/** * generates proper text for confirmation question and removes range_id from news * * * @param $remove_array array with $news_id as key and array of range_ids as value * @param string $range_id * @return string text for confirmation question or empty string after removal */ function remove_news($remove_array) { $confirmed = false; $question_text = array(); if (!is_array($remove_array)) { return false; } if (Request::submitted('yes') and Request::isPost()) { CSRFProtection::verifySecurityToken(); $confirmed = true; } foreach ($remove_array as $news_id => $ranges) { $remove_news = new StudipNews($news_id); $remove_news_title = $remove_news->getValue('topic'); if (!is_array($ranges)) { $ranges = array($ranges); } // should we delete news completely if (count($ranges) == count($remove_news->getRanges())) { $text = delete_news($news_id); if ($text) { $question_text[] = $text; } // or just remove range_id(s)? } else { $text = ''; if ($confirmed and !$remove_news->isNew() and count($ranges)) { foreach ($ranges as $key => $range_id) { if ($remove_news->havePermission('unassign', $range_id)) { $remove_news->deleteRange($range_id); } else { unset($ranges[$key]); PageLayout::postMessage(MessageBox::error(sprintf(_('Keine Berechtigung zum Entfernen der Ankündigung "%s" aus diesem Bereich.'), htmlReady($remove_news->getValue('topic'))))); } if (count($ranges)) { if (count($ranges) == 1) { PageLayout::postMessage(MessageBox::success(sprintf(_('Ankündigung "%s" wurde aus dem Bereich entfernt.'), htmlReady($remove_news->getValue('topic'))))); } else { PageLayout::postMessage(MessageBox::success(sprintf(_('Ankündigung "%s" wurde aus %s Bereichen entfernt.'), htmlReady($remove_news->getValue('topic')), count($ranges)))); } $remove_news->store(); } } } elseif (!$confirmed) { if (count($ranges) == 1) { $text = sprintf(_('- Die Ankündigung "%s" wird aus dem aktiven Bereich entfernt. ' . 'Sie wird dadurch nicht endgültig gelöscht. Es wird nur die Zuordnung entfernt.'), $remove_news_title) . "\n"; } elseif (count($ranges) > 1) { $text = sprintf(_('- Die Ankündigung "%s" wird aus den %s gewählten Bereichen entfernt. ' . 'Sie wird dadurch nicht endgültig gelöscht. Es werden nur die Zuordnungen entfernt.'), $remove_news_title, count($ranges)) . "\n"; } } if ($text) { $question_text[] = $text; } } } if (count($question_text) > 1) { return _('Wollen Sie die folgenden Aktionen jetzt ausführen?') . "\n" . implode($question_text); } elseif (count($question_text) == 1) { return _('Wollen Sie diese Aktion jetzt ausführen?') . "\n" . implode($question_text); } }
/** * DEPRECATED */ public static function TouchNews($news_id, $touch_stamp = null) { $ret = false; if (!$touch_stamp) { $touch_stamp = time(); } $news = new StudipNews($news_id); if (!$news->isNew()) { $news->setValue('date', mktime(0, 0, 0, strftime("%m", $touch_stamp), strftime("%d", $touch_stamp), strftime("%y", $touch_stamp))); if (!$news->store()) { $news->triggerChdate(); } } return $ret; }
/** * **/ public function routes(&$router) { // Get news of a range id $router->get('/news(/range/:range_id)', function ($range_id = false) use($router) { $range_id = $range_id ?: $GLOBALS['user']->id; if (!Helper::UserHasAccessToRange($range_id)) { $router->halt(403, sprintf('User may not access range %s', $range_id)); } $news = array_values(News::loadRange($range_id)); if ($router->compact()) { $router->render(compact('news')); return; } foreach ($news as $index => $n) { if ($n['allow_comments']) { $comments = $router->dispatch('get', '/news/:news_id/comments', $n['news_id']); $news[$index]['comments'] = $comments['comments']; } } $users = array_values(NewsRoute::extractUsers($news, $router)); $router->render(compact('news', 'users')); })->conditions(array('range_id' => '(studip|[a-f0-9]{32})')); // Create news for a specific range $router->post('/news(/range/:range_id)', function () use($router) { $range_id = $range_id ?: $GLOBALS['user']->id; if (!Helper::UserHasAccessToRange($range_id)) { $router->halt(403, sprintf('User may not access range %s', $range_id)); } $title = trim(Request::get('title')); if (empty($title)) { $router->halt(406, 'No news title provided'); } $body = trim(Request::get('body')); if (empty($body)) { $router->halt(406, 'No news body provided'); } $news = new \StudipNews(); $news->user_id = $GLOBALS['user']->id; $news->author = $GLOBALS['user']->getFullName(); $news->topic = $title; $news->body = $body; $news->date = time(); $news->expire = Request::int('expire', 2 * 7 * 24 * 60 * 60); $news->allow_comments = Request::int('allow_comments', 0); if (!$news->store()) { $router->halt(501, 'Could not create news'); } $news->addRange($range_id); $news->storeRanges(); $router->render($router->dispatch('get', '/news/:news_id', $news->news_id), 201); })->conditions(array('range_id' => '(studip|[a-f0-9]{32})')); // Get news data $router->get('/news/:news_id', function ($news_id) use($router) { $news = News::load($news_id); if (!$news) { $router->halt(404, sprintf('News %s not found', $news_id)); } if ($router->compact()) { $router->render(compact('news')); return; } $users = NewsRoute::extractUsers(array($news), $router); if ($news['allow_comments']) { $news['comments'] = reset($router->dispatch('get', '/news/:news_id/comments', $news_id)); } $router->render(compact('news', 'users')); }); // Update news $router->put('/news/:news_id', function ($news_id) use($router) { global $_PUT; $news = new \StudipNews($news_id); if (!$news) { $router->halt(404, sprintf('News %s not found', $news_id)); } /* // TODO Check access if (!Helper::UserHasAccessToRange($range_id)) { $router->halt(403, sprintf('User may not access range %s', $range_id)); } */ if (isset($_PUT['title'])) { $title = trim($_PUT['title']); if (empty($title)) { $router->halt(406, 'No news title provided'); } $news->topic = $title; } if (isset($_PUT['body'])) { $body = trim($_PUT['body']); if (empty($body)) { $router->halt(406, 'No news body provided'); } $news->body = $body; } // date? if (isset($_PUT['expire'])) { $news->expire = $_PUT['expire'] ?: $news->expire; } if (isset($_PUT['allow_comments'])) { $news->allow_comments = (int) $_PUT['allow_comments']; } if (!$news->store()) { $router->halt(501, 'Could not update news'); } $router->render($router->dispatch('get', '/news/:news_id', $news->news_id), 201); }); // Delete news $router->delete('/news/:news_id', function ($news_id) use($router) { $news = \StudipNews::find($news_id); if (!$news) { $router->halt(404, sprintf('News %s not found', $news_id)); } $news->delete(); $router->halt(200, sprintf('Deleted news %s.', $news_id)); }); }
/** * Builds news dialog for editing / adding news * * @param string $id news id (in case news already exists; otherwise set to "new") * @param string $context_range range id (only for new news; set to 'template' for copied news) * @param string $template_id template id (source of news template) * */ function edit_news_action($id = '', $context_range = '', $template_id = '') { // initialize $this->news_isvisible = array('news_basic' => true, 'news_comments' => false, 'news_areas' => false); $ranges = array(); $this->ranges = array(); $this->area_options_selectable = array(); $this->area_options_selected = array(); $this->may_delete = false; $this->route = "news/edit_news/{$id}"; if ($context_range) { $this->route .= "/{$context_range}"; if ($template_id) { $this->route .= "/{$template_id}"; } } $msg_object = new messaging(); if ($id == "new") { unset($id); $this->title = _("Ankündigung erstellen"); } else { $this->title = _("Ankündigung bearbeiten"); } // user has to have autor permission at least if (!$GLOBALS['perm']->have_perm(autor)) { $this->set_status(401); return $this->render_nothing(); } // Output as dialog (Ajax-Request) or as Stud.IP page? if (Request::isXhr()) { $this->set_layout(null); header('X-Title: ' . $this->title); } else { $this->set_layout($GLOBALS['template_factory']->open('layouts/base')); } // load news and comment data and check if user has permission to edit $news = new StudipNews($id); if (!$news->isNew()) { $this->comments = StudipComment::GetCommentsForObject($id); } if (!$news->havePermission('edit') and !$news->isNew()) { $this->set_status(401); PageLayout::postMessage(MessageBox::error(_('Keine Berechtigung!'))); return $this->render_nothing(); } // if form sent, get news data by post vars if (Request::get('news_isvisible')) { // visible categories, selected areas, topic, and body are utf8 encoded when sent via ajax $this->news_isvisible = unserialize(Request::get('news_isvisible')); if (Request::isXhr()) { $this->area_options_selected = unserialize(studip_utf8decode(Request::get('news_selected_areas'))); $this->area_options_selectable = unserialize(studip_utf8decode(Request::get('news_selectable_areas'))); $topic = studip_utf8decode(Request::get('news_topic')); $body = transformBeforeSave(Studip\Markup::purifyHtml(studip_utf8decode(Request::get('news_body')))); } else { $this->area_options_selected = unserialize(Request::get('news_selected_areas')); $this->area_options_selectable = unserialize(Request::get('news_selectable_areas')); $topic = Request::get('news_topic'); $body = transformBeforeSave(Studip\Markup::purifyHtml(Request::get('news_body'))); } $date = $this->getTimeStamp(Request::get('news_startdate'), 'start'); $expire = $this->getTimeStamp(Request::get('news_enddate'), 'end') ? $this->getTimeStamp(Request::get('news_enddate'), 'end') - $this->getTimeStamp(Request::get('news_startdate'), 'start') : ''; $allow_comments = Request::get('news_allow_comments') ? 1 : 0; if (Request::submitted('comments_status_deny')) { $this->anker = 'news_comments'; $allow_comments = 0; } elseif (Request::submitted('comments_status_allow')) { $this->anker = 'news_comments'; $allow_comments = 1; } if ($news->getValue('topic') != $topic or $news->getValue('body') != $body or $news->getValue('date') != $date or $news->getValue('allow_comments') != $allow_comments or $news->getValue('expire') != $expire) { $changed = true; } $news->setValue('topic', $topic); $news->setValue('body', $body); $news->setValue('date', $date); $news->setValue('expire', $expire); $news->setValue('allow_comments', $allow_comments); } elseif ($id) { // if news id given check for valid id and load ranges if ($news->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } $ranges = $news->news_ranges->toArray(); } elseif ($template_id) { // otherwise, load data from template $news_template = new StudipNews($template_id); if ($news_template->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } // check for permission if (!$news_template->havePermission('edit')) { $this->set_status(401); return $this->render_nothing(); } $ranges = $news_template->news_ranges->toArray(); // remove those ranges for which user doesn't have permission foreach ($ranges as $key => $news_range) { if (!$news->haveRangePermission('edit', $news_range['range_id'])) { $changed_areas++; $this->news_isvisible['news_areas'] = true; unset($ranges[$key]); } } if ($changed_areas == 1) { PageLayout::postMessage(MessageBox::info(_('1 zugeordneter Bereich wurde nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'))); } elseif ($changed_areas) { PageLayout::postMessage(MessageBox::info(sprintf(_('%s zugeordnete Bereiche wurden nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'), $changed_areas))); } $news->setValue('topic', $news_template->getValue('topic')); $news->setValue('body', $news_template->getValue('body')); $news->setValue('date', $news_template->getValue('date')); $news->setValue('expire', $news_template->getValue('expire')); $news->setValue('allow_comments', $news_template->getValue('allow_comments')); } else { // for new news, set startdate to today and range to dialog context $news->setValue('date', strtotime(date('Y-m-d'))); // + 12*60*60; $news->setValue('expire', 604800); if ($context_range != '' and $context_range != 'template') { $add_range = new NewsRange(array('', $context_range)); $ranges[] = $add_range->toArray(); } } // build news var for template $this->news = $news->toArray(); // treat faculties and institutes as one area group (inst) foreach ($ranges as $range) { switch ($range['type']) { case 'fak': $this->area_options_selected['inst'][$range['range_id']] = $range['name']; break; default: $this->area_options_selected[$range['type']][$range['range_id']] = $range['name']; } } // define search presets $this->search_presets['user'] = _('Meine Profilseite'); if ($GLOBALS['perm']->have_perm('autor') and !$GLOBALS['perm']->have_perm('admin')) { $my_sem = $this->search_area('__THIS_SEMESTER__'); if (count($my_sem['sem'])) { $this->search_presets['sem'] = _('Meine Veranstaltungen im aktuellen Semester') . ' (' . count($my_sem['sem']) . ')'; } } if ($GLOBALS['perm']->have_perm('dozent') and !$GLOBALS['perm']->have_perm('root')) { $my_inst = $this->search_area('__MY_INSTITUTES__'); if (count($my_inst)) { $this->search_presets['inst'] = _('Meine Einrichtungen') . ' (' . count($my_inst['inst']) . ')'; } } if ($GLOBALS['perm']->have_perm('root')) { $this->search_presets['global'] = $this->area_structure['global']['title']; } // perform search if (Request::submitted('area_search') or Request::submitted('area_search_preset')) { $this->anker = 'news_areas'; $this->search_term = studip_utf8decode(Request::get('area_search_term')); if (Request::submitted('area_search')) { $this->area_options_selectable = $this->search_area($this->search_term); } else { $this->current_search_preset = Request::option('search_preset'); if ($this->current_search_preset == 'inst') { $this->area_options_selectable = $my_inst; } elseif ($this->current_search_preset == 'sem') { $this->area_options_selectable = $my_sem; } elseif ($this->current_search_preset == 'user') { $this->area_options_selectable = array('user' => array($GLOBALS['auth']->auth['uid'] => get_fullname())); } elseif ($this->current_search_preset == 'global') { $this->area_options_selectable = array('global' => array('studip' => _('Stud.IP'))); } } if (!count($this->area_options_selectable)) { unset($this->search_term); } else { // already assigned areas won't be selectable foreach ($this->area_options_selected as $type => $data) { foreach ($data as $id => $title) { unset($this->area_options_selectable[$type][$id]); } } } } // delete comment(s) if (Request::submitted('delete_marked_comments')) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments(Request::optionArray('mark_comments')); $this->flash['question_param'] = array('mark_comments' => Request::optionArray('mark_comments'), 'delete_marked_comments' => 1); // reload comments if (!$this->flash['question_text']) { $this->comments = StudipComment::GetCommentsForObject($id); $changed = true; } } if ($news->havePermission('delete')) { $this->comments_admin = true; } if (is_array($this->comments)) { foreach ($this->comments as $key => $comment) { if (Request::submitted('news_delete_comment_' . $comment['comment_id'])) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments($comment['comment_id']); $this->flash['question_param'] = array('mark_comments' => array($comment['comment_id']), 'delete_marked_comments' => 1); } } } // open / close category foreach ($this->news_isvisible as $category => $value) { if (Request::submitted('toggle_' . $category) or Request::get($category . '_js')) { $this->news_isvisible[$category] = $this->news_isvisible[$category] ? false : true; $this->anker = $category; } } // add / remove areas if (Request::submitted('news_add_areas') and is_array($this->area_options_selectable)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selectable') as $range_id) { foreach ($this->area_options_selectable as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selected[$type][$range_id] = $data[$range_id]; unset($this->area_options_selectable[$type][$range_id]); } } } } if (Request::submitted('news_remove_areas') and is_array($this->area_options_selected)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selected') as $range_id) { foreach ($this->area_options_selected as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selectable[$type][$range_id] = $data[$range_id]; unset($this->area_options_selected[$type][$range_id]); } } } } // prepare to save news if (Request::submitted('save_news') and Request::isPost()) { CSRFProtection::verifySecurityToken(); //prepare ranges array for already assigned news_ranges foreach ($news->getRanges() as $range_id) { $this->ranges[$range_id] = get_object_type($range_id, array('global', 'fak', 'inst', 'sem', 'user')); } // check if new ranges must be added foreach ($this->area_options_selected as $type => $area_group) { foreach ($area_group as $range_id => $area_title) { if (!isset($this->ranges[$range_id])) { if ($news->haveRangePermission('edit', $range_id)) { $news->addRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(sprintf(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung für "%s".'), htmlReady($area_title)))); $error++; } } } } // check if assigned ranges must be removed foreach ($this->ranges as $range_id => $range_type) { if ($range_type === 'fak' && !isset($this->area_options_selected['inst'][$range_id]) || $range_type !== 'fak' && !isset($this->area_options_selected[$range_type][$range_id])) { if ($news->havePermission('unassign', $range_id)) { $news->deleteRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung.'))); $error++; } } } // save news if ($news->validate() and !$error) { if ($news->getValue('user_id') != $GLOBALS['auth']->auth['uid']) { $news->setValue('chdate_uid', $GLOBALS['auth']->auth['uid']); setTempLanguage($news->getValue('user_id')); $msg = sprintf(_('Ihre Ankündigung "%s" wurde von %s verändert.'), $news->getValue('topic'), get_fullname() . ' (' . get_username() . ')') . "\n"; $msg_object->insert_message($msg, get_username($news->getValue('user_id')), "____%system%____", FALSE, FALSE, "1", FALSE, _("Systemnachricht:") . " " . _("Ankündigung geändert")); restoreLanguage(); } else { $news->setValue('chdate_uid', ''); } $news->store(); PageLayout::postMessage(MessageBox::success(_('Die Ankündigung wurde gespeichert.'))); // in fallback mode redirect to edit page with proper news id if (!Request::isXhr() and !$id) { $this->redirect('news/edit_news/' . $news->getValue('news_id')); } elseif (Request::isXhr()) { $this->render_nothing(); } } } // check if user has full permission on news object if ($news->havePermission('delete')) { $this->may_delete = true; } }