/** * Check if the current user is allowed to edit the topic * denoted by the passed id * * @staticvar array $perms * * @param string $topic_id the id for the topic to check for * * @return bool true if the user has the necessary perms, false otherwise */ static function hasEditPerms($topic_id) { static $perms = array(); if (!$perms[$topic_id]) { // find out if the posting is the last in the thread $constraints = ForumEntry::getConstraints($topic_id); $stmt = DBManager::get()->prepare("SELECT user_id, seminar_id\n FROM forum_entries WHERE topic_id = ?"); $stmt->execute(array($topic_id)); $data = $stmt->fetch(); $closed = ForumEntry::isClosed($topic_id); $perms[$topic_id] = ($GLOBALS['user']->id == $data['user_id'] && $GLOBALS['user']->id != 'nobody' || ForumPerm::has('edit_entry', $constraints['seminar_id'])) && (!$closed || $closed && ForumPerm::has('edit_closed', $constraints['seminar_id'])); } return $perms[$topic_id]; }
/** * Show new-entry-form for submitted topic * * @param string $topic_id hte id of the entry to add to */ function new_entry_action($topic_id) { ForumPerm::check('add_entry', $this->getId(), $topic_id); if (ForumEntry::isClosed($topic_id) && !ForumPerm::has('edit_closed')) { throw new AccessDeniedException(_('Sie dürfen keinen Beitrag in einem geschlossenen Thema erstellen!')); } $this->flash['edit_entry'] = true; $this->redirect(PluginEngine::getLink('coreforum/index/index/' . $topic_id . '#create')); }
<? if (!is_array($highlight)) $highlight = array(); ?> <? $is_new = ((isset($visitdate) && $post['mkdate'] >= $visitdate) || !(isset($visitdate))) ?> <? if (!$constraint) $constraint = ForumEntry::getConstraints (ForumEntry::getParentTopicId($post['topic_id'])) ?> <? $can_edit_closed = !ForumEntry::isClosed($constraint['topic_id']) || (ForumEntry::isClosed($constraint['topic_id']) && ForumPerm::has('edit_closed', $constraint['seminar_id'])) ?> <? $perms = array( 'edit' => ForumPerm::hasEditPerms($post['topic_id']), 'edit_closed' => ForumPerm::has('edit_closed', $constraint['seminar_id']), 'remove_entry' => ForumPerm::has('remove_entry', $constraint['seminar_id']), ) ?> <!-- Anker, um zu diesem Posting springen zu können --> <a name="<?php echo $post['topic_id']; ?> "></a> <form method="post" data-topicid="<?php echo $post['topic_id']; ?> " action="<?php echo PluginEngine::getLink('coreforum/index/update_entry/' . $post['topic_id']); ?> "> <?php echo CSRFProtection::tokenTag(); ?> <div class="posting<?php