tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-10-22 09:05:58 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: fixed permissions to allow non-admin user to post and manage blog entries

Browse Source
This commit is contained in:
Julian Seidenberg 2009-05-27 01:26:34 +00:00
parent 5755d3e679
commit 038cad9b63
2 changed files with 55 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
code/BlogHolder.php
View File

@ -11,7 +11,7 @@
* BlogHolders can only hold BlogEntries, BlogTrees can only hold BlogTrees and BlogHolders
* BlogHolders have a form on them for easy posting, and an owner that can post to them, BlogTrees don't
*/
class BlogHolder extends BlogTree {
class BlogHolder extends BlogTree implements PermissionProvider {
static $icon = "blog/images/blogholder";
@ -75,7 +75,8 @@ class BlogHolder extends BlogTree {
* @return Boolean
*/
function IsOwner() {
return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
return (Permission::check('BLOGMANAGEMENT') || Permission::check('ADMIN'));
//return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
}
/**
@ -139,12 +140,16 @@ class BlogHolder_Controller extends BlogTree_Controller {
return BBCodeParser::usable_tags();
}
function providePermissions() {
return array("BLOGMANAGEMENT" => "Blog management");
}
/**
* Post a new blog entry
*/
function post(){
if(!$this->IsOwner()){
Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'Posting blogs is an administrator task. Please log in.'));
Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'You do not have sufficient permissions to post blog entries. Please log in.'));
}
$page = $this->customise(array(

6
code/BlogManagementWidget.php
View File

@ -33,7 +33,7 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
}
function CommentLink() {
if(!Permission::check('ADMIN')) {
if(!Permission::check('BLOGMANAGEMENT')) {
return false;
}
$unmoderatedcount = DB::query("SELECT COUNT(*) FROM PageComment WHERE NeedsModeration=1")->value();
@ -46,11 +46,11 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
}
function providePermissions() {
return array("BLOGMANAGEMENTWIDGET_VIEW" => "View blog management widget");
return array("BLOGMANAGEMENT" => "Blog management");
}
function WidgetHolder() {
if(Permission::check("BLOGMANAGEMENTWIDGET_VIEW")) {
if(Permission::check("BLOGMANAGEMENT")) {
return $this->renderWith("WidgetHolder");
}
}