param('code', 'string', true); case 'new': param('container', 'string', true, true); // memorize break; case 'edit': case 'update': case 'delete': case 'move_up': case 'move_down': param('wi_ID', 'integer', true); $WidgetCache =& get_Cache('WidgetCache'); $edited_ComponentWidget =& $WidgetCache->get_by_ID($wi_ID); // Take blog from here! // echo $edited_ComponentWidget->coll_ID; set_working_blog($edited_ComponentWidget->coll_ID); $BlogCache =& get_Cache('BlogCache'); $Blog =& $BlogCache->get_by_ID($blog); break; default: debug_die('Init objects: unhandled action'); } if (!valid_blog_requested()) { debug_die('Invalid blog requested'); } $current_User->check_perm('blog_properties', 'edit', true, $blog); // Get Skin used by current Blog: $SkinCache =& get_Cache('SkinCache'); $Skin =& $SkinCache->get_by_ID($Blog->skin_ID); // Make sure containers are loaded for that skin: $container_list = $Skin->get_containers();
load_funcs('dashboard/model/_dashboard.funcs.php'); /** * @var User */ global $current_User; global $dispatcher, $allow_evo_stats, $blog; if (empty($_GET['blog'])) { // Use dashboard for selected blog only from GET request $blog = 0; unset($Blog); } if ($blog) { // Collection dashboard if (!$current_User->check_perm('blog_ismember', 'view', false, $blog)) { // We don't have permission for the requested blog (may happen if we come to admin from a link on a different blog) set_working_blog(0); unset($Blog); } $AdminUI->set_path('collections', 'dashboard'); // Init params to display a panel with blog selectors $AdminUI->set_coll_list_params('blog_ismember', 'view', array('ctrl' => 'dashboard')); $AdminUI->breadcrumbpath_init(true, array('text' => T_('Collections'), 'url' => $admin_url . '?ctrl=dashboard&blog=$blog$')); $AdminUI->breadcrumbpath_add(T_('Collection Dashboard'), $admin_url . '?ctrl=dashboard&blog=$blog$'); // Set an url for manual page: $AdminUI->set_page_manual_link('collection-dashboard'); // We should activate toolbar menu items for this controller and action $activate_collection_toolbar = true; } else { // Site dashboard $AdminUI->set_path('site', 'dashboard'); $AdminUI->breadcrumbpath_init(false);
break; case 'make_posts_pre': // form for edit several posts break; case 'make_posts_from_files': // Make posts with selected images: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('file'); $FileRootCache =& get_FileRootCache(); // getting root $root = param("root"); $fm_FileRoot =& $FileRootCache->get_by_ID($root, true); // fp> TODO: this block should move to a general level // Try to go to the right blog: if ($fm_FileRoot->type == 'collection') { set_working_blog($fm_FileRoot->in_type_ID); // Load the blog we're in: $Blog =& $BlogCache->get_by_ID($blog); } // --- if (empty($Blog)) { $Messages->add(T_('No destination blog is selected.'), 'error'); break; } //$Blog->disp('name'); // Get default status (includes PERM CHECK): $item_status = $Blog->get_allowed_item_status(); if (empty($item_status)) { $Messages->add(T_('Sorry, you have no permission to post into this blog.'), 'error'); break; }
/** * Handle collections module htsrv actions */ function handle_htsrv_action() { global $demo_mode, $current_User, $DB, $Session, $Messages; global $UserSettings, $samedomain_htsrv_url; if (!is_logged_in()) { // user must be logged in bad_request_die($this->T_('You are not logged in.')); } // Init the objects we want to work on. $action = param_action(true); // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('collections_' . $action); switch ($action) { case 'unlink': // Unlink a file from a LinkOwner ( Item, Comment ) object, and delete that file if it's not linked to any other object $link_ID = param('link_ID', 'integer', true); $redirect_to = param('redirect_to', 'url', ''); $LinkCache =& get_LinkCache(); $edited_Link =& $LinkCache->get_by_ID($link_ID, false); if (!$edited_Link) { // the edited Link object doesn't exists $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Link')), 'error'); header_redirect(); } // We have a link, get the LinkOwner it is attached to: $LinkOwner =& $edited_Link->get_LinkOwner(); $linked_File =& $edited_Link->get_File(); // Load the blog we're in: $Blog =& $LinkOwner->get_Blog(); set_working_blog($Blog->ID); // Check permission: $LinkOwner->check_perm('edit', true); $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { // Unlink File from Item: $edited_Link->dbdelete(true); unset($edited_Link); $Messages->add($LinkOwner->translate('Link has been deleted from $ownerTitle$.'), 'success'); if ($current_User->check_perm('files', 'edit')) { // current User has permission to edit/delete files $file_name = $linked_File->get_name(); // Get number of objects where this file is attahced to // TODO: attila>this must be handled with a different function $file_links = get_file_links($linked_File->ID, array('separator' => '<br />')); $links_count = strlen($file_links) > 0 ? substr_count($file_links, '<br />') + 1 : 0; if ($links_count > 0) { // File is linked to other objects $Messages->add(sprintf(T_('File %s is still linked to %d other objects'), $file_name, $links_count), 'note'); } else { // File is not linked to other objects if ($linked_File->unlink()) { // File removed successful ( removed from db and from storage device also ) $Messages->add(sprintf(T_('File %s has been deleted.'), $file_name), 'success'); } else { // Could not completly remove the file $Messages->add(sprintf(T_('File %s could not be deleted.'), $file_name), 'error'); } } } } else { // Display confirm unlink/delete message $delete_url = $samedomain_htsrv_url . 'action.php?mname=collections&action=unlink&link_ID=' . $edited_Link->ID . '&confirmed=1&crumb_collections_unlink=' . get_crumb('collections_unlink'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = sprintf(T_('You are about to unlink and delete the attached file from %s path.'), $linked_File->get_root_and_rel_path()); $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button; $Messages->add($msg, 'error'); } header_redirect($redirect_to); break; case 'isubs_update': // Subscribe/Unsubscribe user on the selected item if ($demo_mode && $current_User->ID <= 3) { // don't allow default users profile change on demo mode bad_request_die('Demo mode: you can\'t edit the admin and demo users profile!<br />[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]'); } // Get params $item_ID = param('p', 'integer', true); $notify = param('notify', 'integer', 0); if ($notify < 0 || $notify > 1) { // Invalid notify param. It should be 0 for unsubscribe and 1 for subscribe. $Messages->add('Invalid params!', 'error'); } if (!is_email($current_User->get('email'))) { // user doesn't have a valid email address $Messages->add(T_('Your email address is invalid. Please set your email address first.'), 'error'); } if ($Messages->has_errors()) { // errors detected header_redirect(); // already exited here } if (set_user_isubscription($current_User->ID, $item_ID, $notify)) { if ($notify == 0) { $Messages->add(T_('You have successfully unsubscribed.'), 'success'); } else { $Messages->add(T_('You have successfully subscribed to notifications.'), 'success'); } } else { $Messages->add(T_('Could not subscribe to notifications.'), 'error'); } header_redirect(); break; // already exited here } }
$action = 'edit_links'; } else { $action = 'nil'; } } break; } if ($action == 'edit_links') { // set LinkOwner from params $link_type = param('link_type', 'string', 'item', true); $object_ID = param('link_object_ID', 'integer', 0, true); $LinkOwner = get_link_owner($link_type, $object_ID); if (empty($Blog)) { // Load the blog we're in: $Blog =& $LinkOwner->get_Blog(); set_working_blog($Blog->ID); } } if (empty($LinkOwner)) { // If LinkOwner object is not set, we can't process any action $Messages->add(T_('Requested link owner object does not exist any longer.'), 'error'); header_redirect($redirect_to); } switch ($action) { case 'edit_links': // Display link owner attachments // Check permission: $LinkOwner->check_perm('edit', true); // Add JavaScript to handle links modifications. require_js('links.js'); break;
* * @todo (sessions) When creating a blog, provide "edit options" (3 tabs) instead of a single long "New" form (storing the new Blog object with the session data). * @todo Currently if you change the name of a blog it gets not reflected in the blog list buttons! * * @version $Id: coll_settings.ctrl.php,v 1.11 2008/01/21 09:35:26 fplanque Exp $ */ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } param_action('edit'); param('tab', 'string', 'general', true); // Check permissions on requested blog and autoselect an appropriate blog if necessary. // This will prevent a fat error when switching tabs and you have restricted perms on blog properties. if ($selected = autoselect_blog('blog_properties', 'edit')) { // We have a blog to work on: if (set_working_blog($selected)) { // Selected a new blog: $BlogCache =& get_Cache('BlogCache'); $Blog =& $BlogCache->get_by_ID($blog); } /** * @var Blog */ $edited_Blog =& $Blog; } else { // We could not find a blog we have edit perms on... // Note: we may still have permission to edit categories!! // redirect to blog list: header_redirect('?ctrl=collections'); // EXITED: $Messages->add(T_('Sorry, you have no permission to edit blog properties.'), 'error');
/** * Delete all blogs of the user recursively * * @return boolean True on success */ function delete_blogs() { global $DB, $UserSettings, $current_User; $DB->begin(); // Get all own blogs of this user which current user can delete $deleted_Blogs = $this->get_deleted_blogs(); foreach ($deleted_Blogs as $deleted_Blog) { // Delete from DB: $deleted_Blog->dbdelete(); set_working_blog(0); $UserSettings->delete('selected_blog'); // Needed or subsequent pages may try to access the delete blog $UserSettings->dbupdate(); } $DB->commit(); return true; }
$Messages->add(T_('You have no permission to edit comments.'), 'error'); $action = 'nil'; } elseif (set_working_blog($selected)) { // Selected a new blog: $BlogCache =& get_BlogCache(); $Blog =& $BlogCache->get_by_ID($blog); } break; case 'spam': // Used for quick SPAM vote of comments // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('comment'); param('comment_ID', 'integer', true); $edited_Comment =& Comment_get_by_ID($comment_ID); $edited_Comment_Item =& $edited_Comment->get_Item(); set_working_blog($edited_Comment_Item->get_blog_ID()); $BlogCache =& get_BlogCache(); $Blog =& $BlogCache->get_by_ID($blog); // Check permission for spam voting $current_User->check_perm('blog_vote_spam_comments', 'edit', true, $Blog->ID); if ($edited_Comment !== false) { // The comment still exists if ($current_User->ID != $edited_Comment->author_user_ID) { // Do not allow users to vote on their own comments $edited_Comment->set_vote('spam', param('value', 'string')); $edited_Comment->dbupdate(); } } // Where are we going to redirect to? param('redirect_to', 'url', url_add_param($admin_url, 'ctrl=comments&blog=' . $blog . '&filter=restore', '&')); // Redirect so that a reload doesn't write to the DB twice:
} break; case 'make_post': // TODO: We don't need the Filelist, move UP! // Make posts with selected images: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('file'); if (!$selected_Filelist->count()) { $Messages->add(T_('Nothing selected.'), 'error'); $action = 'list'; break; } // fp> TODO: this block should move to a general level // Try to go to the right blog: if ($fm_Filelist->get_root_type() == 'collection') { set_working_blog($fm_Filelist->get_root_ID()); // Load the blog we're in: $Blog =& $BlogCache->get_by_ID($blog); } // --- if (empty($Blog)) { $Messages->add(T_('No destination blog is selected.'), 'error'); break; } //$Blog->disp('name'); // Get default status (includes PERM CHECK): $item_status = $Blog->get_allowed_item_status(); if (empty($item_status)) { $Messages->add(T_('Sorry, you have no permission to post into this blog.'), 'error'); break; }
* Get the blog from param, defaulting to the last selected one for this user: * we need it for quite a few of the menu urls */ if (isset($collections_Module)) { $user_selected_blog = (int) $UserSettings->get('selected_blog'); $BlogCache =& get_BlogCache(); if (param('blog', 'integer', NULL, true) === NULL || $blog > 0 && !($Blog =& $BlogCache->get_by_ID($blog, false, false))) { // Try the memorized blog from the previous action: $blog = $user_selected_blog; if (!($Blog =& $BlogCache->get_by_ID($blog, false, false))) { // That one doesn't exist either... $blog = 0; } } elseif ($blog != $user_selected_blog) { // We have selected a new & valid blog. Update UserSettings for selected blog: set_working_blog($blog); } } // bookmarklet, upload (upload actually means sth like: select img for post): param('mode', 'string', '', true); /* * Get the Admin skin * TODO: Allow setting through GET param (dropdown in backoffice), respecting a checkbox "Use different setting on each computer" (if cookie_state handling is ready) */ $admin_skin = $UserSettings->get('admin_skin'); $admin_skin_path = $adminskins_path . '%s/_adminUI.class.php'; if (!$admin_skin || !file_exists(sprintf($admin_skin_path, $admin_skin))) { // there's no skin for the user if (!$admin_skin) { $Debuglog->add('The user has no admin skin set.', 'skins'); } else {