/** * @Route("/{id}", name="id") */ public function postAction($id = 0) { if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) { App::abort(404, __('Post not found!')); } if (!$post->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]); $post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]); $user = App::user(); return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php'], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth')], 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]], 'blog' => $this->blog, 'post' => $post]; }
/** * @Route("/{id}", name="id") */ public function postAction($id = 0) { if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) { App::abort(404, __('Post not found!')); } if (!$post->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]); $post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]); $user = App::user(); $description = $post->get('meta.og:description'); if (!$description) { $description = strip_tags($post->excerpt ?: $post->content); $description = rtrim(mb_substr($description, 0, 150), " \t\n\r\v.,") . '...'; } return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php', 'og:type' => 'article', 'article:published_time' => $post->date->format(\DateTime::ATOM), 'article:modified_time' => $post->modified->format(\DateTime::ATOM), 'article:author' => $post->user->name, 'og:title' => $post->get('meta.og:title') ?: $post->title, 'og:description' => $description, 'og:image' => $post->get('image.src') ? App::url()->getStatic($post->get('image.src'), [], 0) : false], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth'), 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]]], 'blog' => $this->blog, 'post' => $post]; }
/** * {@inheritdoc} */ public function generate(array $parameters = []) { $id = $parameters['id']; if (!isset($this->cacheEntries[$id])) { if (!($post = Post::where(compact('id'))->first())) { throw new RouteNotFoundException('Post not found!'); } $this->addCache($post); } $meta = $this->cacheEntries[$id]; preg_match_all('#{([a-z]+)}#i', self::getPermalink(), $matches); if ($matches) { foreach ($matches[1] as $attribute) { if (isset($meta[$attribute])) { $parameters[$attribute] = $meta[$attribute]; } } } unset($parameters['id']); return $parameters; }
/** * @Route("/post/edit", name="post/edit") * @Access("blog: manage own posts || blog: manage all posts") * @Request({"id": "int"}) */ public function editAction($id = 0) { try { if (!($post = Post::where(compact('id'))->related('user')->first())) { if ($id) { App::abort(404, __('Invalid post id.')); } $module = App::module('blog'); $post = Post::create(['user_id' => App::user()->id, 'status' => Post::STATUS_DRAFT, 'date' => new \DateTime(), 'comment_status' => (bool) $module->config('posts.comments_enabled')]); $post->set('title', $module->config('posts.show_title')); $post->set('markdown', $module->config('posts.markdown_enabled')); } $user = App::user(); if (!$user->hasAccess('blog: manage all posts') && $post->user_id !== $user->id) { App::abort(403, __('Insufficient User Rights.')); } $roles = App::db()->createQueryBuilder()->from('@system_role')->where(['id' => Role::ROLE_ADMINISTRATOR])->whereInSet('permissions', ['blog: manage all posts', 'blog: manage own posts'], false, 'OR')->execute('id')->fetchAll(\PDO::FETCH_COLUMN); $authors = App::db()->createQueryBuilder()->from('@system_user')->whereInSet('roles', $roles)->execute('id, username')->fetchAll(); return ['$view' => ['title' => $id ? __('Edit Post') : __('Add Post'), 'name' => 'blog/admin/post-edit.php'], '$data' => ['post' => $post, 'statuses' => Post::getStatuses(), 'roles' => array_values(Role::findAll()), 'canEditAll' => $user->hasAccess('blog: manage all posts'), 'authors' => $authors], 'post' => $post]; } catch (\Exception $e) { App::message()->error($e->getMessage()); return App::redirect('@blog/post'); } }
/** * @Route("/{id}", methods="GET", requirements={"id"="\d+"}) */ public function getAction($id) { return Post::where(compact('id'))->related('user', 'comments')->first(); }
/** * @Route("/", methods="POST") * @Route("/{id}", methods="POST", requirements={"id"="\d+"}) * @Request({"comment": "array", "id": "int"}, csrf=true) */ public function saveAction($data, $id = 0) { if (!$id) { if (!$this->user->hasAccess('blog: post comments')) { App::abort(403, __('Insufficient User Rights.')); } $comment = Comment::create(); if ($this->user->isAuthenticated()) { $data['author'] = $this->user->name; $data['email'] = $this->user->email; $data['url'] = $this->user->url; } elseif ($this->blog->config('comments.require_email') && (!@$data['author'] || !@$data['email'])) { App::abort(400, __('Please provide valid name and email.')); } $comment->user_id = $this->user->isAuthenticated() ? (int) $this->user->id : 0; $comment->ip = App::request()->getClientIp(); $comment->created = new \DateTime(); } else { if (!$this->user->hasAccess('blog: manage comments')) { App::abort(403, __('Insufficient User Rights.')); } $comment = Comment::find($id); if (!$comment) { App::abort(404, __('Comment not found.')); } } unset($data['created']); // check minimum idle time in between user comments if (!$this->user->hasAccess('blog: skip comment min idle') and $minidle = $this->blog->config('comments.minidle') and $commentIdle = Comment::where($this->user->isAuthenticated() ? ['user_id' => $this->user->id] : ['ip' => App::request()->getClientIp()])->orderBy('created', 'DESC')->first()) { $diff = $commentIdle->created->diff(new \DateTime("- {$minidle} sec")); if ($diff->invert) { App::abort(403, __('Please wait another %seconds% seconds before commenting again.', ['%seconds%' => $diff->s + $diff->i * 60 + $diff->h * 3600])); } } if (@$data['parent_id'] && !($parent = Comment::find((int) $data['parent_id']))) { App::abort(404, __('Parent not found.')); } if (!@$data['post_id'] || !($post = Post::where(['id' => $data['post_id']])->first()) or !($this->user->hasAccess('blog: manage comments') || $post->isCommentable() && $post->isPublished())) { App::abort(404, __('Post not found.')); } $approved_once = (bool) Comment::where(['user_id' => $this->user->id, 'status' => Comment::STATUS_APPROVED])->first(); $comment->status = $this->user->hasAccess('blog: skip comment approval') ? Comment::STATUS_APPROVED : $this->user->hasAccess('blog: comment approval required once') && $approved_once ? Comment::STATUS_APPROVED : Comment::STATUS_PENDING; // check the max links rule if ($comment->status == Comment::STATUS_APPROVED && $this->blog->config('comments.maxlinks') <= preg_match_all('/<a [^>]*href/i', @$data['content'])) { $comment->status = Comment::STATUS_PENDING; } // check for spam //App::trigger('system.comment.spam_check', new CommentEvent($comment)); $comment->save($data); return ['message' => 'success', 'comment' => $comment]; }