Editor role now only can edit his own content
This commit is contained in:
parent
10ba5625da
commit
05a17e9122
@ -10,6 +10,19 @@ checkRole(array('admin', 'editor'));
|
||||
// Functions
|
||||
// ============================================================================
|
||||
|
||||
// Returns the content belongs to the current user if the user has the role Editor
|
||||
function filterContentOwner($list) {
|
||||
global $login;
|
||||
global $pages;
|
||||
$tmp = array();
|
||||
foreach ($list as $pageKey) {
|
||||
if ($pages->db[$pageKey]['username']==$login->username()) {
|
||||
array_push($tmp, $pageKey);
|
||||
}
|
||||
}
|
||||
return $tmp;
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
// Main before POST
|
||||
// ============================================================================
|
||||
@ -22,21 +35,25 @@ checkRole(array('admin', 'editor'));
|
||||
// Main after POST
|
||||
// ============================================================================
|
||||
|
||||
// List of published pages
|
||||
$onlyPublished = true;
|
||||
$numberOfItems = ITEMS_PER_PAGE_ADMIN;
|
||||
$pageNumber = $url->pageNumber();
|
||||
$published = $pages->getList($pageNumber, $numberOfItems, $onlyPublished);
|
||||
$published = $pages->getList($url->pageNumber(), ITEMS_PER_PAGE_ADMIN);
|
||||
$drafts = $pages->getDraftDB(true);
|
||||
$scheduled = $pages->getScheduledDB(true);
|
||||
$static = $pages->getStaticDB(true);
|
||||
$sticky = $pages->getStickyDB(true);
|
||||
|
||||
// If the user is an Editor filter the content he/she can edit
|
||||
if (checkRole(array('editor'))) {
|
||||
$published = filterContentOwner($published);
|
||||
$drafts = filterContentOwner($drafts);
|
||||
$scheduled = filterContentOwner($scheduled);
|
||||
$static = filterContentOwner($static);
|
||||
$sticky = filterContentOwner($sticky);
|
||||
}
|
||||
|
||||
// Check if out of range the pageNumber
|
||||
if (empty($published) && $url->pageNumber()>1) {
|
||||
Redirect::page('content');
|
||||
}
|
||||
|
||||
$drafts = $pages->getDraftDB(true);
|
||||
$scheduled = $pages->getScheduledDB(true);
|
||||
$static = $pages->getStaticDB(true);
|
||||
$sticky = $pages->getStickyDB(true);
|
||||
|
||||
// Title of the page
|
||||
$layout['title'] .= ' - '.$L->g('Manage content');
|
@ -4,7 +4,7 @@
|
||||
// Check role
|
||||
// ============================================================================
|
||||
|
||||
if (!checkRole(array('admin','editor'), false)) {
|
||||
if (checkRole(array('editor'), false)) {
|
||||
try {
|
||||
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
|
||||
$page = new Page($pageKey);
|
||||
|
@ -100,21 +100,34 @@
|
||||
|
||||
<!-- Profile picture tab -->
|
||||
<div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab">
|
||||
<div class="custom-file mb-2">
|
||||
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
|
||||
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Choose images to upload'); ?></label>
|
||||
</div>
|
||||
<div>
|
||||
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-sm-12 p-0 pr-2">
|
||||
<div class="custom-file">
|
||||
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
|
||||
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Upload image'); ?></label>
|
||||
</div>
|
||||
<!-- <button id="jsbuttonRemovePicture" type="button" class="btn btn-primary w-100 mt-4 mb-4"><i class="fa fa-trash"></i> Remove picture</button> -->
|
||||
</div>
|
||||
<div class="col-lg-8 col-sm-12 p-0 text-center">
|
||||
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
// $("#jsbuttonRemovePicture").on("click", function() {
|
||||
// var username = $("#jsusername").val();
|
||||
// bluditAjax.removeProfilePicture(username);
|
||||
// $("#jsprofilePicturePreview").attr("src", "<?php echo HTML_PATH_CORE_IMG.'default.svg' ?>");
|
||||
// });
|
||||
|
||||
$("#jsprofilePictureInputFile").on("change", function() {
|
||||
var formData = new FormData();
|
||||
formData.append('tokenCSRF', tokenCSRF);
|
||||
formData.append('profilePictureInputFile', $(this)[0].files[0]);
|
||||
formData.append('username', $("#jsusername").val());
|
||||
$.ajax({
|
||||
url: HTML_PATH_ADMIN_ROOT+"ajax/upload-profile-picture",
|
||||
url: HTML_PATH_ADMIN_ROOT+"ajax/profile-picture-upload",
|
||||
type: "POST",
|
||||
data: formData,
|
||||
cache: false,
|
||||
|
Loading…
Reference in New Issue
Block a user