From 68b4baeb7e346d5f2002b6d847453d3294b340b8 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Sat, 22 Jun 2002 18:25:20 +0000 Subject: [PATCH] Fixed a problem where visitors could post. --- lib/WebGUI/Wobject/MessageBoard.pm | 8 ++++++-- lib/WebGUI/Wobject/UserSubmission.pm | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/lib/WebGUI/Wobject/MessageBoard.pm b/lib/WebGUI/Wobject/MessageBoard.pm index 9e28c0c55..346950b2f 100644 --- a/lib/WebGUI/Wobject/MessageBoard.pm +++ b/lib/WebGUI/Wobject/MessageBoard.pm @@ -203,9 +203,13 @@ sub www_view { $html .= $_[0]->description; $html = $_[0]->processMacros($html); $html .= ''. - '
'; + if (WebGUI::Privilege::isInGroup($_[0]->get("groupToPost"))) { + $html .= ''. - WebGUI::International::get(17,$namespace).' · ' + WebGUI::International::get(17,$namespace).' · '; + } + $html .= '' .WebGUI::International::get(364).'
'; $html .= ''; $html .= ' diff --git a/lib/WebGUI/Wobject/UserSubmission.pm b/lib/WebGUI/Wobject/UserSubmission.pm index bd0424cb7..9527e03cf 100644 --- a/lib/WebGUI/Wobject/UserSubmission.pm +++ b/lib/WebGUI/Wobject/UserSubmission.pm @@ -128,8 +128,12 @@ sub _traditionalView { } $sth->finish; $output .= '
'.WebGUI::International::get(229).'
'. - '
'.WebGUI::International::get(20,$namespace).' · '; + if (WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"))) { + $output .= ''.WebGUI::International::get(20,$namespace).' · '; + } + $output .= '' .WebGUI::International::get(364).'
'; $p = WebGUI::Paginator->new(WebGUI::URL::page(),\@row,$_[0]->get("submissionsPerPage")); @@ -428,7 +432,9 @@ sub www_editSubmission { $submission{convertCarriageReturns} = 1; $submission{userId} = $session{user}{userId}; } - if ($submission{userId} == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) { + if (WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute")) + || $submission{userId} == $session{user}{userId} + || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) { $output = '

'.WebGUI::International::get(19,$namespace).'

'; $f = WebGUI::HTMLForm->new; $f->hidden("wid",$session{form}{wid}); @@ -463,7 +469,9 @@ sub www_editSubmission { sub www_editSubmissionSave { my ($sqlAdd,$owner,$image,$attachment,$title); ($owner) = WebGUI::SQL->quickArray("select userId from UserSubmission_submission where submissionId='$session{form}{sid}'"); - if ($owner == $session{user}{userId} || $session{form}{sid} eq "new" || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) { + if ($owner == $session{user}{userId} + || ($session{form}{sid} eq "new" && WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"))) + || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) { if ($session{form}{sid} eq "new") { $session{form}{sid} = getNextId("submissionId"); WebGUI::SQL->write("insert into UserSubmission_submission (wobjectId,submissionId,userId,username)