/** * generates proper text for confirmation question and deletes comments * * * @param mixed $comment_id (single or array) * @return string text for confirmation question or empty string after deletion */ function delete_comments($delete_comments_array = '') { $text = ''; $confirmed = false; if (!is_array($delete_comments_array)) { $delete_comments_array = array($delete_comments_array); } if (Request::submitted('yes') and Request::isPost()) { CSRFProtection::verifySecurityToken(); $confirmed = true; } if ($confirmed) { foreach ($delete_comments_array as $comment_id) { $delete_comment = new StudipComment($comment_id); if (!$delete_comment->isNew()) { if (!is_object($news[$delete_comment->getValue("object_id")])) { $news[$delete_comment->getValue("object_id")] = new StudipNews($delete_comment->getValue("object_id")); } // user has to have delete permission for news if ($news[$delete_comment->getValue("object_id")]->havePermission('delete')) { $delete_comment->delete(); $delete_counter++; } else { PageLayout::postMessage(MessageBox::error(_('Keine Berechtigung zum Löschen des Kommentars.'))); } } } if ($delete_counter > 1) { PageLayout::postMessage(MessageBox::success(sprintf(_('%s Kommentare wurden gelöscht.'), $delete_counter))); } elseif ($delete_counter == 1) { PageLayout::postMessage(MessageBox::success(_('Kommentar wurde gelöscht.'))); } } else { if (count($delete_comments_array) > 1) { $text = sprintf(_('Wollen Sie die %s Komentare jetzt löschen?'), count($delete_comments_array)); } elseif (count($delete_comments_array) == 1) { $text = _('Wollen Sie den Kommentar jetzt löschen?'); } } return $text; }
echo CSRFProtection::tokenTag(); ?> <input type="hidden" name="comsubmit" value="<?php echo $new['news_id']; ?> "> <div align="center"> <textarea class="add_toolbar wysiwyg" name="comment_content" style="width:70%" rows="8" cols="38" wrap="virtual" placeholder="<?php echo _('Geben Sie hier Ihren Kommentar ein!'); ?> "></textarea> <br> <?php echo Studip\Button::createAccept(_('Absenden')); ?> </div> </form> <? endif ?> <? else: ?> <a href="<?php echo ContentBoxHelper::href($new['news_id'], array("comments" => 1)); ?> "> <?php echo sprintf(_('Kommentare lesen (%s) / Kommentar schreiben'), StudipComment::NumCommentsForObject($new['news_id'])); ?> </a> <? endif; ?> </footer> <? endif; ?>
private function requireComment($id) { if (!($comment = \StudipComment::find($id))) { $this->notFound("Comment not found"); } if (!$comment->news->havePermission('view', '', $GLOBALS['user']->id)) { $this->error(401); } return $comment; }
public static function DoGarbageCollect() { $db = DBManager::get(); if (!Config::GetInstance()->getValue('NEWS_DISABLE_GARBAGE_COLLECT')) { $result = $db->query("SELECT news.news_id FROM news where (date+expire)<UNIX_TIMESTAMP()\n UNION DISTINCT\n SELECT news_range.news_id FROM news_range LEFT JOIN news USING (news_id) WHERE ISNULL(news.news_id)\n UNION DISTINCT\n SELECT news.news_id FROM news LEFT JOIN news_range USING (news_id) WHERE range_id IS NULL")->fetchAll(PDO::FETCH_COLUMN, 0); if (count($result) > 0) { $query = "DELETE FROM news WHERE news_id IN (?)"; $statement = DBManager::get()->prepare($query); $statement->execute(array($result)); $killed = $statement->rowCount(); $query = "DELETE FROM news_range WHERE news_id IN (?)"; $statement = DBManager::get()->prepare($query); $statement->execute(array($result)); object_kill_visits(null, $result); object_kill_views($result); StudipComment::DeleteCommentsByObject($result); } return $killed; } }
/** * Builds news dialog for editing / adding news * * @param string $id news id (in case news already exists; otherwise set to "new") * @param string $context_range range id (only for new news; set to 'template' for copied news) * @param string $template_id template id (source of news template) * */ function edit_news_action($id = '', $context_range = '', $template_id = '') { // initialize $this->news_isvisible = array('news_basic' => true, 'news_comments' => false, 'news_areas' => false); $ranges = array(); $this->ranges = array(); $this->area_options_selectable = array(); $this->area_options_selected = array(); $this->may_delete = false; $this->route = "news/edit_news/{$id}"; if ($context_range) { $this->route .= "/{$context_range}"; if ($template_id) { $this->route .= "/{$template_id}"; } } $msg_object = new messaging(); if ($id == "new") { unset($id); $this->title = _("Ankündigung erstellen"); } else { $this->title = _("Ankündigung bearbeiten"); } // user has to have autor permission at least if (!$GLOBALS['perm']->have_perm(autor)) { $this->set_status(401); return $this->render_nothing(); } // Output as dialog (Ajax-Request) or as Stud.IP page? if (Request::isXhr()) { $this->set_layout(null); header('X-Title: ' . $this->title); } else { $this->set_layout($GLOBALS['template_factory']->open('layouts/base')); } // load news and comment data and check if user has permission to edit $news = new StudipNews($id); if (!$news->isNew()) { $this->comments = StudipComment::GetCommentsForObject($id); } if (!$news->havePermission('edit') and !$news->isNew()) { $this->set_status(401); PageLayout::postMessage(MessageBox::error(_('Keine Berechtigung!'))); return $this->render_nothing(); } // if form sent, get news data by post vars if (Request::get('news_isvisible')) { // visible categories, selected areas, topic, and body are utf8 encoded when sent via ajax $this->news_isvisible = unserialize(Request::get('news_isvisible')); if (Request::isXhr()) { $this->area_options_selected = unserialize(studip_utf8decode(Request::get('news_selected_areas'))); $this->area_options_selectable = unserialize(studip_utf8decode(Request::get('news_selectable_areas'))); $topic = studip_utf8decode(Request::get('news_topic')); $body = transformBeforeSave(Studip\Markup::purifyHtml(studip_utf8decode(Request::get('news_body')))); } else { $this->area_options_selected = unserialize(Request::get('news_selected_areas')); $this->area_options_selectable = unserialize(Request::get('news_selectable_areas')); $topic = Request::get('news_topic'); $body = transformBeforeSave(Studip\Markup::purifyHtml(Request::get('news_body'))); } $date = $this->getTimeStamp(Request::get('news_startdate'), 'start'); $expire = $this->getTimeStamp(Request::get('news_enddate'), 'end') ? $this->getTimeStamp(Request::get('news_enddate'), 'end') - $this->getTimeStamp(Request::get('news_startdate'), 'start') : ''; $allow_comments = Request::get('news_allow_comments') ? 1 : 0; if (Request::submitted('comments_status_deny')) { $this->anker = 'news_comments'; $allow_comments = 0; } elseif (Request::submitted('comments_status_allow')) { $this->anker = 'news_comments'; $allow_comments = 1; } if ($news->getValue('topic') != $topic or $news->getValue('body') != $body or $news->getValue('date') != $date or $news->getValue('allow_comments') != $allow_comments or $news->getValue('expire') != $expire) { $changed = true; } $news->setValue('topic', $topic); $news->setValue('body', $body); $news->setValue('date', $date); $news->setValue('expire', $expire); $news->setValue('allow_comments', $allow_comments); } elseif ($id) { // if news id given check for valid id and load ranges if ($news->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } $ranges = $news->news_ranges->toArray(); } elseif ($template_id) { // otherwise, load data from template $news_template = new StudipNews($template_id); if ($news_template->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } // check for permission if (!$news_template->havePermission('edit')) { $this->set_status(401); return $this->render_nothing(); } $ranges = $news_template->news_ranges->toArray(); // remove those ranges for which user doesn't have permission foreach ($ranges as $key => $news_range) { if (!$news->haveRangePermission('edit', $news_range['range_id'])) { $changed_areas++; $this->news_isvisible['news_areas'] = true; unset($ranges[$key]); } } if ($changed_areas == 1) { PageLayout::postMessage(MessageBox::info(_('1 zugeordneter Bereich wurde nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'))); } elseif ($changed_areas) { PageLayout::postMessage(MessageBox::info(sprintf(_('%s zugeordnete Bereiche wurden nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'), $changed_areas))); } $news->setValue('topic', $news_template->getValue('topic')); $news->setValue('body', $news_template->getValue('body')); $news->setValue('date', $news_template->getValue('date')); $news->setValue('expire', $news_template->getValue('expire')); $news->setValue('allow_comments', $news_template->getValue('allow_comments')); } else { // for new news, set startdate to today and range to dialog context $news->setValue('date', strtotime(date('Y-m-d'))); // + 12*60*60; $news->setValue('expire', 604800); if ($context_range != '' and $context_range != 'template') { $add_range = new NewsRange(array('', $context_range)); $ranges[] = $add_range->toArray(); } } // build news var for template $this->news = $news->toArray(); // treat faculties and institutes as one area group (inst) foreach ($ranges as $range) { switch ($range['type']) { case 'fak': $this->area_options_selected['inst'][$range['range_id']] = $range['name']; break; default: $this->area_options_selected[$range['type']][$range['range_id']] = $range['name']; } } // define search presets $this->search_presets['user'] = _('Meine Profilseite'); if ($GLOBALS['perm']->have_perm('autor') and !$GLOBALS['perm']->have_perm('admin')) { $my_sem = $this->search_area('__THIS_SEMESTER__'); if (count($my_sem['sem'])) { $this->search_presets['sem'] = _('Meine Veranstaltungen im aktuellen Semester') . ' (' . count($my_sem['sem']) . ')'; } } if ($GLOBALS['perm']->have_perm('dozent') and !$GLOBALS['perm']->have_perm('root')) { $my_inst = $this->search_area('__MY_INSTITUTES__'); if (count($my_inst)) { $this->search_presets['inst'] = _('Meine Einrichtungen') . ' (' . count($my_inst['inst']) . ')'; } } if ($GLOBALS['perm']->have_perm('root')) { $this->search_presets['global'] = $this->area_structure['global']['title']; } // perform search if (Request::submitted('area_search') or Request::submitted('area_search_preset')) { $this->anker = 'news_areas'; $this->search_term = studip_utf8decode(Request::get('area_search_term')); if (Request::submitted('area_search')) { $this->area_options_selectable = $this->search_area($this->search_term); } else { $this->current_search_preset = Request::option('search_preset'); if ($this->current_search_preset == 'inst') { $this->area_options_selectable = $my_inst; } elseif ($this->current_search_preset == 'sem') { $this->area_options_selectable = $my_sem; } elseif ($this->current_search_preset == 'user') { $this->area_options_selectable = array('user' => array($GLOBALS['auth']->auth['uid'] => get_fullname())); } elseif ($this->current_search_preset == 'global') { $this->area_options_selectable = array('global' => array('studip' => _('Stud.IP'))); } } if (!count($this->area_options_selectable)) { unset($this->search_term); } else { // already assigned areas won't be selectable foreach ($this->area_options_selected as $type => $data) { foreach ($data as $id => $title) { unset($this->area_options_selectable[$type][$id]); } } } } // delete comment(s) if (Request::submitted('delete_marked_comments')) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments(Request::optionArray('mark_comments')); $this->flash['question_param'] = array('mark_comments' => Request::optionArray('mark_comments'), 'delete_marked_comments' => 1); // reload comments if (!$this->flash['question_text']) { $this->comments = StudipComment::GetCommentsForObject($id); $changed = true; } } if ($news->havePermission('delete')) { $this->comments_admin = true; } if (is_array($this->comments)) { foreach ($this->comments as $key => $comment) { if (Request::submitted('news_delete_comment_' . $comment['comment_id'])) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments($comment['comment_id']); $this->flash['question_param'] = array('mark_comments' => array($comment['comment_id']), 'delete_marked_comments' => 1); } } } // open / close category foreach ($this->news_isvisible as $category => $value) { if (Request::submitted('toggle_' . $category) or Request::get($category . '_js')) { $this->news_isvisible[$category] = $this->news_isvisible[$category] ? false : true; $this->anker = $category; } } // add / remove areas if (Request::submitted('news_add_areas') and is_array($this->area_options_selectable)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selectable') as $range_id) { foreach ($this->area_options_selectable as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selected[$type][$range_id] = $data[$range_id]; unset($this->area_options_selectable[$type][$range_id]); } } } } if (Request::submitted('news_remove_areas') and is_array($this->area_options_selected)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selected') as $range_id) { foreach ($this->area_options_selected as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selectable[$type][$range_id] = $data[$range_id]; unset($this->area_options_selected[$type][$range_id]); } } } } // prepare to save news if (Request::submitted('save_news') and Request::isPost()) { CSRFProtection::verifySecurityToken(); //prepare ranges array for already assigned news_ranges foreach ($news->getRanges() as $range_id) { $this->ranges[$range_id] = get_object_type($range_id, array('global', 'fak', 'inst', 'sem', 'user')); } // check if new ranges must be added foreach ($this->area_options_selected as $type => $area_group) { foreach ($area_group as $range_id => $area_title) { if (!isset($this->ranges[$range_id])) { if ($news->haveRangePermission('edit', $range_id)) { $news->addRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(sprintf(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung für "%s".'), htmlReady($area_title)))); $error++; } } } } // check if assigned ranges must be removed foreach ($this->ranges as $range_id => $range_type) { if ($range_type === 'fak' && !isset($this->area_options_selected['inst'][$range_id]) || $range_type !== 'fak' && !isset($this->area_options_selected[$range_type][$range_id])) { if ($news->havePermission('unassign', $range_id)) { $news->deleteRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung.'))); $error++; } } } // save news if ($news->validate() and !$error) { if ($news->getValue('user_id') != $GLOBALS['auth']->auth['uid']) { $news->setValue('chdate_uid', $GLOBALS['auth']->auth['uid']); setTempLanguage($news->getValue('user_id')); $msg = sprintf(_('Ihre Ankündigung "%s" wurde von %s verändert.'), $news->getValue('topic'), get_fullname() . ' (' . get_username() . ')') . "\n"; $msg_object->insert_message($msg, get_username($news->getValue('user_id')), "____%system%____", FALSE, FALSE, "1", FALSE, _("Systemnachricht:") . " " . _("Ankündigung geändert")); restoreLanguage(); } else { $news->setValue('chdate_uid', ''); } $news->store(); PageLayout::postMessage(MessageBox::success(_('Die Ankündigung wurde gespeichert.'))); // in fallback mode redirect to edit page with proper news id if (!Request::isXhr() and !$id) { $this->redirect('news/edit_news/' . $news->getValue('news_id')); } elseif (Request::isXhr()) { $this->render_nothing(); } } } // check if user has full permission on news object if ($news->havePermission('delete')) { $this->may_delete = true; } }
<? if (Config::get()->NEWS_DISPLAY >= 2 || $new->havePermission('edit')): ?> <span title="<?php echo _('Aufrufe'); ?> " class='news_visits' style="color: #050"> <?php echo object_return_views($new['news_id']); ?> </span> <? endif; ?> <? if ($new['allow_comments']) : $num = StudipComment::NumCommentsForObject($new['news_id']); $visited = object_get_visit($new['news_id'], 'news', false, false); $isnew = StudipComment::NumCommentsForObjectSinceLastVisit($new['news_id'], $visited, $GLOBALS['user']->id); ?> <? if ($num): ?> <? if ($isnew): ?> <span class="news_comments_indicator" title="<?php echo sprintf(_('%s neue(r) Kommentar(e)'), $isnew); ?> "> <?php echo Icon::create("chat", "new")->asImg(); ?> <? else: ?> <span class="news_comments_indicator" title="<?php echo sprintf(_('%s Kommentare'), $num); ?> ">