/**
* Handles GET requests of the publish page.
*/
public function get_publish($template = 'publish')
{
$extract = $this->handler_vars->filter_keys('id', 'content_type_name');
foreach ($extract as $key => $value) {
${$key} = $value;
}
$content_type = Post::type($content_type_name);
// 0 is what's assigned to new posts
if (isset($id) && $id != 0) {
$post = Post::get(array('id' => $id, 'status' => Post::status('any')));
Plugins::act('admin_publish_post', $post);
if (!$post) {
Session::error(_t("You don't have permission to edit that post"));
$this->get_blank();
}
if (!ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t("You don't have permission to edit that post"));
$this->get_blank();
}
$this->theme->post = $post;
} else {
$post = new Post();
Plugins::act('admin_publish_post', $post);
$this->theme->post = $post;
$post->content_type = Post::type(isset($content_type) ? $content_type : 'entry');
// check the user can create new posts of the set type.
$user = User::identify();
$type = 'post_' . Post::type_name($post->content_type);
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
Session::error(_t('Access to create posts of type %s is denied', array(Post::type_name($post->content_type))));
$this->get_blank();
}
}
$this->theme->admin_page = _t('Publish %s', array(Plugins::filter('post_type_display', Post::type_name($post->content_type), 'singular')));
$this->theme->admin_title = _t('Publish %s', array(Plugins::filter('post_type_display', Post::type_name($post->content_type), 'singular')));
$statuses = Post::list_post_statuses(false);
$this->theme->statuses = $statuses;
$form = $post->get_form('admin');
$this->theme->form = $form;
$this->theme->wsse = Utils::WSSE();
$this->display($template);
}
public function form_publish_success( FormUI $form )
{
$post_id = 0;
if ( isset( $this->handler_vars['id'] ) ) {
$post_id = intval( $this->handler_vars['id'] );
}
// If an id has been passed in, we're updating an existing post, otherwise we're creating one
if ( 0 !== $post_id ) {
$post = Post::get( array( 'id' => $post_id, 'status' => Post::status( 'any' ) ) );
// Verify that the post hasn't already been updated since the form was loaded
if ( $post->modified != $form->modified->value ) {
Session::notice( _t( 'The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array( sprintf( '<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars( $post->title ) ) ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
exit;
}
// REFACTOR: this is duplicated in the insert code below, move it outside of the conditions
// Don't try to update form values that have been removed by plugins
$expected = array('title', 'tags', 'content');
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$post->$field = $form->$field->value;
}
}
if ( $form->newslug->value == '' && $post->status == Post::status( 'published' ) ) {
Session::notice( _t( 'A post slug cannot be empty. Keeping old slug.' ) );
}
elseif ( $form->newslug->value != $form->slug->value ) {
$post->slug = $form->newslug->value;
}
// REFACTOR: the permissions checks should go before any of this other logic
// sorry, we just don't allow changing posts you don't have rights to
if ( ! ACL::access_check( $post->get_access(), 'edit' ) ) {
Session::error( _t( 'You don\'t have permission to edit that post' ) );
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( $form->content_type->value != $post->content_type && ( $user->cannot( $type ) || ! $user->can_any( array( 'own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit' ) ) ) ) {
Session::error( _t( 'Changing content types is not allowed' ) );
$this->get_blank();
}
$post->content_type = $form->content_type->value;
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ( ( $post->status != Post::status( 'published' ) )
&& ( $form->status->value == Post::status( 'published' ) )
&& ( HabariDateTime::date_create( $form->pubdate->value )->int == $form->updated->value )
) {
$post->pubdate = HabariDateTime::date_create();
}
// else let the user change the publication date.
// If previously published and the new date is in the future, the post will be unpublished and scheduled. Any other status, and the post will just get the new pubdate.
// This will result in the post being scheduled for future publication if the date/time is in the future and the new status is published.
else {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$minor = $form->minor_edit->value && ( $post->status != Post::status( 'draft' ) );
$post->status = $form->status->value;
}
else {
// REFACTOR: don't do this here, it's duplicated in Post::create()
$post = new Post();
// check the user can create new posts of the set type.
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create' ) ) ) {
Session::error( _t( 'Creating that post type is denied' ) );
$this->get_blank();
}
// REFACTOR: why is this on_success here? We don't even display a form
$form->on_success( array( $this, 'form_publish_success' ) );
if ( HabariDateTime::date_create( $form->pubdate->value )->int != $form->updated->value ) {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$postdata = array(
'slug' => $form->newslug->value,
'user_id' => User::identify()->id,
'pubdate' => $post->pubdate,
'status' => $form->status->value,
'content_type' => $form->content_type->value,
);
// Don't try to add form values that have been removed by plugins
$expected = array( 'title', 'tags', 'content' );
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$postdata[$field] = $form->$field->value;
}
}
$minor = false;
// REFACTOR: consider using new Post( $postdata ) instead and call ->insert() manually
$post = Post::create( $postdata );
}
$post->info->comments_disabled = !$form->comments_enabled->value;
// REFACTOR: admin should absolutely not have a hook for this here
Plugins::act( 'publish_post', $post, $form );
// REFACTOR: we should not have to update a post we just created, this should be moved to the post-update functionality above and only called if changes have been made
// alternately, perhaps call ->update() or ->insert() as appropriate here, so things that apply to each operation (like comments_disabled) can still be included once outside the conditions above
$post->update( $minor );
$permalink = ( $post->status != Post::status( 'published' ) ) ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice( sprintf( _t( 'The post %1$s has been saved as %2$s.' ), sprintf( '<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars( $post->title ) ), Post::status_name( $post->status ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
}
public function form_publish_success(FormUI $form)
{
// var_dump( $form->post->storage);
$user = User::identify();
// Get the Post object from the hidden 'post' control on the form
/** @var Post $post */
$post = $form->post->storage;
// Do some permission checks
// @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead
// sorry, we just don't allow changing posts you don't have rights to
if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('You don\'t have permission to edit that post'));
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$type = 'post_' . Post::type_name($form->content_type->value);
if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) {
Session::error(_t('Changing content types is not allowed'));
// @todo This isn't ideal at all, since it loses all of the changes...
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// If we're creating a new post...
if ($post->id == 0) {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
Session::error(_t('Creating that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Only the original author is associated with a new post
$post->user_id = $user->id;
} else {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (!ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('Editing that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Verify that the post hasn't already been updated since the form was loaded
if ($post->modified != $form->modified->value) {
Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title)))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Prevent a published post from having its slug zeroed
if ($form->newslug->value == '' && $post->status == Post::status('published')) {
Session::notice(_t('A post slug cannot be empty. Keeping old slug.'));
$form->newslug->value = $form->slug->value;
}
}
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && HabariDateTime::date_create($form->pubdate->value)->int == $form->updated->value) {
$post->pubdate = HabariDateTime::date_create();
} else {
$post->pubdate = HabariDateTime::date_create($form->pubdate->value);
}
// Minor updates are when the user has checked the minor update box and the post isn't in draft or new
$minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0;
// Don't try to update form values that have been removed by plugins,
// look for these fields before committing their values to the post
$expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status');
// var_dump($form->$field);
// exit;
foreach ($expected as $field => $control) {
if (isset($form->{$field})) {
//var_dump( $form->$control->value);
// exit;
//echo $field."----------".$control;
$post->{$field} = $form->{$control}->value;
// $post->title = '新的的標題1111';
// $post->tags = '標籤1111';
// $post->content = '我的文章內容測試';
// $post->slug = '我的文章內容測試-1';
// // $post->content_type = 'kkk-2';
// $post->status = 2;
// print_r($post);
// echo "<br/>";
// print_r($post->$field);
// echo "<br/>";
// exit;
}
}
// $post->insert();
// exit;
// This seems cheesy
$post->info->comments_disabled = !$form->comments_enabled->value;
// var_dump($post->info->comments_disabled);
// var_dump($form->comments_enabled->value);
// exit;
// This plugin hook allows changes to be made to the post object prior to its save to the database
Plugins::act('publish_post', $post, $form);
// Insert or Update
if ($post->id == 0) {
$post->insert();
} else {
$post->update($minor);
}
// Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins
$form->save();
$permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice(_t('The post %1$s has been saved as %2$s.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title)), Post::status_name($post->status))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
}
/**
* Determine if a user has been denied access to a specific token
*
* @param string $token The name of the token to detect
* @return boolean True if this user has been denied access to the requested token, false if not
*/
public function cannot($token)
{
return ACL::user_cannot($this, $token);
}
/**
* Helper to handle permissions
*/
public static function has_permission($action, $object = NULL)
{
$user = User::identify();
switch ($action) {
case 'create_thread':
$type = 'post_thread';
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
return false;
}
return true;
case 'reply':
$type = 'post_reply';
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
return false;
}
return true;
case 'edit_thread':
$type = 'post_thread';
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'edit') && !ACL::user_can($user, $type, 'edit')) {
return false;
}
return true;
case 'edit_reply':
$type = 'post_reply';
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'edit') && !ACL::user_can($user, $type, 'edit')) {
return false;
}
return true;
case 'view_private_threads':
return $user->can('forum_see_private');
case 'close_thread':
case 'open_thread':
return $user->can('forum_close_thread');
default:
return false;
}
// check the user can create new posts of the set type.
// $type = 'post_thread';
// if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create') ) ) {
// Session::error( _t( 'Creating that post type is denied' ) );
// return _t('<p>You are not authorized to create threads.</p>');
// }
}
/**
* Called when the publish form is successfully submitted
* @param FormUI $form
*/
public function form_publish_success(FormUI $form)
{
$user = User::identify();
// Get the Post object from the hidden 'post' control on the form
/** @var Post $post */
$post = $form->post->value;
// Do some permission checks
// @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead
// sorry, we just don't allow changing posts you don't have rights to
if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('You don\'t have permission to edit that post'));
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$type = 'post_' . Post::type_name($form->content_type->value);
if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) {
Session::error(_t('You don\'t have permission to change to that content type'));
// @todo This isn't ideal at all, since it loses all of the changes...
Utils::redirect(URL::get('display_publish', $post, false));
exit;
}
// If we're creating a new post...
if ($post->id == 0) {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
Session::error(_t('You don\'t have permission to create posts of that type'));
Utils::redirect(URL::get('display_publish', $post, false));
exit;
}
// Only the original author is associated with a new post
$post->user_id = $user->id;
} else {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (!ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('You don\'t have permission to edit posts of that type'));
Utils::redirect(URL::get('display_publish', $post, false));
exit;
}
// Verify that the post hasn't already been updated since the form was loaded
if ($post->modified != $form->modified->value) {
Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title)))));
Utils::redirect(URL::get('display_publish', $post, false));
exit;
}
// Prevent a published post from having its slug zeroed
if ($form->newslug->value == '' && $post->status == Post::status('published')) {
Session::notice(_t('A post slug cannot be empty. Keeping old slug.'));
$form->newslug->value = $form->slug->value;
}
}
// sometimes we want to overwrite the published date with the current date, if:
// 1) the post was not previously published
// 2) the post is now supposed to be published
// 3) the user has not entered a specific publish date already -- that is, the one on the form that was submitted is the same as the currently saved one
// AND
// 4) the published date is NOT in the future -- if it were, we would reset the date on scheduled posts if we edit them again before they are published
if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && ($post->pubdate == DateTime::create($form->pubdate->value) && $post->pubdate <= DateTime::create())) {
$post->pubdate = DateTime::create();
} else {
$post->pubdate = DateTime::create($form->pubdate->value);
}
// Minor updates are when the user has checked the minor update box and the post isn't in draft or new
$minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0;
// Don't try to update form values that have been removed by plugins,
// look for these fields before committing their values to the post
$expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status');
foreach ($expected as $field => $control) {
if (isset($form->{$field})) {
$post->{$field} = $form->{$control}->value;
}
}
// This seems cheesy
$post->info->comments_disabled = !$form->comments_enabled->value;
// This plugin hook allows changes to be made to the post object prior to its save to the database
Plugins::act('publish_post', $post, $form);
// Insert or Update
if ($post->id == 0) {
$post->insert();
} else {
$post->update($minor);
}
// Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins
$form->save();
$permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink;
$postname = sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title));
$status = Post::status_name($post->status);
Session::notice(_t('The post !postname has been saved as !status.', array('!postname' => $postname, '!status' => $status)));
Utils::redirect(URL::get('display_publish', $post, false));
}
