oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Fixed permission issues with Gallery comments

Browse source 
Gallery now checks to see if it's committed before allowing Albums to be added
Slideshow and thumbnails work better
Much, much more
This commit is contained in:
Doug Bell 2008-03-27 00:24:00 +00:00
parent ae6c1ac6df
commit 3ea9420479
14 changed files with 332 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

93
lib/WebGUI/Asset/File/GalleryFile.pm
View file

@ -18,6 +18,8 @@ use strict;
use base 'WebGUI::Asset::File';
use Carp qw( croak confess );
use URI::Escape;
use WebGUI::HTML;
@ -390,6 +392,9 @@ sub getTemplateVars {
# Add the search form
$self->getGallery->appendTemplateVarsSearchForm( $var );
# Add a text-only synopsis
$var->{ synopsis_textonly } = WebGUI::HTML::filter( $self->get('synopsis'), "all" );
$var->{ canComment } = $self->canComment;
$var->{ canEdit } = $self->canEdit;
$var->{ numberOfComments } = scalar @{ $self->getCommentIds };
@ -400,6 +405,9 @@ sub getTemplateVars {
$var->{ url_demote } = $self->getUrl('func=demote');
$var->{ url_edit } = $self->getUrl('func=edit');
$var->{ url_gallery } = $self->getGallery->getUrl;
$var->{ url_album } = $self->getParent->getUrl;
$var->{ url_thumbnails } = $self->getParent->getUrl('func=thumbnails');
$var->{ url_slideshow } = $self->getParent->getUrl('func=slideshow');
$var->{ url_makeShortcut } = $self->getUrl('func=makeShortcut');
$var->{ url_listFilesForOwner }
= $self->getGallery->getUrl('func=listFilesForUser;userId=' . $self->get("ownerUserId"));
@ -559,6 +567,8 @@ sub processPropertiesFromFormPost {
### Passes all checks
$self->requestAutoCommit;
return;
}
#----------------------------------------------------------------------------
@ -756,25 +766,6 @@ sub www_deleteConfirm {
#----------------------------------------------------------------------------
=head2 www_demote
Override the default demote page to send the user back to the GalleryAlbum
edit screen.
=cut
sub www_demote {
my $self = shift;
return $self->session->privilege->insufficient unless $self->canEdit;
$self->demote;
return $self->session->asset( $self->getParent )->www_edit;
}
#----------------------------------------------------------------------------
=head2 www_editComment ( params )
Form to edit a comment. C<params> is a hash reference of parameters
@ -788,8 +779,27 @@ sub www_editComment {
my $self = shift;
my $params = shift;
my $session = $self->session;
# Get the comment, if needed
my $commentId = $session->form->get( "commentId" );
my $comment = $commentId ne "new"
? $self->getComment( $commentId )
: {}
;
return $session->privilege->insufficient unless $self->canEdit;
# Check permissions
# Adding a new comment
if ( $commentId eq "new" ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing your own comment
elsif ( $comment->{ userId } ne "1" && $comment->{ userId } eq $self->session->user->userId ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing someone else's comment
else {
return $session->privilege->insufficient unless $self->canEdit;
}
my $var = $self->getTemplateVars;
@ -797,11 +807,6 @@ sub www_editComment {
$var->{ errors } = [ map { { "error" => $_ } } @{ $params->{errors} } ];
}
my $commentId = $session->form->get( "commentId" );
my $comment = $commentId ne "new"
? $self->getComment( $commentId )
: {}
;
$self->appendTemplateVarsCommentForm( $var, $comment );
$var->{ isNew } = $commentId eq "new";
@ -822,19 +827,30 @@ Save a comment being edited
sub www_editCommentSave {
my $self = shift;
my $session = $self->session;
return $session->privilege->insufficient unless $self->canEdit;
my $i18n = __PACKAGE__->i18n( $session );
# Process the form first, so we can know how to check permissions
my $comment = eval { $self->processCommentEditForm };
if ( $@ ) {
return $self->www_editComment( { errors => [ $@ ] } );
}
# Check permissions
# Adding a new comment
if ( $comment->{ commentId } eq "new" ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing your own comment
elsif ( $comment->{ userId } ne "1" && $comment->{ userId } eq $self->session->user->userId ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing someone else's comment
else {
return $session->privilege->insufficient unless $self->canEdit;
}
# setComment changes commentId, so keep track if we're adding a new comment
my $isNew = $comment->{commentId} eq "new";
$self->setComment( $comment );
# Return different message for adding and editing
@ -920,25 +936,6 @@ sub www_makeShortcutSave {
#----------------------------------------------------------------------------
=head2 www_promote
Override the default promote page to send the user back to the GalleryAlbum
edit screen.
=cut
sub www_promote {
my $self = shift;
return $self->session->privilege->insufficient unless $self->canEdit;
$self->promote;
return $self->session->asset( $self->getParent )->www_edit;
}
#----------------------------------------------------------------------------
=head2 www_view ( )
Shows the output of L<view> inside of the style provided by the gallery this

49
lib/WebGUI/Asset/File/GalleryFile/Photo.pm
View file

@ -316,6 +316,46 @@ sub makeResolutions {
#----------------------------------------------------------------------------
=head2 processPropertiesFromFormPost ( )
Process the asset edit form.
Make the default title into the file name minus the extention.
=cut
sub processPropertiesFromFormPost {
my $self = shift;
my $form = $self->session->form;
my $errors = $self->SUPER::processPropertiesFromFormPost || [];
# Return if errors
return $errors if @$errors;
### Passes all checks
# If no title was given, make it the file name
if ( !$form->get('title') ) {
my $title = $self->get('filename');
$title =~ s/\.[^.]*$//;
$title =~ tr/-/ /; # De-mangle the spaces at the expense of the dashes
$self->update( {
title => $title,
menuTitle => $title,
} );
# If this is a new Photo, change some other things too
if ( $form->get('assetId') eq "new" ) {
$self->update( {
url => $self->session->url->urlize( join "/", $self->getParent->get('url'), $title ),
} );
}
}
return undef;
}
#----------------------------------------------------------------------------
=head2 setFile ( filename )
Extend the superclass setFile to automatically generate thumbnails.
@ -351,6 +391,11 @@ sub updateExifDataFromFile {
}
}
# Remove other, pointless keys
for my $key ( qw( directory ) ) {
delete $info->{ $key };
}
$self->update({
exifData => to_json( $info ),
});
@ -410,7 +455,7 @@ sub www_edit {
url_addArchive => $self->getParent->getUrl('func=addArchive'),
};
if ( $form->get('assetId') eq "new" ) {
if ( $form->get('func') eq "add" ) {
$var->{ isNewPhoto } = 1;
}
@ -461,7 +506,7 @@ sub www_edit {
= WebGUI::Form::HTMLArea( $session, {
name => "synopsis",
value => ( $form->get("synopsis") || $self->get("synopsis") ),
richEditId => $self->getGallery->get("assetIdRichEditFile"),
richEditId => $self->getGallery->get("richEditIdFile"),
});
$var->{ form_photo } = $self->getEditFormUploadControl;

7
lib/WebGUI/Asset/Wobject/Calendar.pm
View file

@ -1088,12 +1088,7 @@ sub view {
$var->{"urlMonth"} = $self->getUrl("type=month;start=".$params->{start});
$var->{"urlSearch"} = $self->getSearchUrl;
$var->{"urlPrint"} = $self->getUrl("type=".$params->{type}.";start=".$params->{start}.";print=1");
$var->{"urlIcal"} = $self->getUrl(
sprintf "func=ical;type=%s;start=%s",
$params->{type},
$params->{start},
);
$var->{"urlIcal"} = $self->getUrl("func=ical");
$var->{"extrasUrl"} = $self->session->url->extras();
$var->{ paramStart } = $params->{ start };

29
lib/WebGUI/Asset/Wobject/Gallery.pm
View file

@ -867,6 +867,35 @@ sub view_listAlbums {
#----------------------------------------------------------------------------
=head2 www_add ( )
Add a GalleryAlbum to this Gallery. Overridden here to show an error message
if the Gallery is not committed.
If a GalleryAlbum is added to an uncommitted Gallery, and the GalleryAlbum
is committed before the Gallery, problems start happening.
TODO: This could be handled better by the requestAutoCommit subroutine
instead of having to block things from being added.
=cut
sub www_add {
my $self = shift;
if ( $self->getRevisionCount <= 1 && $self->get('status') eq "pending" ) {
my $i18n = WebGUI::International->new($self->session, 'Asset_Gallery');
return $self->processStyle(
$i18n->get("error add uncommitted")
);
}
else {
return $self->SUPER::www_add( @_ );
}
}
#----------------------------------------------------------------------------
=head2 www_listAlbums ( )
Show a paginated list of the albums in this gallery.

141
lib/WebGUI/Asset/Wobject/GalleryAlbum.pm
View file

@ -497,6 +497,49 @@ sub prepareView {
#----------------------------------------------------------------------------
=head2 processFileSynopsis ( )
Process the synopsis for the files on the GalleryAlbum C<www_edit> page.
=cut
sub processFileSynopsis {
my $self = shift;
my $session = $self->session;
my $form = $self->session->form;
# Do the version tag shuffle
my $oldVersionTag = WebGUI::VersionTag->getWorking( $session, "nocreate" );
my $newVersionTag
= WebGUI::VersionTag->create( $session, {
workflowId => $self->getParent->get("workflowIdCommit"),
} );
$newVersionTag->setWorking;
for my $key ( grep { /^fileSynopsis_/ } $form->param ) {
( my $assetId ) = $key =~ /^fileSynopsis_(.+)$/;
my $synopsis = $form->get( $key );
my $asset = WebGUI::Asset->newByDynamicClass( $session, $assetId );
if ( $asset->get("synopsis") ne $synopsis ) {
my $properties = $asset->get;
$properties->{ synopsis } = $synopsis;
$asset->addRevision( $properties, undef, { skipAutoCommitWorkflows => 1 } );
}
}
# That's what it's all about
$newVersionTag->commit;
if ( $oldVersionTag ) {
WebGUI::VersionTag->setWorking( $oldVersionTag );
}
return;
}
#----------------------------------------------------------------------------
=head2 processStyle ( )
Gets the parent Gallery's style template
@ -568,7 +611,7 @@ sub view_slideshow {
my $var = $self->getTemplateVars;
$self->appendTemplateVarsFileLoop( $var, $self->getFileIds );
return $self->processTemplate($var, $self->getParent->get("templateIdViewSlideshow"));
}
@ -765,6 +808,10 @@ sub www_deleteConfirm {
Show the form to add / edit a GalleryAlbum asset.
Due to the advanced requirements of this form, we will ALWAYS post back to
this page. This page will decide whether or not to make C<www_editSave>
handle things.
=cut
sub www_edit {
@ -774,8 +821,44 @@ sub www_edit {
my $var = $self->getTemplateVars;
my $i18n = __PACKAGE__->i18n($session);
return $session->privilege->insufficient unless $self->canEdit;
# Handle the button that was pressed
# Save button
if ( $form->get("save") ) {
$self->processFileSynopsis;
return $self->www_editSave;
}
# Cancel button
elsif ( $form->get("cancel") ) {
return $self->www_view;
}
# Promote the file
elsif ( $form->get("promote") ) {
my $assetId = $form->get("promote");
my $asset = WebGUI::Asset->newByDynamicClass( $session, $assetId );
if ( $asset ) {
$asset->promote;
}
else {
$session->errorHandler->error("Couldn't promote asset '$assetId' because we couldn't instantiate it.");
}
}
# Demote the file
elsif ( $form->get("demote") ) {
my $assetId = $form->get("demote");
my $asset = WebGUI::Asset->newByDynamicClass( $session, $assetId );
if ( $asset ) {
$asset->demote;
}
else {
$session->errorHandler->error("Couldn't demote asset '$assetId' because we couldn't instantiate it.");
}
}
# Generate the form
if ($form->get("func") eq "add") {
# Add page is exempt from our button handling code since it calls the Gallery www_editSave
$var->{ isNewAlbum } = 1;
$var->{ form_start }
= WebGUI::Form::formHeader( $session, {
@ -785,16 +868,31 @@ sub www_edit {
name => "ownerUserId",
value => $session->user->userId,
});
# Put in the buttons that may ignore button handling code
$var->{ form_cancel }
= WebGUI::Form::button( $session, {
name => "cancel",
value => $i18n->get("cancel"),
extras => 'onclick="history.go(-1)"',
});
}
else {
$var->{ form_start }
= WebGUI::Form::formHeader( $session, {
action => $self->getUrl('func=editSave'),
action => $self->getUrl('func=edit'),
})
. WebGUI::Form::hidden( $session, {
name => "ownerUserId",
value => $self->get("ownerUserId"),
});
# Put in the buttons that may ignore button handling code
$var->{ form_cancel }
= WebGUI::Form::submit( $session, {
name => "cancel",
value => $i18n->get("cancel"),
});
}
$var->{ form_start }
.= WebGUI::Form::hidden( $session, {
@ -805,13 +903,6 @@ sub www_edit {
$var->{ form_end }
= WebGUI::Form::formFooter( $session );
$var->{ form_cancel }
= WebGUI::Form::button( $session, {
name => "cancel",
value => $i18n->get("cancel"),
extras => 'onclick="history.go(-1)"',
});
$var->{ form_submit }
= WebGUI::Form::submit( $session, {
name => "save",
@ -828,15 +919,39 @@ sub www_edit {
= WebGUI::Form::HTMLArea( $session, {
name => "description",
value => $form->get("description") || $self->get("description"),
richEditId => $self->getParent->get("richEditIdAlbum"),
});
# Generate the file loop
my $thumbnailUrl = $self->getThumbnailUrl;
my $assetIdThumbnail = $form->get("assetIdThumbnail") || $self->get("assetIdThumbnail");
$self->appendTemplateVarsFileLoop( $var, $self->getFileIds );
for my $file ( @{ $var->{file_loop} } ) {
if ( $thumbnailUrl eq $file->{thumbnailUrl} ) {
$file->{ isAlbumThumbnail } = 1;
}
$file->{ form_assetIdThumbnail }
= WebGUI::Form::radio( $session, {
name => "assetIdThumbnail",
value => $file->{ assetId },
checked => ( $assetIdThumbnail eq $file->{ assetId } ),
id => "assetIdThumbnail_$file->{ assetId }",
} );
# Raw HTML here to provide proper value for the image
$file->{ form_promote }
= qq{<button type="submit" name="promote" value="$file->{assetId}">}
. $session->icon->moveUp( undef, undef, "disabled" )
. qq{</button>}
;
$file->{ form_demote }
= qq{<button type="submit" name="demote" value="$file->{assetId}">}
. $session->icon->moveDown( undef, undef, "disabled" )
. qq{</button>}
;
$file->{ form_synopsis }
= WebGUI::Form::text( $session, {
name => "fileSynopsis_$file->{assetId}",
value => $form->get( "fileSynopsis_$file->{assetId}" ) || $file->{ synopsis },
});
}
return $self->processStyle(

16
lib/WebGUI/Help/Asset_Photo.pm
View file

@ -118,6 +118,22 @@ our $HELP = {
},
],
},
{
name => 'synopsis_text',
description => 'helpvar synopsis_text',
},
{
name => 'url_album',
description => 'helpvar url_album',
},
{
name => 'url_thumbnails',
description => 'helpvar url_thumbnails',
},
{
name => 'url_slideshow',
description => 'helpvar url_slideshow',
},
],
},

9
lib/WebGUI/Utility/Gallery.pm
View file

@ -184,6 +184,13 @@ sub addAlbumFromThread {
# Get rid of that file extention
my ($title) = $filename =~ m{(.*)\.[^.]*$};
# Don't repeat the thread
my $synopsis
= $post->get('content') ne $thread->get('content')
? $post->get('content')
: undef
;
my $file = $album->addChild({
className => $className,
@ -191,7 +198,7 @@ sub addAlbumFromThread {
creationDate => $post->get('creationDate'),
menuTitle => $title,
ownerUserId => $post->get('ownerUserId'),
synopsis => $post->get('content'),
synopsis => $synopsis,
title => $title,
url => $session->url->urlize( $album->get('url') . "/" . $title ),
userDefined1 => $post->get('userDefined1'),

6
lib/WebGUI/i18n/English/Asset_Gallery.pm
View file

@ -687,6 +687,12 @@ our $I18N = {
lastUpdated => 0,
context => q{Label for the link to add an Album},
},
'error add uncommitted' => {
message => q{<h1>Error!</h1><p>You must commit this Gallery before adding albums</p>},
lastUpdated => 0,
context => q{Error message when trying to add albums to uncommitted Gallery assets},
},
};
1;

24
lib/WebGUI/i18n/English/Asset_Photo.pm
View file

@ -565,6 +565,30 @@ our $I18N = {
context => q{Label for the albums the photo will be removed from.},
},
'helpvar synopsis_text' => {
message => q{The "synopsis" field with all HTML removed},
lastUpdated => 0,
context => q{Description of template variable},
},
'helpvar url_album' => {
message => q{The URL of the Album containing this file},
lastUpdated => 0,
context => q{Description of template variable},
},
'helpvar url_thumbnails' => {
message => q{The URL to the Thumbnails view of the Album containing this file},
lastUpdated => 0,
context => q{Description of template variable},
},
'helpvar url_slideshow' => {
message => q{The URL to the Slideshow view of the Album containing this file},
lastUpdated => 0,
context => q{Description of template variable},
},
};
1;