Prevent Wiki Pages from being pasted to anywhere but a Wiki Master.
Add provisions for other assets to behave similarly.
This commit is contained in:
Colin Kuskie
parent
826089f075
commit
101e95fd63
3 changed files with 54 additions and 18 deletions
|
|
@ -5,6 +5,7 @@
|
||||||
- fixed #9592: DataForm deleteAttachedFiles method can crash
|
- fixed #9592: DataForm deleteAttachedFiles method can crash
|
||||||
- fixed #9580: Gallery: albums shown in navigation
|
- fixed #9580: Gallery: albums shown in navigation
|
||||||
- fixed #9578: Use of "quotes" in badge name causes error
|
- fixed #9578: Use of "quotes" in badge name causes error
|
||||||
|
- fixed #9603: moving wiki page
|
||||||
|
|
||||||
7.6.10
|
7.6.10
|
||||||
- fixed #9577: WebGUI::Form::Url::getValue returns blank rather than undef for blank fields
|
- fixed #9577: WebGUI::Form::Url::getValue returns blank rather than undef for blank fields
|
||||||
|
|
|
||||||
|
|
@ -59,10 +59,30 @@ sub canAdd {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub canEdit {
|
sub canEdit {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $form = $self->session->form;
|
my $wiki = $self->getWiki;
|
||||||
return (($form->process("func") eq "add" || ($form->process("assetId") eq "new" && $form->process("func") eq "editSave" && $form->process("class","className") eq "WebGUI::Asset::WikiPage")) && $self->getWiki->canEditPages) # account for new pages
|
return undef unless defined $wiki;
|
||||||
|| (!$self->isProtected && $self->getWiki->canEditPages) # account for normal editing
|
|
||||||
|| $self->getWiki->canAdminister; # account for admins
|
my $form = $self->session->form;
|
||||||
|
my $addNew = $form->process("func" ) eq "add";
|
||||||
|
my $editSave = $form->process("assetId" ) eq "new"
|
||||||
|
&& $form->process("func" ) eq "editSave"
|
||||||
|
&& $form->process("class","className" ) eq "WebGUI::Asset::WikiPage";
|
||||||
|
return $wiki->canAdminister
|
||||||
|
|| ( $wiki->canEditPages && ( $addNew || $editSave || !$self->isProtected) );
|
||||||
|
}
|
||||||
|
|
||||||
|
#-------------------------------------------------------------------
|
||||||
|
|
||||||
|
=head2 canPaste
|
||||||
|
|
||||||
|
Since so much of the Wiki Page depends on the Wiki Master, do not allow it
|
||||||
|
to be pasted to anywhere but a WikiMaster.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub canPaste {
|
||||||
|
my $self = shift;
|
||||||
|
return $self->session->asset->isa('WebGUI::Asset::Wobject::WikiMaster');
|
||||||
}
|
}
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,19 @@ These methods are available from this class:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#-------------------------------------------------------------------
|
||||||
|
|
||||||
|
=head2 canPaste ( )
|
||||||
|
|
||||||
|
Allows assets to have a say if they can be pasted. For example, it makes no sense to
|
||||||
|
paste a wiki page anywhere else but a wiki master.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub canPaste {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
|
|
||||||
=head2 cut ( )
|
=head2 cut ( )
|
||||||
|
|
@ -47,12 +60,13 @@ Removes asset from lineage, places it in clipboard state. The "gap" in the linea
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub cut {
|
sub cut {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return undef if ($self->getId eq $self->session->setting->get("defaultPage") || $self->getId eq $self->session->setting->get("notFoundPage"));
|
my $session = $self->session;
|
||||||
$self->session->db->beginTransaction;
|
return undef if ($self->getId eq $session->setting->get("defaultPage") || $self->getId eq $session->setting->get("notFoundPage"));
|
||||||
$self->session->db->write("update asset set state='clipboard-limbo' where lineage like ? and state='published'",[$self->get("lineage").'%']);
|
$session->db->beginTransaction;
|
||||||
$self->session->db->write("update asset set state='clipboard', stateChangedBy=?, stateChanged=? where assetId=?", [$self->session->user->userId, $self->session->datetime->time(), $self->getId]);
|
$session->db->write("update asset set state='clipboard-limbo' where lineage like ? and state='published'",[$self->get("lineage").'%']);
|
||||||
$self->session->db->commit;
|
$session->db->write("update asset set state='clipboard', stateChangedBy=?, stateChanged=? where assetId=?", [$session->user->userId, $session->datetime->time(), $self->getId]);
|
||||||
|
$session->db->commit;
|
||||||
$self->updateHistory("cut");
|
$self->updateHistory("cut");
|
||||||
$self->{_properties}{state} = "clipboard";
|
$self->{_properties}{state} = "clipboard";
|
||||||
$self->purgeCache;
|
$self->purgeCache;
|
||||||
|
|
@ -172,6 +186,7 @@ sub paste {
|
||||||
my $assetId = shift;
|
my $assetId = shift;
|
||||||
my $pastedAsset = WebGUI::Asset->newByDynamicClass($self->session,$assetId);
|
my $pastedAsset = WebGUI::Asset->newByDynamicClass($self->session,$assetId);
|
||||||
return 0 unless ($self->get("state") eq "published");
|
return 0 unless ($self->get("state") eq "published");
|
||||||
|
return 0 unless ($pastedAsset->canPaste()); ##Allow pasted assets to have a say about pasting.
|
||||||
|
|
||||||
# Don't allow a shortcut to create an endless loop
|
# Don't allow a shortcut to create an endless loop
|
||||||
return 0 if ($pastedAsset->get("className") eq "WebGUI::Asset::Shortcut" && $pastedAsset->get("shortcutToAssetId") eq $self->getId);
|
return 0 if ($pastedAsset->get("className") eq "WebGUI::Asset::Shortcut" && $pastedAsset->get("shortcutToAssetId") eq $self->getId);
|
||||||
|
|
@ -468,11 +483,12 @@ Returns "". Pastes an asset. If canEdit is False, returns an insufficient privil
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub www_paste {
|
sub www_paste {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return $self->session->privilege->insufficient() unless $self->canEdit;
|
my $session = $self->session;
|
||||||
my $pasteAssetId = $self->session->form->process('assetId');
|
return $session->privilege->insufficient() unless $self->canEdit;
|
||||||
my $pasteAsset = WebGUI::Asset->newPending($self->session, $pasteAssetId);
|
my $pasteAssetId = $session->form->process('assetId');
|
||||||
return $self->session->privilege->insufficient() unless $pasteAsset->canEdit;
|
my $pasteAsset = WebGUI::Asset->newPending($session, $pasteAssetId);
|
||||||
|
return $session->privilege->insufficient() unless $pasteAsset->canEdit;
|
||||||
$self->paste($pasteAssetId);
|
$self->paste($pasteAssetId);
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
@ -488,10 +504,9 @@ Returns a www_manageAssets() method. Pastes a selection of assets. If canEdit is
|
||||||
sub www_pasteList {
|
sub www_pasteList {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return $self->session->privilege->insufficient() unless $self->canEdit;
|
return $self->session->privilege->insufficient() unless $self->canEdit;
|
||||||
foreach my $clipId ($self->session->form->param("assetId")) {
|
ASSET: foreach my $clipId ($self->session->form->param("assetId")) {
|
||||||
my $pasteAsset = WebGUI::Asset->newPending($self->session, $clipId);
|
my $pasteAsset = WebGUI::Asset->newPending($self->session, $clipId);
|
||||||
next
|
next ASSET unless $pasteAsset->canEdit;
|
||||||
unless $pasteAsset->canEdit;
|
|
||||||
$self->paste($clipId);
|
$self->paste($clipId);
|
||||||
}
|
}
|
||||||
return $self->www_manageAssets();
|
return $self->www_manageAssets();
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue