BUGFIX: fixed permissions to allow non-admin user to post and manage blog entries

2009-05-27 01:26:34 +00:00 · 2009-05-27 01:26:34 +00:00 · 038cad9b63
parent 5755d3e679
commit 038cad9b63
2 changed files with 55 additions and 50 deletions
--- a/code/BlogHolder.php
+++ b/code/BlogHolder.php
@ -11,7 +11,7 @@
 * BlogHolders can only hold BlogEntries, BlogTrees can only hold BlogTrees and BlogHolders
 * BlogHolders have a form on them for easy posting, and an owner that can post to them, BlogTrees don't
 */
-class BlogHolder extends BlogTree {
+class BlogHolder extends BlogTree implements PermissionProvider {

 	static $icon = "blog/images/blogholder";

@ -75,7 +75,8 @@ class BlogHolder extends BlogTree {
 	 * @return Boolean
 	 */
 	function IsOwner() {
-		return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
+		return (Permission::check('BLOGMANAGEMENT') || Permission::check('ADMIN'));
+		//return Permission::check('ADMIN') || (Member::currentUserID() == $this->OwnerID);
 	}

 	/**
@ -139,12 +140,16 @@ class BlogHolder_Controller extends BlogTree_Controller {
 		return BBCodeParser::usable_tags();
 	}

+	function providePermissions() {
+		return array("BLOGMANAGEMENT" => "Blog management");
+	}
+
 	/**
 	 * Post a new blog entry
 	 */
 	function post(){
 		if(!$this->IsOwner()){
-			Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'Posting blogs is an administrator task. Please log in.'));
+			Security::permissionFailure($this, _t('BlogHolder.HAVENTPERM', 'You do not have sufficient permissions to post blog entries. Please log in.'));
 		}

 		$page = $this->customise(array(
--- a/code/BlogManagementWidget.php
+++ b/code/BlogManagementWidget.php
@ -33,7 +33,7 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
 	}

 	function CommentLink() {
-		if(!Permission::check('ADMIN')) {
+		if(!Permission::check('BLOGMANAGEMENT')) {
 			return false;
 		}
 		$unmoderatedcount = DB::query("SELECT COUNT(*) FROM PageComment WHERE NeedsModeration=1")->value();
@ -46,11 +46,11 @@ class BlogManagementWidget extends Widget implements PermissionProvider {
 	}

 	function providePermissions() {
-		return array("BLOGMANAGEMENTWIDGET_VIEW" => "View blog management widget");
+		return array("BLOGMANAGEMENT" => "Blog management");
 	}

 	function WidgetHolder() {
-		if(Permission::check("BLOGMANAGEMENTWIDGET_VIEW")) {
+		if(Permission::check("BLOGMANAGEMENT")) {
 			return $this->renderWith("WidgetHolder");
 		}
 	}