In the CS, do not show a profile link unless the user is not a visitor. Fixes bug #11084

If the post is owned by Visitor, do not show the link because no one is allowed to see Visitor's profile. If the current user is Visitor, do not show the link because Visitor is not allowed to view anyone's profile.
2009-10-02 12:45:03 -07:00 · 2009-10-02 12:45:03 -07:00 · 247166baf2
commit 247166baf2
parent 3fb3644389
9 changed files with 194 additions and 50 deletions
--- a/lib/WebGUI/Asset/Post.pm
+++ b/lib/WebGUI/Asset/Post.pm
@ -710,30 +710,31 @@ Returns a hash reference of template variables for this Post.
 =cut

 sub getTemplateVars {
-	my $self    = shift;
+    my $self    = shift;
    my $session = $self->session;
-	my %var     = %{$self->get};
+    my %var     = %{$self->get};
    my $postUser   = WebGUI::User->new($session, $self->get("ownerUserId"));
-	$var{"userId"} = $self->get("ownerUserId");
-	$var{"user.isPoster"} = $self->isPoster;
-	$var{"avatar.url"}    = $self->getAvatarUrl;
-	$var{"userProfile.url"} = $postUser->getProfileUrl($self->getUrl());
-	$var{"dateSubmitted.human"} =$self->session->datetime->epochToHuman($self->get("creationDate"));
-	$var{"dateUpdated.human"} =$self->session->datetime->epochToHuman($self->get("revisionDate"));
-	$var{'title.short'} = $self->chopTitle;
-	$var{content} = $self->formatContent if ($self->getThread);
-	$var{'user.canEdit'} = $self->canEdit if ($self->getThread);
-	$var{"delete.url"} = $self->getDeleteUrl;
-	$var{"edit.url"} = $self->getEditUrl;
-	$var{"status"} = $self->getStatus;
-	$var{"reply.url"} = $self->getReplyUrl;
-	$var{'reply.withquote.url'} = $self->getReplyUrl(1);
-	$var{'url'} = $self->getUrl.'#id'.$self->getId;
-        $var{'url.raw'} = $self->getUrl;
-	$var{'rating.value'} = $self->get("rating")+0;
-	$var{'rate.url.thumbsUp'} = $self->getRateUrl(1);
-	$var{'rate.url.thumbsDown'} = $self->getRateUrl(-1);
-	$var{'hasRated'} = $self->hasRated;
+    $var{"userId"}              = $self->get("ownerUserId");
+    $var{"user.isPoster"}       = $self->isPoster;
+    $var{"avatar.url"}          = $self->getAvatarUrl;
+    $var{"userProfile.url"}     = $postUser->getProfileUrl($self->getUrl());
+    $var{"hideProfileUrl" }     = $self->get('ownerUserId') eq '1' || $session->user->isVisitor;
+    $var{"dateSubmitted.human"} = $self->session->datetime->epochToHuman($self->get("creationDate"));
+    $var{"dateUpdated.human"}   = $self->session->datetime->epochToHuman($self->get("revisionDate"));
+    $var{'title.short'}         = $self->chopTitle;
+    $var{content}               = $self->formatContent if ($self->getThread);
+    $var{'user.canEdit'}        = $self->canEdit if ($self->getThread);
+    $var{"delete.url"}          = $self->getDeleteUrl;
+    $var{"edit.url"}            = $self->getEditUrl;
+    $var{"status"}              = $self->getStatus;
+    $var{"reply.url"}           = $self->getReplyUrl;
+    $var{'reply.withquote.url'} = $self->getReplyUrl(1);
+    $var{'url'}                 = $self->getUrl.'#id'.$self->getId;
+    $var{'url.raw'}             = $self->getUrl;
+    $var{'rating.value'}        = $self->get("rating")+0;
+    $var{'rate.url.thumbsUp'}   = $self->getRateUrl(1);
+    $var{'rate.url.thumbsDown'} = $self->getRateUrl(-1);
+    $var{'hasRated'}            = $self->hasRated;
 	my $gotImage;
 	my $gotAttachment;
 	@{$var{'attachment_loop'}} = ();
--- a/lib/WebGUI/Asset/Wobject/Collaboration.pm
+++ b/lib/WebGUI/Asset/Wobject/Collaboration.pm
@ -100,14 +100,16 @@ A reference to a WebGUI::Paginator object.
 =cut

 sub appendPostListTemplateVars {
-	my $self = shift;
-	my $var = shift;
-	my $p = shift;
-	my $page = $p->getPageData;
-	my $i = 0;
-    my ($icon, $datetime) = $self->session->quick(qw(icon datetime));
+	my $self    = shift;
+    my $session = $self->session;
+	my $var     = shift;
+	my $p       = shift;
+	my $page    = $p->getPageData;
+	my $i       = 0;
+    my ($icon, $datetime) = $session->quick(qw(icon datetime));
+    my $isVisitor         = $session->user->isVisitor;
 	foreach my $row (@$page) {
-		my $post = WebGUI::Asset->new($self->session,$row->{assetId}, $row->{className}, $row->{revisionDate});
+		my $post = WebGUI::Asset->new($session,$row->{assetId}, $row->{className}, $row->{revisionDate});
 		$post->{_parent} = $self; # caching parent for efficiency 
 		my $controls = $icon->delete('func=delete',$post->get("url"),"Delete") . $icon->edit('func=edit',$post->get("url"));
 		if ($self->get("sortBy") eq "lineage") {
@ -132,6 +134,7 @@ sub appendPostListTemplateVars {
                    "lastReply.title"               => $lastPost->get("title"),
                    "lastReply.user.isVisitor"      => $lastPost->get("ownerUserId") eq "1",
                    "lastReply.username"            => $lastPost->get("username"),
+                    "lastReply.hideProfileUrl"      => $lastPost->get("ownerUserId") eq "1" || $isVisitor,
                    "lastReply.userProfile.url"     => $lastPost->getPosterProfileUrl(),
                    "lastReply.dateSubmitted.human" => $datetime->epochToHuman($lastPost->get("creationDate"),"%z"),
                    "lastReply.timeSubmitted.human" => $datetime->epochToHuman($lastPost->get("creationDate"),"%Z"),
@ -158,6 +161,7 @@ sub appendPostListTemplateVars {
            "dateUpdated.human"     => $datetime->epochToHuman($post->get("revisionDate"),"%z"),
            "timeSubmitted.human"   => $datetime->epochToHuman($post->get("creationDate"),"%Z"),
            "timeUpdated.human"     => $datetime->epochToHuman($post->get("revisionDate"),"%Z"),
+            "hideProfileUrl"        => $post->get('ownerUserId') eq '1' || $isVisitor,
            "userProfile.url"       => $post->getPosterProfileUrl,
            "user.isVisitor"        => $post->get("ownerUserId") eq "1",
        	"edit.url"              => $post->getEditUrl,
@ -175,7 +179,7 @@ sub appendPostListTemplateVars {
 		if ($row->{className} =~ m/^WebGUI::Asset::Post::Thread/) {
 			$postVars{'rating'} = $post->get('threadRating');
 		}
-                push(@{$var->{post_loop}}, \%postVars );
+        push(@{$var->{post_loop}}, \%postVars );
 		$i++;
 	}
 	$p->appendTemplateVars($var);
@ -1222,10 +1226,10 @@ sub getViewTemplateVars {
 	my %var;
 	$var{'user.canPost'} = $self->canPost;
 	$var{'user.canStartThread'} = $self->canStartThread;
-        $var{"add.url"} = $self->getNewThreadUrl;
-        $var{"rss.url"} = $self->getRssFeedUrl;
-        $var{'user.isModerator'} = $self->canModerate;
-        $var{'user.isVisitor'} = ($self->session->user->isVisitor);
+    $var{"add.url"} = $self->getNewThreadUrl;
+    $var{"rss.url"} = $self->getRssFeedUrl;
+    $var{'user.isModerator'} = $self->canModerate;
+    $var{'user.isVisitor'} = ($self->session->user->isVisitor);
 	$var{'user.isSubscribed'} = $self->isSubscribed;
 	$var{'sortby.title.url'} = $self->getSortByUrl("title");
 	$var{'sortby.username.url'} = $self->getSortByUrl("username");
--- a/lib/WebGUI/Help/Asset_Collaboration.pm
+++ b/lib/WebGUI/Help/Asset_Collaboration.pm
@ -103,7 +103,9 @@ our $HELP = {
                    { 'name' => 'timeSubmitted.human' },
                    { 'name' => 'timeUpdated.human' },
                    { 'name' => 'userProfile.url' },
-                    { 'name' => 'user.isVisitor' },
+                    { 'name' => 'hideProfileUrl' },
+                    { 'name' => 'user.isVisitor',
+                      'description' => 'post_loop_user.isVisitor' },
                    { 'name' => 'edit.url' },
                    { 'name' => 'controls' },
                    { 'name' => 'isSecond' },
@ -116,6 +118,7 @@ our $HELP = {
                    { 'name' => 'lastReply.url' },
                    { 'name' => 'lastReply.title' },
                    { 'name' => 'lastReply.user.isVisitor' },
+                    { 'name' => 'lastReply.hideProfileUrl' },
                    { 'name' => 'lastReply.username' },
                    { 'name' => 'lastReply.userProfile.url' },
                    { 'name' => 'lastReply.dateSubmitted.human' },
--- a/lib/WebGUI/i18n/English/Asset_Collaboration.pm
+++ b/lib/WebGUI/i18n/English/Asset_Collaboration.pm
@ -1293,11 +1293,21 @@ the preview is displayed, the Post can either be edited or canceled.|,
 		lastUpdated => 1149655722,
 	},

-	'user.isVisitor' => {
+	'post_loop_user.isVisitor' => {
 		message => q|A conditional that is true if the poster is a visitor.|,
 		lastUpdated => 1149655722,
 	},

+	'user.isVisitor' => {
+		message => q|A conditional that is true if the current user is a visitor.|,
+		lastUpdated => 1149655722,
+	},
+
+	'hideProfileUrl' => {
+		message => q|A conditional that is true if the poster is a visitor, or the current user is a visitor.  In the first case, Visitor's profile is not visible to any user.  In the second case, Visitor is not allowed to view any user's profile|,
+		lastUpdated => 1254506340,
+	},
+
 	'edit.url' => {
 		message => q|The URL to edit this Post.|,
 		lastUpdated => 1149655722,
@ -1359,6 +1369,11 @@ user has an avatar.|,
 		lastUpdated => 1149655722,
 	},

+	'lastReply.hideProfileUrl' => {
+		message => q|A conditional that is true if the poster of the last reply is a visitor, or the current user is a visitor.  In the first case, Visitor's profile is not visible to any user.  In the second case, Visitor is not allowed to view any user's profile|,
+		lastUpdated => 1254506340,
+	},
+
 	'lastReply.username' => {
 		message => q|The name of user who submitted the last reply.|,
 		lastUpdated => 1149655722,
--- a/lib/WebGUI/i18n/English/Asset_Template.pm
+++ b/lib/WebGUI/i18n/English/Asset_Template.pm
@ -33,9 +33,9 @@ our $I18N = {
 	},

 	'template error' => {
-		message => q|There is a syntax error in this template, %s, %s. Please correct.|,
+		message => q|There is a syntax error in this template, %s, %s, %s. Please correct.|,
 		context => q|Error when executing template|,
-		lastUpdated => 1244476530,
+		lastUpdated => 1254512327,
 	},

        'namespace description' => {