/** * @Route("/post/edit", name="post/edit") * @Access("blog: manage own posts || blog: manage all posts") * @Request({"id": "int"}) */ public function editAction($id = 0) { try { if (!($post = Post::where(compact('id'))->related('user')->first())) { if ($id) { App::abort(404, __('Invalid post id.')); } $module = App::module('blog'); $post = Post::create(['user_id' => App::user()->id, 'status' => Post::STATUS_DRAFT, 'date' => new \DateTime(), 'comment_status' => (bool) $module->config('posts.comments_enabled')]); $post->set('title', $module->config('posts.show_title')); $post->set('markdown', $module->config('posts.markdown_enabled')); } $user = App::user(); if (!$user->hasAccess('blog: manage all posts') && $post->user_id !== $user->id) { App::abort(403, __('Insufficient User Rights.')); } $roles = App::db()->createQueryBuilder()->from('@system_role')->where(['id' => Role::ROLE_ADMINISTRATOR])->whereInSet('permissions', ['blog: manage all posts', 'blog: manage own posts'], false, 'OR')->execute('id')->fetchAll(\PDO::FETCH_COLUMN); $authors = App::db()->createQueryBuilder()->from('@system_user')->whereInSet('roles', $roles)->execute('id, username')->fetchAll(); return ['$view' => ['title' => $id ? __('Edit Post') : __('Add Post'), 'name' => 'blog/admin/post-edit.php'], '$data' => ['post' => $post, 'statuses' => Post::getStatuses(), 'roles' => array_values(Role::findAll()), 'canEditAll' => $user->hasAccess('blog: manage all posts'), 'authors' => $authors], 'post' => $post]; } catch (\Exception $e) { App::message()->error($e->getMessage()); return App::redirect('@blog/post'); } }