oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Fixed permission issues with Gallery comments

Browse source 
Gallery now checks to see if it's committed before allowing Albums to be added
Slideshow and thumbnails work better
Much, much more
This commit is contained in:
Doug Bell 2008-03-27 00:24:00 +00:00
parent ae6c1ac6df
commit 3ea9420479
14 changed files with 332 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

93
lib/WebGUI/Asset/File/GalleryFile.pm
View file

@ -18,6 +18,8 @@ use strict;
use base 'WebGUI::Asset::File';
use Carp qw( croak confess );
use URI::Escape;
use WebGUI::HTML;
@ -390,6 +392,9 @@ sub getTemplateVars {
# Add the search form
$self->getGallery->appendTemplateVarsSearchForm( $var );
# Add a text-only synopsis
$var->{ synopsis_textonly } = WebGUI::HTML::filter( $self->get('synopsis'), "all" );
$var->{ canComment } = $self->canComment;
$var->{ canEdit } = $self->canEdit;
$var->{ numberOfComments } = scalar @{ $self->getCommentIds };
@ -400,6 +405,9 @@ sub getTemplateVars {
$var->{ url_demote } = $self->getUrl('func=demote');
$var->{ url_edit } = $self->getUrl('func=edit');
$var->{ url_gallery } = $self->getGallery->getUrl;
$var->{ url_album } = $self->getParent->getUrl;
$var->{ url_thumbnails } = $self->getParent->getUrl('func=thumbnails');
$var->{ url_slideshow } = $self->getParent->getUrl('func=slideshow');
$var->{ url_makeShortcut } = $self->getUrl('func=makeShortcut');
$var->{ url_listFilesForOwner }
= $self->getGallery->getUrl('func=listFilesForUser;userId=' . $self->get("ownerUserId"));
@ -559,6 +567,8 @@ sub processPropertiesFromFormPost {
### Passes all checks
$self->requestAutoCommit;
return;
}
#----------------------------------------------------------------------------
@ -756,25 +766,6 @@ sub www_deleteConfirm {
#----------------------------------------------------------------------------
=head2 www_demote
Override the default demote page to send the user back to the GalleryAlbum
edit screen.
=cut
sub www_demote {
my $self = shift;
return $self->session->privilege->insufficient unless $self->canEdit;
$self->demote;
return $self->session->asset( $self->getParent )->www_edit;
}
#----------------------------------------------------------------------------
=head2 www_editComment ( params )
Form to edit a comment. C<params> is a hash reference of parameters
@ -788,8 +779,27 @@ sub www_editComment {
my $self = shift;
my $params = shift;
my $session = $self->session;
# Get the comment, if needed
my $commentId = $session->form->get( "commentId" );
my $comment = $commentId ne "new"
? $self->getComment( $commentId )
: {}
;
return $session->privilege->insufficient unless $self->canEdit;
# Check permissions
# Adding a new comment
if ( $commentId eq "new" ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing your own comment
elsif ( $comment->{ userId } ne "1" && $comment->{ userId } eq $self->session->user->userId ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing someone else's comment
else {
return $session->privilege->insufficient unless $self->canEdit;
}
my $var = $self->getTemplateVars;
@ -797,11 +807,6 @@ sub www_editComment {
$var->{ errors } = [ map { { "error" => $_ } } @{ $params->{errors} } ];
}
my $commentId = $session->form->get( "commentId" );
my $comment = $commentId ne "new"
? $self->getComment( $commentId )
: {}
;
$self->appendTemplateVarsCommentForm( $var, $comment );
$var->{ isNew } = $commentId eq "new";
@ -822,19 +827,30 @@ Save a comment being edited
sub www_editCommentSave {
my $self = shift;
my $session = $self->session;
return $session->privilege->insufficient unless $self->canEdit;
my $i18n = __PACKAGE__->i18n( $session );
# Process the form first, so we can know how to check permissions
my $comment = eval { $self->processCommentEditForm };
if ( $@ ) {
return $self->www_editComment( { errors => [ $@ ] } );
}
# Check permissions
# Adding a new comment
if ( $comment->{ commentId } eq "new" ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing your own comment
elsif ( $comment->{ userId } ne "1" && $comment->{ userId } eq $self->session->user->userId ) {
return $session->privilege->insufficient unless $self->canComment;
}
# Editing someone else's comment
else {
return $session->privilege->insufficient unless $self->canEdit;
}
# setComment changes commentId, so keep track if we're adding a new comment
my $isNew = $comment->{commentId} eq "new";
$self->setComment( $comment );
# Return different message for adding and editing
@ -920,25 +936,6 @@ sub www_makeShortcutSave {
#----------------------------------------------------------------------------
=head2 www_promote
Override the default promote page to send the user back to the GalleryAlbum
edit screen.
=cut
sub www_promote {
my $self = shift;
return $self->session->privilege->insufficient unless $self->canEdit;
$self->promote;
return $self->session->asset( $self->getParent )->www_edit;
}
#----------------------------------------------------------------------------
=head2 www_view ( )
Shows the output of L<view> inside of the style provided by the gallery this

49
lib/WebGUI/Asset/File/GalleryFile/Photo.pm
View file

@ -316,6 +316,46 @@ sub makeResolutions {
#----------------------------------------------------------------------------
=head2 processPropertiesFromFormPost ( )
Process the asset edit form.
Make the default title into the file name minus the extention.
=cut
sub processPropertiesFromFormPost {
my $self = shift;
my $form = $self->session->form;
my $errors = $self->SUPER::processPropertiesFromFormPost || [];
# Return if errors
return $errors if @$errors;
### Passes all checks
# If no title was given, make it the file name
if ( !$form->get('title') ) {
my $title = $self->get('filename');
$title =~ s/\.[^.]*$//;
$title =~ tr/-/ /; # De-mangle the spaces at the expense of the dashes
$self->update( {
title => $title,
menuTitle => $title,
} );
# If this is a new Photo, change some other things too
if ( $form->get('assetId') eq "new" ) {
$self->update( {
url => $self->session->url->urlize( join "/", $self->getParent->get('url'), $title ),
} );
}
}
return undef;
}
#----------------------------------------------------------------------------
=head2 setFile ( filename )
Extend the superclass setFile to automatically generate thumbnails.
@ -351,6 +391,11 @@ sub updateExifDataFromFile {
}
}
# Remove other, pointless keys
for my $key ( qw( directory ) ) {
delete $info->{ $key };
}
$self->update({
exifData => to_json( $info ),
});
@ -410,7 +455,7 @@ sub www_edit {
url_addArchive => $self->getParent->getUrl('func=addArchive'),
};
if ( $form->get('assetId') eq "new" ) {
if ( $form->get('func') eq "add" ) {
$var->{ isNewPhoto } = 1;
}
@ -461,7 +506,7 @@ sub www_edit {
= WebGUI::Form::HTMLArea( $session, {
name => "synopsis",
value => ( $form->get("synopsis") || $self->get("synopsis") ),
richEditId => $self->getGallery->get("assetIdRichEditFile"),
richEditId => $self->getGallery->get("richEditIdFile"),
});
$var->{ form_photo } = $self->getEditFormUploadControl;