/**
* @Route("/{id}", name="id")
*/
public function postAction($id = 0)
{
if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) {
App::abort(404, __('Post not found!'));
}
if (!$post->hasAccess(App::user())) {
App::abort(403, __('Insufficient User Rights.'));
}
$post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]);
$post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]);
$user = App::user();
return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php'], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth')], 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]], 'blog' => $this->blog, 'post' => $post];
}
/**
* @Route("/{id}", name="id")
*/
public function postAction($id = 0)
{
if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) {
App::abort(404, __('Post not found!'));
}
if (!$post->hasAccess(App::user())) {
App::abort(403, __('Insufficient User Rights.'));
}
$post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]);
$post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]);
$user = App::user();
$description = $post->get('meta.og:description');
if (!$description) {
$description = strip_tags($post->excerpt ?: $post->content);
$description = rtrim(mb_substr($description, 0, 150), " \t\n\r\v.,") . '...';
}
return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php', 'og:type' => 'article', 'article:published_time' => $post->date->format(\DateTime::ATOM), 'article:modified_time' => $post->modified->format(\DateTime::ATOM), 'article:author' => $post->user->name, 'og:title' => $post->get('meta.og:title') ?: $post->title, 'og:description' => $description, 'og:image' => $post->get('image.src') ? App::url()->getStatic($post->get('image.src'), [], 0) : false], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth'), 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]]], 'blog' => $this->blog, 'post' => $post];
}
/**
* {@inheritdoc}
*/
public function generate(array $parameters = [])
{
$id = $parameters['id'];
if (!isset($this->cacheEntries[$id])) {
if (!($post = Post::where(compact('id'))->first())) {
throw new RouteNotFoundException('Post not found!');
}
$this->addCache($post);
}
$meta = $this->cacheEntries[$id];
preg_match_all('#{([a-z]+)}#i', self::getPermalink(), $matches);
if ($matches) {
foreach ($matches[1] as $attribute) {
if (isset($meta[$attribute])) {
$parameters[$attribute] = $meta[$attribute];
}
}
}
unset($parameters['id']);
return $parameters;
}
/**
* @Route("/post/edit", name="post/edit")
* @Access("blog: manage own posts || blog: manage all posts")
* @Request({"id": "int"})
*/
public function editAction($id = 0)
{
try {
if (!($post = Post::where(compact('id'))->related('user')->first())) {
if ($id) {
App::abort(404, __('Invalid post id.'));
}
$module = App::module('blog');
$post = Post::create(['user_id' => App::user()->id, 'status' => Post::STATUS_DRAFT, 'date' => new \DateTime(), 'comment_status' => (bool) $module->config('posts.comments_enabled')]);
$post->set('title', $module->config('posts.show_title'));
$post->set('markdown', $module->config('posts.markdown_enabled'));
}
$user = App::user();
if (!$user->hasAccess('blog: manage all posts') && $post->user_id !== $user->id) {
App::abort(403, __('Insufficient User Rights.'));
}
$roles = App::db()->createQueryBuilder()->from('@system_role')->where(['id' => Role::ROLE_ADMINISTRATOR])->whereInSet('permissions', ['blog: manage all posts', 'blog: manage own posts'], false, 'OR')->execute('id')->fetchAll(\PDO::FETCH_COLUMN);
$authors = App::db()->createQueryBuilder()->from('@system_user')->whereInSet('roles', $roles)->execute('id, username')->fetchAll();
return ['$view' => ['title' => $id ? __('Edit Post') : __('Add Post'), 'name' => 'blog/admin/post-edit.php'], '$data' => ['post' => $post, 'statuses' => Post::getStatuses(), 'roles' => array_values(Role::findAll()), 'canEditAll' => $user->hasAccess('blog: manage all posts'), 'authors' => $authors], 'post' => $post];
} catch (\Exception $e) {
App::message()->error($e->getMessage());
return App::redirect('@blog/post');
}
}
/**
* @Route("/{id}", methods="GET", requirements={"id"="\d+"})
*/
public function getAction($id)
{
return Post::where(compact('id'))->related('user', 'comments')->first();
}
/**
* @Route("/", methods="POST")
* @Route("/{id}", methods="POST", requirements={"id"="\d+"})
* @Request({"comment": "array", "id": "int"}, csrf=true)
*/
public function saveAction($data, $id = 0)
{
if (!$id) {
if (!$this->user->hasAccess('blog: post comments')) {
App::abort(403, __('Insufficient User Rights.'));
}
$comment = Comment::create();
if ($this->user->isAuthenticated()) {
$data['author'] = $this->user->name;
$data['email'] = $this->user->email;
$data['url'] = $this->user->url;
} elseif ($this->blog->config('comments.require_email') && (!@$data['author'] || !@$data['email'])) {
App::abort(400, __('Please provide valid name and email.'));
}
$comment->user_id = $this->user->isAuthenticated() ? (int) $this->user->id : 0;
$comment->ip = App::request()->getClientIp();
$comment->created = new \DateTime();
} else {
if (!$this->user->hasAccess('blog: manage comments')) {
App::abort(403, __('Insufficient User Rights.'));
}
$comment = Comment::find($id);
if (!$comment) {
App::abort(404, __('Comment not found.'));
}
}
unset($data['created']);
// check minimum idle time in between user comments
if (!$this->user->hasAccess('blog: skip comment min idle') and $minidle = $this->blog->config('comments.minidle') and $commentIdle = Comment::where($this->user->isAuthenticated() ? ['user_id' => $this->user->id] : ['ip' => App::request()->getClientIp()])->orderBy('created', 'DESC')->first()) {
$diff = $commentIdle->created->diff(new \DateTime("- {$minidle} sec"));
if ($diff->invert) {
App::abort(403, __('Please wait another %seconds% seconds before commenting again.', ['%seconds%' => $diff->s + $diff->i * 60 + $diff->h * 3600]));
}
}
if (@$data['parent_id'] && !($parent = Comment::find((int) $data['parent_id']))) {
App::abort(404, __('Parent not found.'));
}
if (!@$data['post_id'] || !($post = Post::where(['id' => $data['post_id']])->first()) or !($this->user->hasAccess('blog: manage comments') || $post->isCommentable() && $post->isPublished())) {
App::abort(404, __('Post not found.'));
}
$approved_once = (bool) Comment::where(['user_id' => $this->user->id, 'status' => Comment::STATUS_APPROVED])->first();
$comment->status = $this->user->hasAccess('blog: skip comment approval') ? Comment::STATUS_APPROVED : $this->user->hasAccess('blog: comment approval required once') && $approved_once ? Comment::STATUS_APPROVED : Comment::STATUS_PENDING;
// check the max links rule
if ($comment->status == Comment::STATUS_APPROVED && $this->blog->config('comments.maxlinks') <= preg_match_all('/<a [^>]*href/i', @$data['content'])) {
$comment->status = Comment::STATUS_PENDING;
}
// check for spam
//App::trigger('system.comment.spam_check', new CommentEvent($comment));
$comment->save($data);
return ['message' => 'success', 'comment' => $comment];
}
