public function postPublishAction($params) { $post_id = (int) $params['id']; $blog_id = (int) $params['blog_id']; // check rights for this blog at first and unsubscribe user if he hasn't $sql = "SELECT c.id FROM blog_emailsubscription s\n JOIN wa_contact c ON s.contact_id = c.id\n WHERE s.blog_id = " . $blog_id; $model = new waModel(); $unsubscribe_contact_ids = array(); foreach ($model->query($sql) as $row) { $rights = 1; try { $rights = blogHelper::checkRights($blog_id, $row['id'], blogRightConfig::RIGHT_READ); } catch (Exception $e) { $rights = 0; } if (!$rights) { $unsubscribe_contact_ids[] = $row['id']; } } if ($unsubscribe_contact_ids) { $em = new blogEmailsubscriptionModel(); $em->deleteByField(array('contact_id' => $unsubscribe_contact_ids, 'blog_id' => $blog_id)); } // add subscribers to queue $sql = "REPLACE INTO blog_emailsubscription_log (post_id, contact_id, name, email, datetime)\n SELECT " . $post_id . ", c.id, c.name, e.email, '" . date('Y-m-d H:i:s') . "' FROM blog_emailsubscription s\n JOIN wa_contact c ON s.contact_id = c.id\n JOIN wa_contact_emails e ON c.id = e.contact_id AND e.sort = 0\n WHERE s.blog_id = " . $blog_id; $model->exec($sql); // save backend url for cron $app_settings_model = new waAppSettingsModel(); $app_settings_model->set(array($this->app_id, $this->id), 'backend_url', wa()->getRootUrl(true) . wa()->getConfig()->getBackendUrl()); }
public function execute() { $this->getResponse()->addHeader('Content-type', 'application/json'); if ($comment_id = $this->getRequest()->post('id', 0, waRequest::TYPE_INT)) { $comment_model = new blogCommentModel(); $comment = $comment_model->getById($comment_id); if (!$comment) { throw new waException(_w('Comment not found'), 404); } $post_model = new blogPostModel(); if (!($post = $post_model->getBlogPost(array('id' => $comment['post_id'], 'blog_id' => $comment['blog_id'])))) { throw new waException(_w('Post not found'), 404); } $user_id = $this->getUser()->getId(); $rights = blogHelper::checkRights($comment['blog_id'], $user_id, blogRightConfig::RIGHT_READ_WRITE); if ($rights == blogRightConfig::RIGHT_READ_WRITE && $user_id != $post['contact_id']) { throw new waRightsException(_w('Access denied'), 403); } $status = $this->getRequest()->post('status', blogCommentModel::STATUS_DELETED); if ($status != blogCommentModel::STATUS_DELETED) { $status = blogCommentModel::STATUS_PUBLISHED; } $changed = $comment_model->updateById($comment_id, array('status' => $status)); $count = $comment_model->getCount($comment['blog_id'], $comment['post_id']); if ($changed) { if ($status == blogCommentModel::STATUS_DELETED) { $this->log('comment_delete', 1); } else { $this->log('comment_restore', 1); } } $this->response = array('count_str' => $count . " " . _w('comment', 'comments', $count), 'status' => $status, 'changed' => $changed); } }
public function execute() { $id = $this->get('id', true); $post_model = new blogPostModel(); $post = $post_model->getById($id); if (!$post) { throw new waAPIException('invalid_param', 'Post not found', 404); } //check rights if (blogHelper::checkRights($post['blog_id']) < blogRightConfig::RIGHT_FULL && $post['contact_id'] != wa()->getUser()->getId()) { throw new waAPIException('access_denied', 403); } $data = array_merge($post, waRequest::post()); $blog_model = new blogBlogModel(); $blogs = $blog_model->getAvailable(); if (!isset($blogs[$data['blog_id']])) { throw new waAPIException('invalid_param', 'Blog not found', 404); } $blog = $blogs[$data['blog_id']]; $data['blog_status'] = $blog['status']; $data['datetime'] = $this->formateDatetime($data['datetime']); $messages = $post_model->validate($data, array('transliterate' => true)); if ($messages) { throw new waAPIException('invalid_param', 'Validate messages: ' . implode("\n", $messages), 404); } $post_model->updateItem($data['id'], $data); $_GET['id'] = $id; $method = new blogPostGetInfoMethod(); $this->response = $method->getResponse(true); }
public function execute() { $post_id = max(0, waRequest::get('id', 0, waRequest::TYPE_INT)); if (!$post_id) { throw new waException(_w('Post not found'), 404); } $post_model = new blogPostModel(); $search_options = array('id' => $post_id); $extend_options = array('comments' => array(20), 'user' => array('photo_url_50'), 'status' => 'view'); $post = $post_model->search($search_options, $extend_options)->fetchSearchItem(); if (!$post) { throw new waException(_w('Post not found'), 404); } $post['rights'] = $this->getRights("blog.{$post['blog_id']}"); $posts = array(&$post); blogHelper::extendRights($posts, array(), $this->getUser()->getId()); blogPhotosBridge::loadAlbums($posts); if (isset($post['comments']) && $post['comments']) { $post['comments'] = blogCommentModel::extendRights($post['comments'], array($post_id => $post)); } $blog_model = new blogBlogModel(); $blog = $blog_model->getById($post['blog_id']); if ($blog['status'] != blogBlogModel::STATUS_PUBLIC || $post['status'] != blogPostModel::STATUS_PUBLISHED) { blogHelper::checkRights($post['blog_id'], true, blogRightConfig::RIGHT_READ); } $items = $blog_model->prepareView(array($blog)); $blog = array_shift($items); $this->setLayout(new blogDefaultLayout()); $this->getResponse()->setTitle($post['title']); /** * Backend post view page * UI hook allow extends post view page * @event backend_post * @param array[string]mixed $post Current page post item data * @param array[string]int $post['id'] Post ID * @param array[string]int $post['blog_id'] Post blog ID * @return array[string][string]string $backend_post['%plugin_id%']['footer'] Plugin %plugin_id% footer html */ $this->view->assign('backend_post', wa()->event('backend_post', $post, array('footer'))); $user = $this->getUser(); $this->view->assign('current_contact', array('id' => $user->getId(), 'name' => $user->getName(), 'photo20' => $user->getPhoto(20))); $this->view->assign('blog_id', $blog['id']); $this->view->assign('blog', $blog); $this->view->assign('contact_rights', $this->getUser()->getRights('contacts', 'backend')); if ($this->getConfig()->getOption('can_use_smarty')) { try { $post['text'] = $this->view->fetch("string:{$post['text']}", $this->cache_id); } catch (SmartyException $ex) { $post['text'] = blogPost::handleTemplateException($ex, $post); } } $this->view->assign('post', $post); }
protected function init() { $transport = ucfirst($this->getRequest()->post('blog_import_transport', '', waRequest::TYPE_STRING_TRIM)); $class = "blogImportPlugin{$transport}Transport"; if ($transport && class_exists($class)) { $plugin_namespace = $this->getApp() . '_import'; $namespace = $plugin_namespace . '_' . strtolower($transport); $this->initPlugin(); if ($post = $this->getRequest()->post($plugin_namespace)) { $this->plugin->setup($post); if ($this->plugin->validateSettings($this->errors)) { $this->plugin->saveSettings(); } else { throw new waException(_wp('Invalid replace settings')); } } $settings = $this->plugin->getSettings(); $blog_model = new blogBlogModel(); if ($settings['blog'] && ($blog = $blog_model->getById($settings['blog']))) { $settings['blog_status'] = $blog['status']; } else { throw new waException(_wp("Target blog not found")); } $author_has_rights = false; try { if ($settings['contact']) { $author_has_rights = blogHelper::checkRights($settings['blog'], $settings['contact']); } } catch (waRightsException $ex) { //do nothing } if (!$author_has_rights) { throw new waException(_wp("Author not found or has insufficient rights")); } $this->data['transport'] = new $class($settings); $this->data['blog'] = $this->plugin->getSettingValue('blog'); $this->getTransport(); $this->transport->setup($this->getRequest()->post($namespace, array())); if (!$this->transport->validate(true, $this->errors)) { throw new waException(_wp('Invalid settings')); } //$this->data['runtime_settings'] =$this->transport->get $this->data['posts'] = $this->transport->getPosts(); $this->data['current'] = 0; $this->data['count'] = count($this->data['posts']); } else { throw new waException(sprintf(_wp("Transport type %s not found"), $transport)); } }
public function execute() { $id = $this->get('id', true); $post_model = new blogPostModel(); $post = $post_model->search(array('id' => $id))->fetchSearchItem(); if ($post) { $blog_model = new blogBlogModel(); $blog = $blog_model->getById($post['blog_id']); if ($blog['status'] != blogBlogModel::STATUS_PUBLIC || $post['status'] != blogPostModel::STATUS_PUBLISHED) { blogHelper::checkRights($post['blog_id'], true, blogRightConfig::RIGHT_READ); } $this->response = $post; } else { throw new waAPIException('invalid_param', 'Post not found', 404); } }
public function execute() { $data = waRequest::post('data', null); if (!$data) { return; } foreach ($data as $name => $value) { if (in_array($name, $this->allowed_fields) === false) { throw new waException("Can't update post: editing of this field is denied"); } if ($name == 'status') { if (in_array($value, array(blogPostModel::STATUS_DRAFT, blogPostModel::STATUS_DEADLINE, blogPostModel::STATUS_SCHEDULED, blogPostModel::STATUS_PUBLISHED)) === false) { throw new waException("Can't change status: unknown value"); } } } $post_id = waRequest::post('post_id', null, waRequest::TYPE_INT); $post_model = new blogPostModel(); $post = null; if ($post_id) { $post = $post_model->getFieldsById($post_id, array('id', 'blog_id', 'contact_id', 'datetime')); } if (!$post) { throw new waException("Unknown post"); } $contact = wa()->getUser(); $contact_id = $contact->getId(); $allow = blogHelper::checkRights($post['blog_id'], $contact_id, $contact_id != $post['contact_id'] ? blogRightConfig::RIGHT_FULL : blogRightConfig::RIGHT_READ_WRITE); if (!$allow) { throw new waException("Access denied"); } if (!$post_model->updateById($post_id, $data)) { throw new waException("Error when updating data"); } $post = array_merge($post, $data); if ($post['status'] == blogPostModel::STATUS_DEADLINE) { $user = wa()->getUser(); $timezone = $user->getTimezone(); $current_datetime = waDateTime::date("Y-m-d", null, $timezone); $datetime = waDateTime::date("Y-m-d", $post['datetime'], $timezone); if ($datetime <= $current_datetime) { $post['overdue'] = true; } } $this->response['post'] = $post; }
public function execute() { $data = waRequest::post(); $exclude = array('left_key', 'right_key', 'type', 'full_url', 'parent_id'); foreach ($exclude as $k) { if (isset($data[$k])) { unset($data[$k]); } } // check required params $this->post('text', true); $post_id = $this->get('post_id', true); $post_model = new blogPostModel(); $post = $post_model->getBlogPost($post_id); if (!$post) { throw new waAPIException('invalid_param', 'Post not found', 404); } $parent_id = $this->post('parent_id'); $comment_model = new blogCommentModel(); if ($parent_id) { $parent = $comment_model->getById($parent_id); if (!$parent) { throw new waAPIException('invalid_param', 'Parent comment not found', 404); } } $contact_id = wa()->getUser()->getId(); // check rights try { blogHelper::checkRights($post['blog_id'], $contact_id, blogRightConfig::RIGHT_READ); } catch (waException $e) { throw new waAPIException('access_denied', 403); } // check comment mode if (!$post['comments_allowed']) { throw new waAPIException('invalid_param', "Isn't allowed comment to this post", 404); } $data = array_merge($data, array('blog_id' => $post['blog_id'], 'post_id' => $post_id, 'contact_id' => $contact_id, 'auth_provider' => blogCommentModel::AUTH_USER)); $messages = $comment_model->validate($data); if ($messages) { throw new waAPIException('invalid_param', 'Validate messages: ' . implode("\n", $messages), 404); } $id = $comment_model->add($data, $parent_id); $_GET['id'] = $id; $method = new blogPostCommentsGetInfoMethod(); $this->response = $method->getResponse(true); }
public function execute() { if ($blog_id = (int) waRequest::post('id')) { blogHelper::checkRights($blog_id, true, blogRightConfig::RIGHT_FULL); $remove = waRequest::post('remove'); if ($remove == 'move') { $move_blog_id = waRequest::post('blog_id'); blogHelper::checkRights($move_blog_id, true, blogRightConfig::RIGHT_FULL); if ($move_blog_id != $blog_id) { blogPost::move($blog_id, $move_blog_id); } else { $this->redirect('?module=blog&action=settings&id=' . $blog_id); } } $blog_model = new blogBlogModel(); $blog_model->deleteById($blog_id); $this->log('blog_delete'); $this->redirect(wa()->getAppUrl()); } else { $this->redirect(wa()->getAppUrl()); } }
public function execute() { $id = $this->post('id', true); if (!is_array($id)) { if (strpos($id, ',') !== false) { $id = array_map('intval', explode(',', $id)); } else { $id = array($id); } } $user_id = wa()->getUser()->getId(); $comment_model = new blogCommentModel(); $post_model = new blogPostModel(); $comments = $comment_model->getByField('id', $id, 'id'); $post_ids = array(); foreach ($comments as $comment) { $post_ids[] = $comment['post_id']; } $post_ids = array_unique($post_ids); $posts = $post_model->getByField('id', $post_ids, 'id'); $available = array(); foreach ($comments as $comment) { try { $rights = blogHelper::checkRights($comment['blog_id'], $user_id, blogRightConfig::RIGHT_READ_WRITE); } catch (Exception $e) { continue; } if ($rights == blogRightConfig::RIGHT_READ_WRITE && $user_id != $posts[$comment['post_id']]['contact_id']) { continue; } if ($comment['status'] == blogCommentModel::STATUS_DELETED) { continue; } $available[] = $comment['id']; } $comment_model->updateById($available, array('status' => blogCommentModel::STATUS_DELETED)); $this->response = true; }
/** * * Update blog post item * @param int $id * @param array $data * @param array $current_data * @throws waException * @return int post id */ public function updateItem($id, $data = array(), $current_data = array()) { $plugin = array(); $contact_id = wa()->getUser()->getId(); foreach ($data as $field => $value) { if (!isset($this->fields[$field]) || $field == $this->id) { if (isset($data['plugin'])) { $plugin = $data['plugin']; } unset($data[$field]); } } if ($id) { if (!$current_data) { $current_data = $this->getByField(array($this->id => $id)); if (!$current_data) { throw new waException(_w('Post not found'), 404); } } if (!$contact_id) { //use author id for cron task $contact_id = $current_data['contact_id']; } } else { $current_data = array(); if (empty($data['contact_id'])) { $data['contact_id'] = $contact_id; } else { blogHelper::checkRights($data['blog_id'], $contact_id, $contact_id != $data['contact_id'] ? blogRightConfig::RIGHT_FULL : blogRightConfig::RIGHT_READ_WRITE); } } //check rights for non admin $source_data = array('contact_id' => isset($current_data['contact_id']) ? $current_data['contact_id'] : $data['contact_id'], 'blog_id' => isset($current_data['blog_id']) ? $current_data['blog_id'] : $data['blog_id']); $target_data = array('contact_id' => isset($data['contact_id']) ? $data['contact_id'] : $source_data['contact_id'], 'blog_id' => isset($data['blog_id']) ? $data['blog_id'] : $source_data['blog_id']); //check editor rights blogHelper::checkRights($source_data['blog_id'], $contact_id); //change blog if ($source_data['blog_id'] != $target_data['blog_id']) { //check editor rights for target blog blogHelper::checkRights($target_data['blog_id'], $contact_id, $contact_id != $target_data['contact_id'] ? blogRightConfig::RIGHT_FULL : blogRightConfig::RIGHT_READ_WRITE); //check (new) author rights if ($contact_id != $target_data['contact_id']) { //skip it = for admin it allowed //blogHelper::checkRights($target_data['blog_id'],$target_data['contact_id']); } } else { //check new author rights if ($contact_id != $target_data['contact_id'] && $target_data['contact_id'] != $source_data['contact_id']) { blogHelper::checkRights($target_data['blog_id'], $target_data['contact_id']); } } //status changes if (isset($data['status'])) { switch ($data['status']) { case self::STATUS_PUBLISHED: if (!isset($data['datetime']) || !$data['datetime']) { if (!isset($current_data['datetime']) || !$current_data['datetime']) { $data['datetime'] = date("Y-m-d H:i:s"); } elseif (isset($current_data['status']) && !in_array($current_data['status'], array(self::STATUS_PUBLISHED, self::STATUS_SCHEDULED))) { $data['datetime'] = date("Y-m-d H:i:s"); } else { unset($data['datetime']); } } break; case self::STATUS_DRAFT: if (!isset($data['datetime']) || !$data['datetime']) { if (!isset($current_data['datetime']) || !$current_data['datetime']) { $data['datetime'] = date("Y-m-d H:i:s"); } else { unset($data['datetime']); } } break; case self::STATUS_SCHEDULED: if (!isset($data['datetime']) || !$data['datetime']) { unset($data['datetime']); } break; case self::STATUS_DEADLINE: if (!isset($data['datetime']) || !$data['datetime'] || is_array($data['datetime']) && !$data['datetime'][0]) { $data['status'] = self::STATUS_DRAFT; $data['datetime'] = date("Y-m-d H:i:s"); } break; } } if (!$id && (!isset($data['contact_id']) || !$data['contact_id'])) { $data['contact_id'] = wa()->getUser()->getId(); } if (isset($data['url']) && strlen($data['url'])) { if (substr($data['url'], -1) == '/') { $data['url'] = preg_replace('~\\/+$~', '', $data['url']); } if (strpos($data['url'], '/') !== false) { throw new waException(_w('URL must not contain /')); } if ($this->checkUrl($data['url'], $id)) { throw new waException(_w('This address is already in use') . ' ' . $data['url']); } } else { //$data['url'] = blogHelper::transliterate($data['url']); } $edit = $id ? true : false; $event_map = array(0 => array(0 => array('post_presave', 'post_save'), self::STATUS_PUBLISHED => array('post_prepublish', 'post_publish'), self::STATUS_SCHEDULED => array('post_preshedule', 'post_shedule'), self::STATUS_DEADLINE => array('post_presave', 'post_save'), self::STATUS_DRAFT => array('post_presave', 'post_save')), self::STATUS_DRAFT => array(0 => array('post_presave', 'post_save'), self::STATUS_PUBLISHED => array('post_prepublish', 'post_publish'), self::STATUS_SCHEDULED => array('post_preshedule', 'post_shedule'), self::STATUS_DEADLINE => array('post_presave', 'post_save'), self::STATUS_DRAFT => array('post_presave', 'post_save')), self::STATUS_DEADLINE => array(0 => array('post_presave', 'post_save'), self::STATUS_PUBLISHED => array('post_prepublish', 'post_publish'), self::STATUS_SCHEDULED => array('post_preshedule', 'post_shedule'), self::STATUS_DEADLINE => array('post_presave', 'post_save'), self::STATUS_DRAFT => array('post_presave', 'post_save')), self::STATUS_SCHEDULED => array(0 => array('post_presave', 'post_save'), self::STATUS_PUBLISHED => array('post_prepublish', 'post_publish'), self::STATUS_SCHEDULED => array('post_presave', 'post_save'), self::STATUS_DEADLINE => array('post_presave', 'post_save'), self::STATUS_DRAFT => array('post_presave', 'post_save')), self::STATUS_PUBLISHED => array(0 => array('post_presave', 'post_save'), self::STATUS_PUBLISHED => array('post_presave', 'post_save'), self::STATUS_SCHEDULED => array('post_preshedule', 'post_shedule'), self::STATUS_DEADLINE => array('post_presave', 'post_save'), self::STATUS_DRAFT => array('post_presave', 'post_save'))); $events = $event_map[isset($current_data['status']) ? $current_data['status'] : 0][isset($data['status']) ? $data['status'] : 0]; $data['plugin'] = $plugin; /** * @event post_prepublish * @event post_preshedule * @event post_presave * @param array [string]mixed $data * @param array [string]int $data['id'] * @param array [string][string]mixed $data['plugin']['%plugin_id'] * @return array[%plugin_id%][%field%]string Error message for field %field% */ $errors = wa()->event(array_shift($events), $data); if ($id) { if ($source_data['blog_id'] != $target_data['blog_id']) { $comment_model = new blogCommentModel(); $comment_model->updateByField('post_id', $id, array('blog_id' => $target_data['blog_id'])); } $this->updateById($id, $data); $data[$this->id] = $id; } else { $id = $this->insert($data); blogActivity::setUserActivity(); $data[$this->id] = $id; if (!isset($data['url']) || strlen($data['url']) == 0) { $this->updateById($id, array('url' => $id)); } } //status changed //blog_id changed $data = array_merge($current_data, $data); $blog_model = new blogBlogModel(); if ($edit) { //unpublish if ($current_data['status'] == self::STATUS_PUBLISHED && $data['status'] != self::STATUS_PUBLISHED) { $blog_model->updateQty($data['blog_id'], '-1'); //publish } elseif ($current_data['status'] != self::STATUS_PUBLISHED && $data['status'] == self::STATUS_PUBLISHED) { $blog_model->updateQty($data['blog_id'], '+1'); //move } elseif (isset($current_data['blog_id']) && $current_data['status'] == self::STATUS_PUBLISHED && $data['status'] == self::STATUS_PUBLISHED && $current_data['blog_id'] != $data['blog_id']) { $blog_model->updateQty($data['blog_id'], '+1'); $blog_model->updateQty($current_data['blog_id'], '-1'); } } else { if ($data['status'] == self::STATUS_PUBLISHED) { $blog_model->updateQty($data['blog_id'], '+1'); } } /** * @event post_publish * @event post_shedule * @event post_save * @param array [string]mixed $data * @param array [string]int $data['id'] * @param array [string][string]mixed $data['plugin']['%plugin_id'] * @return void */ wa()->event(array_shift($events), $data); return $id; }
public function postForm($id = null) { $html = false; if (blogHelper::checkRights() >= blogRightConfig::RIGHT_READ_WRITE) { $url = wa()->getAppUrl('blog') . '?module=post&action=edit'; $submit = _wd('blog', 'New post'); $html = <<<HTML <form action="{$url}" method="POST" id="{$id}"> <p> \t<input type="text" name="title"/><br/> \t<textarea name="text" cols="60" rows="20"></textarea><br/> \t{$this->wa->getView()->getHelper()->csrf()} \t<input type="submit" value="{$submit}"/> </p> </form> HTML; } return $html; }
public function execute() { $this->post_id = max(0, $this->getRequest()->get('id', 0, waRequest::TYPE_INT)); $this->parent_id = max(0, $this->getRequest()->post('parent', 0, waRequest::TYPE_INT)); $comment_model = new blogCommentModel(); $post_model = new blogPostModel(); /** * * Parent comment data * @var array */ $parent = null; $stream = false; //find comment parent if ($this->parent_id && ($parent = $comment_model->getById($this->parent_id))) { if ($this->post_id && $this->post_id != $parent['post_id']) { throw new waRightsException(_w('Access denied')); } if (!$this->post_id) { $stream = true; } $this->post_id = $parent['post_id']; } else { $this->parent_id = 0; } //find post if (!$this->post_id || !($post = $post_model->getBlogPost($this->post_id))) { throw new waException(_w('Post not found'), 404); } $contact_id = $this->getUser()->getId(); #check rights $rights = blogHelper::checkRights($post['blog_id'], $contact_id, blogRightConfig::RIGHT_READ); //check comment mode if (!$post['comments_allowed']) { throw new waException(_w("Isn't allowed comment to this post")); } $comment = array('blog_id' => $post['blog_id'], 'post_id' => $this->post_id, 'contact_id' => $contact_id, 'text' => $this->getRequest()->post('text'), 'auth_provider' => blogCommentModel::AUTH_USER); $this->errors += $comment_model->validate($comment); if (count($this->errors) > 0) { return; } $id = $comment_model->add($comment, $this->parent_id); $this->logAction('comment_add', $id); $comment = $comment_model->getById($id); //$comment['new'] = false; $comment['parent'] = $this->parent_id; if ($stream) { $comment['parent_text'] = $parent ? $parent['text'] : null; $comment['parent_status'] = $parent ? $parent['status'] : null; } else { $count = $comment_model->getCount($post['blog_id'], $this->post_id); $this->response['count_str'] = $count . " " . _w('comment', 'comments', $count); } $comment['rights'] = $rights; $comment['post'] =& $post; $post['comments'] = $comment_model->prepareView(array($comment), array('photo_url_20')); blogHelper::extendRights($post['comments'], array(), $contact_id); if ($stream) { $posts = array($this->post_id => &$post); $blog_model = new blogBlogModel(); $extend_data = array('blog' => $blog_model->search(array('id' => $this->post_id))->fetchSearchAll()); $post_model->prepareView($posts, array('link' => true), $extend_data); } else { unset($comment['post']); } $view = wa()->getView(); $view->assign('post', $post); $view->assign('contact_rights', $this->getUser()->getRights('contacts', 'backend')); $template = $view->fetch('templates/actions/post/include.comments.html'); $this->getResponse()->addHeader('Content-type', 'application/json'); $this->response['template'] = $template; }
private function delete($post) { $post_model = new blogPostModel(); $post = $post_model->getFieldsById($post['id'], array('id', 'blog_id')); if ($post) { if (!$this->getUser()->isAdmin($this->getApp())) { // author of post if ($post['contact_id'] == $this->getUser()->getId()) { blogHelper::checkRights($post['blog_id'], $this->getUser()->getId(), blogRightConfig::RIGHT_READ_WRITE); } else { blogHelper::checkRights($post['blog_id'], $this->getUser()->getId(), blogRightConfig::RIGHT_FULL); } } $post_model->deleteById($post['id']); $this->response['redirect'] = '?blog=' . $post['blog_id']; } else { $this->response['redirect'] = '?'; } }
public function execute() { $post_id = waRequest::get('id', null, waRequest::TYPE_INT); $blog_model = new blogBlogModel(); $blogs = $blog_model->getAvailable(); if (!$blogs) { $this->setTemplate('BlogNotFound'); return; } $blogs = $blog_model->prepareView($blogs); if ($post_id) { // edit post $post_model = new blogPostModel(); $post = $post_model->getById($post_id); if (!$post) { throw new waException(_w('Post not found'), 404); } //check rights if (blogHelper::checkRights($post['blog_id']) < blogRightConfig::RIGHT_FULL && $post['contact_id'] != $this->getUser()->getId()) { throw new waRightsException(_w('Access denied')); } $post['datetime'] = $post['datetime'] >= 1971 ? $post['datetime'] : ''; $blog_id = $post['blog_id']; $blog = $blogs[$blog_id]; $title = trim(sprintf(_w('Editing post %s'), $post['title'])); } else { // add post $date = waRequest::get('date', ''); $blog = $this->getAllowedBlog($blogs, wa()->getStorage()->read('blog_last_id')); if (!$blog) { throw new waRightsException(_w('Access denied')); } $blog_id = $blog['id']; $post = array('title' => $this->getRequest()->post('title', '', waRequest::TYPE_STRING_TRIM), 'text' => $this->getRequest()->post('text', '', waRequest::TYPE_STRING_TRIM), 'continued_text' => null, 'categories' => array(), 'contact_id' => wa()->getUser()->getId(), 'url' => '', 'blog_id' => $blog_id, 'comments_allowed' => true); $post['id'] = ''; $post['status'] = $date ? blogPostModel::STATUS_DEADLINE : blogPostModel::STATUS_DRAFT; $post['datetime'] = ''; $post['meta_title'] = null; $post['meta_keywords'] = null; $post['meta_description'] = null; $title = _w('Adding new post'); } $all_links = blogPostModel::getPureUrls($post); $post['other_links'] = $all_links; $post['link'] = array_shift($post['other_links']); $post['remaining_time'] = null; if ($post['status'] == blogPostModel::STATUS_SCHEDULED && $post['datetime']) { $post['remaining_time'] = $this->calculateRemainingTime($post['datetime']); } if ($blog['rights'] >= blogRightConfig::RIGHT_FULL) { $users = blogHelper::getAuthors($post['blog_id']); } else { $user = $this->getUser(); $users = array($user->getId() => $user->getName()); } // preview hash for all type of drafts if ($post['status'] != blogPostModel::STATUS_PUBLISHED) { $options = array('contact_id' => $post['contact_id'], 'blog_id' => $blog_id, 'post_id' => $post['id'], 'user_id' => wa()->getUser()->getId()); $preview_hash = blogPostModel::getPreviewHash($options); $this->view->assign('preview_hash', base64_encode($preview_hash . $options['user_id'])); } $this->view->assign('no_settlements', empty($all_links) ? true : false); $this->view->assign('params', $this->getPostParams($post['id'])); $this->view->assign('blog', $blog); $this->view->assign('users', $users); $this->view->assign('blogs', $blogs); $allow_change_blog = 0; foreach ($blogs as $blog_item) { if ($blog_item['rights'] >= blogRightConfig::RIGHT_READ_WRITE) { ++$allow_change_blog; } } $this->view->assign('allow_change_blog', $allow_change_blog); $this->view->assign('post_id', $post_id); $this->view->assign('datetime_timezone', waDateTime::date("T", null, wa()->getUser()->getTimezone())); /** * Backend post edit page * UI hook allow extends post edit page * @event backend_post_edit * @param array[string]mixed $post * @param array[string]int $post['id'] * @param array[string]int $post['blog_id'] * @return array[string][string]string $return[%plugin_id%]['sidebar'] Plugin sidebar html output * @return array[string][string]string $return[%plugin_id%]['toolbar'] Plugin toolbar html output * @return array[string][string]string $return[%plugin_id%]['editor_tab'] Plugin editor tab html output */ $this->view->assign('backend_post_edit', wa()->event('backend_post_edit', $post, array('sidebar', 'toolbar', 'editor_tab'))); $app_settings = new waAppSettingsModel(); $show_comments = $app_settings->get($this->getApp(), 'show_comments', true); $this->view->assign('show_comments', $show_comments); $this->view->assign('post', $post); /** * @deprecated * For backward compatibility reason */ $this->view->assign('cron_schedule_time', waSystem::getSetting('cron_schedule', 0, 'blog')); $this->view->assign('last_schedule_cron_time', waSystem::getSetting('last_schedule_cron_time', 0, 'blog')); $this->view->assign('cron_command', 'php ' . wa()->getConfig()->getRootPath() . '/cli.php blog schedule'); $this->setLayout(new blogDefaultLayout()); $this->getResponse()->setTitle($title); }