oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Events can no longer be edited by anyone who can add events

Browse source
This commit is contained in:
Doug Bell 2008-04-15 18:10:39 +00:00
parent 6b017ad991
commit 8ec2c763b4
8 changed files with 512 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/WebGUI/Asset/Event.pm
View file

@ -180,16 +180,26 @@ sub canAdd {
####################################################################
=head2 canEdit
=head2 canEdit ( [userId] )
Returns true if a user can edit this asset. This uses the canEditEvent
from the parent Calendar.
Returns true if the given userId can edit this asset. If userId is not given,
the userId of the current session is used.
Users can edit this event if they are the owner of the event, or if they are
allowed to edit the parent Calendar.
=cut
sub canEdit {
my $self = shift;
return $self->getParent->canAddEvent;
my $userId = shift;
if ( !$userId ) {
$userId = $self->session->user->userId;
}
return 1 if ( $userId eq $self->get('ownerUserId') );
return $self->getParent->canEdit( $userId );
}

32
lib/WebGUI/Asset/Wobject/Calendar.pm
View file

@ -370,7 +370,7 @@ sub appendTemplateVarsDateTime {
#----------------------------------------------------------------------------
=head2 canEdit
=head2 canEdit ( [userId] )
Returns true if the user can edit this asset.
@ -381,24 +381,33 @@ around the canEdit check when www_editSave is being used to add an asset).
sub canEdit {
my $self = shift;
my $userId = shift || $self->session->user->userId;
my $form = $self->session->form;
my $user = $self->session->user;
# Account for new events
return 1 if ($self->canAddEvent && $form->process("func") eq "add");
return 1 if (
$self->canAddEvent
$self->canAddEvent( $userId )
&& $form->process("func") eq "add"
);
return 1 if (
$self->canAddEvent( $userId )
&& $form->process("assetId") eq "new"
&& $form->process("func") eq "editSave"
&& $form->process("class") eq "WebGUI::Asset::Event"
);
return $self->SUPER::canEdit()
# Who can edit the Calendar can do everything
if ( $self->SUPER::canEdit( $userId ) ) {
return 1;
}
# Fails all checks
return 0;
}
#----------------------------------------------------------------------------
=head2 canAddEvent
=head2 canAddEvent ( [userId] )
Returns true if able to add events. Checks to make sure that the
Calendar has been committed at least once. Checks to make sure that
@ -409,7 +418,13 @@ the calendar, or the group that can edit events in the calendar).
sub canAddEvent {
my $self = shift;
my $userId = shift;
my $user = $userId
? WebGUI::User->new( $self->session, $userId )
: $self->session->user
;
# Events can only be added after the Calendar has been committed once
return 0 if (
$self->get("status") ne "approved"
@ -417,8 +432,7 @@ sub canAddEvent {
);
return 1 if (
$self->session->user->isInGroup($self->get("groupIdEventEdit"))
|| $self->SUPER::canEdit
$user->isInGroup($self->get("groupIdEventEdit"))
);
}

70
lib/WebGUI/Utility/Gallery.pm
View file

@ -50,6 +50,10 @@ This module is B<NOT> to be used by the Gallery asset itself!
my $thread = WebGUI::Asset::Post::Thread->new( ... );
$utility->addAlbumFromThread( $gallery, $thread );
# Add a single album from a Folder asset
my $folder = WebGUI::Asset::Wobject::Folder->new( ... );
$utility->addAlbumFromFolder( $gallery, $folder );
# Add a single album from a filesystem branch
$utility->addAlbumFromFilesystem( $gallery, "/Users/Doug/Photos" );
@ -131,6 +135,72 @@ sub addAlbumFromFilesystem {
#----------------------------------------------------------------------------
=head2 addAlbumFromFolder ( gallery, folder )
Add an album from a Folder asset filled with File assets. C<gallery> is an
instance of a Gallery asset. C<folder> is an instance of a Folder asset.
=cut
sub addAlbumFromFolder {
my $class = shift;
my $gallery = shift;
my $folder = shift;
croak "First argument must be Gallery asset"
unless blessed $gallery && $gallery->isa('WebGUI::Asset::Wobject::Gallery');
croak "Second argument must be Folder asset"
unless blessed $folder && $folder->isa('WebGUI::Asset::Wobject::Folder');
my $session = $gallery->session;
my $addOptions = { skipAutoCommitWorkflows => 1 };
# Create the new album
my $album = $gallery->addChild({
className => 'WebGUI::Asset::Wobject::GalleryAlbum',
description => $folder->get('description'),
menuTitle => $folder->get('menuTitle'),
createdBy => $folder->get('createdBy'),
creationDate => $folder->get('creationDate'),
ownerUserId => $folder->get('ownerUserId'),
synopsis => $folder->get('synopsis'),
title => $folder->get('title'),
url => $session->url->urlize( $gallery->get('url') . "/" . $folder->get('title') ),
}, undef, $folder->get('revisionDate'), $addOptions );
my $fileIds
= $folder->getLineage( ['children'], {
joinClass => 'WebGUI::Asset::File',
} );
for my $fileId ( @{ $fileIds } ) {
my $oldFile = WebGUI::Asset->newByDynamicClass( $session, $fileId );
my $oldStorage = $oldFile->getStorageLocation;
my $className = $gallery->getAssetClassForFile( $oldStorage->getPath( $oldFile->get('filename') ) );
if ( !$className ) {
warn "Skipping " . $oldFile->get('filename') . " Gallery doesn't handle this file type";
next;
}
my $newFile = $album->addChild({
className => $className,
createdBy => $oldFile->get('createdBy'),
creationDate => $oldFile->get('creationDate'),
menuTitle => $oldFile->get('menuTitle'),
ownerUserId => $oldFile->get('ownerUserId'),
synopsis => $oldFile->get('synopsis'),
title => $oldFile->get('title'),
url => $session->url->urlize( $album->get('url') . "/" . $oldFile->get('menuTitle') ),
}, undef, $oldFile->get('revisionDate'), $addOptions );
$newFile->setFile( $oldStorage->getPath( $oldFile->get('filename') ) );
}
return undef;
}
#----------------------------------------------------------------------------
=head2 addAlbumFromThread ( gallery, thread )
Add an album to the gallery from the given Collaboration System thread.