ class BlogHolder extends BlogTree {
return Convert::raw2xml(Director::urlParam('ID')); return Convert::raw2xml(Director::urlParam('ID'));
} }
} }
/** /**
* Check if url has "/post" * Check if url has "/post"
*/ */
function isPost() { function isPost() {
return Director::urlParam('Action') == 'post'; return Director::urlParam('Action') == 'post';
} }
/** /**
* Link for creating a new blog entry * Link for creating a new blog entry
*/ */
function postURL(){ function postURL(){
return $this->Link('post'); return $this->Link('post');
} }
/** /**
* Returns true if the current user is an admin, or is the owner of this blog * Returns true if the current user is an admin, or is the owner of this blog
* *
* @return Boolean * @return Boolean
*/ */
function IsOwner() { function IsOwner() {
return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID); return (Permission::check('BLOGMANAGEMENT') || Permission::check('ADMIN'));
//return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
} }
/** /**
* Create default blog setup * Create default blog setup
*/ */
function requireDefaultRecords() { function requireDefaultRecords() {
parent::requireDefaultRecords(); parent::requireDefaultRecords();
if(!DataObject::get_one('BlogHolder')) { if(!DataObject::get_one('BlogHolder')) {
$blogholder = new BlogHolder(); $blogholder = new BlogHolder();
$blogholder->Title = "Blog"; $blogholder->Title = "Blog";
$blogholder->URLSegment = "blog"; $blogholder->URLSegment = "blog";
$blogholder->Status = "Published"; $blogholder->Status = "Published";
$widgetarea = new WidgetArea(); $widgetarea = new WidgetArea();
$widgetarea->write(); $widgetarea->write();
$blogholder->SideBarID = $widgetarea->ID; $blogholder->SideBarID = $widgetarea->ID;
$blogholder->write(); $blogholder->write();
$blogholder->publish("Stage", "Live"); $blogholder->publish("Stage", "Live");
$managementwidget = new BlogManagementWidget(); $managementwidget = new BlogManagementWidget();
$managementwidget->ParentID = $widgetarea->ID; $managementwidget->ParentID = $widgetarea->ID;
$managementwidget->write(); $managementwidget->write();
$tagcloudwidget = new TagCloudWidget(); $tagcloudwidget = new TagCloudWidget();
$tagcloudwidget->ParentID = $widgetarea->ID; $tagcloudwidget->ParentID = $widgetarea->ID;
$tagcloudwidget->write(); $tagcloudwidget->write();
$archivewidget = new ArchiveWidget(); $archivewidget = new ArchiveWidget();
$archivewidget->ParentID = $widgetarea->ID; $archivewidget->ParentID = $widgetarea->ID;
$archivewidget->write(); $archivewidget->write();
$widgetarea->write(); $widgetarea->write();
$blog = new BlogEntry(); $blog = new BlogEntry();
$blog->Title = _t('BlogHolder.SUCTITLE', "SilverStripe blog module successfully installed"); $blog->Title = _t('BlogHolder.SUCTITLE', "SilverStripe blog module successfully installed");
$blog->URLSegment = 'sample-blog-entry'; $blog->URLSegment = 'sample-blog-entry';
@ -120,7 +121,7 @@ class BlogHolder extends BlogTree {
$blog->ParentID = $blogholder->ID; $blog->ParentID = $blogholder->ID;
$blog->write(); $blog->write();
$blog->publish("Stage", "Live"); $blog->publish("Stage", "Live");
Database::alteration_message("Blog page created","created"); Database::alteration_message("Blog page created","created");
} }
} }
@ -131,30 +132,34 @@ class BlogHolder_Controller extends BlogTree_Controller {
parent::init(); parent::init();
Requirements::themedCSS("bbcodehelp"); Requirements::themedCSS("bbcodehelp");
} }
/** /**
* Return list of usable tags for help * Return list of usable tags for help
*/ */
function BBTags() { function BBTags() {
return BBCodeParser::usable_tags(); return BBCodeParser::usable_tags();
} }
function providePermissions() {
return array("BLOGMANAGEMENT" => "Blog management");
}
/** /**
* Post a new blog entry * Post a new blog entry
*/ */
function post(){ function post(){
if(!$this->IsOwner()){ if(!$this->IsOwner()){
Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'Posting blogs is an administrator task. Please log in.')); Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'You do not have sufficient permissions to post blog entries. Please log in.'));
} }
$page = $this->customise(array( $page = $this->customise(array(
'Content' => false, 'Content' => false,
'Form' => $this->BlogEntryForm() 'Form' => $this->BlogEntryForm()
)); ));
return $page->renderWith('Page'); return $page->renderWith('Page');
} }
/** /**
* A simple form for creating blog entries * A simple form for creating blog entries
*/ */
@ -164,25 +169,25 @@ class BlogHolder_Controller extends BlogTree_Controller {
Requirements::javascript('jsparty/scriptaculous/effects.js'); Requirements::javascript('jsparty/scriptaculous/effects.js');
Requirements::javascript('cms/javascript/PageCommentInterface.js'); Requirements::javascript('cms/javascript/PageCommentInterface.js');
Requirements::javascript('blog/javascript/bbcodehelp.js'); Requirements::javascript('blog/javascript/bbcodehelp.js');
$id = 0; $id = 0;
if(Director::urlParam('ID')) { if(Director::urlParam('ID')) {
$id = (int) Director::urlParam('ID'); $id = (int) Director::urlParam('ID');
} }
$codeparser = new BBCodeParser(); $codeparser = new BBCodeParser();
$membername = Member::currentMember() ? Member::currentMember()->getName() : ""; $membername = Member::currentMember() ? Member::currentMember()->getName() : "";
if(BlogEntry::$allow_wysiwyg_editing) { if(BlogEntry::$allow_wysiwyg_editing) {
$contentfield = new HtmlEditorField("BlogPost", _t("BlogEntry.CN")); $contentfield = new HtmlEditorField("BlogPost", _t("BlogEntry.CN"));
} else { } else {
$contentfield = new CompositeField( $contentfield = new CompositeField(
new LiteralField("BBCodeHelper","<a id=\"BBCodeHint\" target='new'>"._t("BlogEntry.BBH")."</a><div class='clear'><!-- --></div>" ), new LiteralField("BBCodeHelper","<a id=\"BBCodeHint\" target='new'>"._t("BlogEntry.BBH")."</a><div class='clear'><!-- --></div>" ),
new TextareaField("BlogPost", _t("BlogEntry.CN"),20), // This is called BlogPost as the id #Content is generally used already new TextareaField("BlogPost", _t("BlogEntry.CN"),20), // This is called BlogPost as the id #Content is generally used already
new LiteralField("BBCodeTags","<div id=\"BBTagsHolder\">".$codeparser->useable_tagsHTML()."</div>") new LiteralField("BBCodeTags","<div id=\"BBTagsHolder\">".$codeparser->useable_tagsHTML()."</div>")
); );
} }
if(class_exists('TagField')) { if(class_exists('TagField')) {
$tagfield = new TagField('Tags', null, null, 'BlogEntry'); $tagfield = new TagField('Tags', null, null, 'BlogEntry');
$tagfield->setSeparator(', '); $tagfield->setSeparator(', ');
@ -201,14 +206,14 @@ class BlogHolder_Controller extends BlogTree_Controller {
$tagfield, $tagfield,
new LiteralField("Tagsnote"," <label id='tagsnote'>"._t('BlogHolder.TE', "For example: sport, personal, science fiction")."<br/>" . new LiteralField("Tagsnote"," <label id='tagsnote'>"._t('BlogHolder.TE', "For example: sport, personal, science fiction")."<br/>" .
_t('BlogHolder.SPUC', "Please separate tags using commas.")."</label>") _t('BlogHolder.SPUC', "Please separate tags using commas.")."</label>")
); );
$submitAction = new FormAction('postblog', _t('BlogHolder.POST', 'Post blog entry')); $submitAction = new FormAction('postblog', _t('BlogHolder.POST', 'Post blog entry'));
$actions = new FieldSet($submitAction); $actions = new FieldSet($submitAction);
$validator = new RequiredFields('Title','Content'); $validator = new RequiredFields('Title','Content');
$form = new Form($this, 'BlogEntryForm',$fields, $actions,$validator); $form = new Form($this, 'BlogEntryForm',$fields, $actions,$validator);
if($id != 0) { if($id != 0) {
$entry = DataObject::get_by_id('BlogEntry', $id); $entry = DataObject::get_by_id('BlogEntry', $id);
if($entry->IsOwner()) { if($entry->IsOwner()) {
@ -218,33 +223,33 @@ class BlogHolder_Controller extends BlogTree_Controller {
} else { } else {
$form->loadDataFrom(array("Author" => Cookie::get("BlogHolder_Name"))); $form->loadDataFrom(array("Author" => Cookie::get("BlogHolder_Name")));
} }
return $form; return $form;
} }
function postblog($data, $form) { function postblog($data, $form) {
Cookie::set("BlogHolder_Name", $data['Author']); Cookie::set("BlogHolder_Name", $data['Author']);
$blogentry = false; $blogentry = false;
if($data['ID']) { if($data['ID']) {
$blogentry = DataObject::get_by_id("BlogEntry", $data['ID']); $blogentry = DataObject::get_by_id("BlogEntry", $data['ID']);
if(!$blogentry->IsOwner()) { if(!$blogentry->IsOwner()) {
unset($blogentry); unset($blogentry);
} }
} }
if(!$blogentry) { if(!$blogentry) {
$blogentry = new BlogEntry(); $blogentry = new BlogEntry();
} }
$form->saveInto($blogentry); $form->saveInto($blogentry);
$blogentry->ParentID = $this->ID; $blogentry->ParentID = $this->ID;
$blogentry->Content = $form->datafieldByName('BlogPost')->dataValue(); $blogentry->Content = $form->datafieldByName('BlogPost')->dataValue();
$blogentry->Status = "Published"; $blogentry->Status = "Published";
$blogentry->writeToStage("Stage"); $blogentry->writeToStage("Stage");
$blogentry->publish("Stage", "Live"); $blogentry->publish("Stage", "Live");
Director::redirect($this->Link()); Director::redirect($this->Link());
} }
} }

6
code/BlogManagementWidget.php
View File

@ -33,7 +33,7 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
} }
function CommentLink() { function CommentLink() {
if(!Permission::check('ADMIN')) { if(!Permission::check('BLOGMANAGEMENT')) {
return false; return false;
} }
$unmoderatedcount = DB::query("SELECT COUNT(*) FROM PageComment WHERE NeedsModeration=1")->value(); $unmoderatedcount = DB::query("SELECT COUNT(*) FROM PageComment WHERE NeedsModeration=1")->value();
@ -46,11 +46,11 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
} }
function providePermissions() { function providePermissions() {
return array("BLOGMANAGEMENTWIDGET_VIEW" => "View blog management widget"); return array("BLOGMANAGEMENT" => "Blog management");
} }
function WidgetHolder() { function WidgetHolder() {
if(Permission::check("BLOGMANAGEMENTWIDGET_VIEW")) { if(Permission::check("BLOGMANAGEMENT")) {
return $this->renderWith("WidgetHolder"); return $this->renderWith("WidgetHolder");
} }
} }