public function execute() { $data = waRequest::post('data', null); if (!$data) { return; } foreach ($data as $name => $value) { if (in_array($name, $this->allowed_fields) === false) { throw new waException("Can't update post: editing of this field is denied"); } if ($name == 'status') { if (in_array($value, array(blogPostModel::STATUS_DRAFT, blogPostModel::STATUS_DEADLINE, blogPostModel::STATUS_SCHEDULED, blogPostModel::STATUS_PUBLISHED)) === false) { throw new waException("Can't change status: unknown value"); } } } $post_id = waRequest::post('post_id', null, waRequest::TYPE_INT); $post_model = new blogPostModel(); $post = null; if ($post_id) { $post = $post_model->getFieldsById($post_id, array('id', 'blog_id', 'contact_id', 'datetime')); } if (!$post) { throw new waException("Unknown post"); } $contact = wa()->getUser(); $contact_id = $contact->getId(); $allow = blogHelper::checkRights($post['blog_id'], $contact_id, $contact_id != $post['contact_id'] ? blogRightConfig::RIGHT_FULL : blogRightConfig::RIGHT_READ_WRITE); if (!$allow) { throw new waException("Access denied"); } if (!$post_model->updateById($post_id, $data)) { throw new waException("Error when updating data"); } $post = array_merge($post, $data); if ($post['status'] == blogPostModel::STATUS_DEADLINE) { $user = wa()->getUser(); $timezone = $user->getTimezone(); $current_datetime = waDateTime::date("Y-m-d", null, $timezone); $datetime = waDateTime::date("Y-m-d", $post['datetime'], $timezone); if ($datetime <= $current_datetime) { $post['overdue'] = true; } } $this->response['post'] = $post; }
public function execute() { $this->getResponse()->addHeader('Content-type', 'application/json'); $post_id = waRequest::post('post_id', null); $date = waRequest::post('date'); if (!is_null($post_id)) { $post_model = new blogPostModel(); $post = $post_model->getFieldsById($post_id, array('status')); $status = $post['status']; if ($status == blogPostModel::STATUS_DEADLINE || $status == blogPostModel::STATUS_DRAFT) { if (strlen($date) == 0) { $this->response['valid'] = true; return; } } } $this->response['valid'] = true; if (!waDateTime::parse('date', $date, wa()->getUser()->getTimezone())) { $this->response['valid'] = false; } }
private function delete($post) { $post_model = new blogPostModel(); $post = $post_model->getFieldsById($post['id'], array('id', 'blog_id')); if ($post) { if (!$this->getUser()->isAdmin($this->getApp())) { // author of post if ($post['contact_id'] == $this->getUser()->getId()) { blogHelper::checkRights($post['blog_id'], $this->getUser()->getId(), blogRightConfig::RIGHT_READ_WRITE); } else { blogHelper::checkRights($post['blog_id'], $this->getUser()->getId(), blogRightConfig::RIGHT_FULL); } } $post_model->deleteById($post['id']); $this->response['redirect'] = '?blog=' . $post['blog_id']; } else { $this->response['redirect'] = '?'; } }