Editor role now only can edit his own content
This commit is contained in:
parent
10ba5625da
commit
05a17e9122
|
@ -10,6 +10,19 @@ checkRole(array('admin', 'editor'));
|
||||||
// Functions
|
// Functions
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
|
// Returns the content belongs to the current user if the user has the role Editor
|
||||||
|
function filterContentOwner($list) {
|
||||||
|
global $login;
|
||||||
|
global $pages;
|
||||||
|
$tmp = array();
|
||||||
|
foreach ($list as $pageKey) {
|
||||||
|
if ($pages->db[$pageKey]['username']==$login->username()) {
|
||||||
|
array_push($tmp, $pageKey);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $tmp;
|
||||||
|
}
|
||||||
|
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
// Main before POST
|
// Main before POST
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
@ -22,21 +35,25 @@ checkRole(array('admin', 'editor'));
|
||||||
// Main after POST
|
// Main after POST
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
// List of published pages
|
$published = $pages->getList($url->pageNumber(), ITEMS_PER_PAGE_ADMIN);
|
||||||
$onlyPublished = true;
|
$drafts = $pages->getDraftDB(true);
|
||||||
$numberOfItems = ITEMS_PER_PAGE_ADMIN;
|
$scheduled = $pages->getScheduledDB(true);
|
||||||
$pageNumber = $url->pageNumber();
|
$static = $pages->getStaticDB(true);
|
||||||
$published = $pages->getList($pageNumber, $numberOfItems, $onlyPublished);
|
$sticky = $pages->getStickyDB(true);
|
||||||
|
|
||||||
|
// If the user is an Editor filter the content he/she can edit
|
||||||
|
if (checkRole(array('editor'))) {
|
||||||
|
$published = filterContentOwner($published);
|
||||||
|
$drafts = filterContentOwner($drafts);
|
||||||
|
$scheduled = filterContentOwner($scheduled);
|
||||||
|
$static = filterContentOwner($static);
|
||||||
|
$sticky = filterContentOwner($sticky);
|
||||||
|
}
|
||||||
|
|
||||||
// Check if out of range the pageNumber
|
// Check if out of range the pageNumber
|
||||||
if (empty($published) && $url->pageNumber()>1) {
|
if (empty($published) && $url->pageNumber()>1) {
|
||||||
Redirect::page('content');
|
Redirect::page('content');
|
||||||
}
|
}
|
||||||
|
|
||||||
$drafts = $pages->getDraftDB(true);
|
|
||||||
$scheduled = $pages->getScheduledDB(true);
|
|
||||||
$static = $pages->getStaticDB(true);
|
|
||||||
$sticky = $pages->getStickyDB(true);
|
|
||||||
|
|
||||||
// Title of the page
|
// Title of the page
|
||||||
$layout['title'] .= ' - '.$L->g('Manage content');
|
$layout['title'] .= ' - '.$L->g('Manage content');
|
|
@ -4,7 +4,7 @@
|
||||||
// Check role
|
// Check role
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|
||||||
if (!checkRole(array('admin','editor'), false)) {
|
if (checkRole(array('editor'), false)) {
|
||||||
try {
|
try {
|
||||||
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
|
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
|
||||||
$page = new Page($pageKey);
|
$page = new Page($pageKey);
|
||||||
|
|
|
@ -100,21 +100,34 @@
|
||||||
|
|
||||||
<!-- Profile picture tab -->
|
<!-- Profile picture tab -->
|
||||||
<div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab">
|
<div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab">
|
||||||
<div class="custom-file mb-2">
|
<div class="container">
|
||||||
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
|
<div class="row">
|
||||||
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Choose images to upload'); ?></label>
|
<div class="col-lg-4 col-sm-12 p-0 pr-2">
|
||||||
</div>
|
<div class="custom-file">
|
||||||
<div>
|
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
|
||||||
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
|
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Upload image'); ?></label>
|
||||||
|
</div>
|
||||||
|
<!-- <button id="jsbuttonRemovePicture" type="button" class="btn btn-primary w-100 mt-4 mb-4"><i class="fa fa-trash"></i> Remove picture</button> -->
|
||||||
|
</div>
|
||||||
|
<div class="col-lg-8 col-sm-12 p-0 text-center">
|
||||||
|
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<script>
|
<script>
|
||||||
|
// $("#jsbuttonRemovePicture").on("click", function() {
|
||||||
|
// var username = $("#jsusername").val();
|
||||||
|
// bluditAjax.removeProfilePicture(username);
|
||||||
|
// $("#jsprofilePicturePreview").attr("src", "<?php echo HTML_PATH_CORE_IMG.'default.svg' ?>");
|
||||||
|
// });
|
||||||
|
|
||||||
$("#jsprofilePictureInputFile").on("change", function() {
|
$("#jsprofilePictureInputFile").on("change", function() {
|
||||||
var formData = new FormData();
|
var formData = new FormData();
|
||||||
formData.append('tokenCSRF', tokenCSRF);
|
formData.append('tokenCSRF', tokenCSRF);
|
||||||
formData.append('profilePictureInputFile', $(this)[0].files[0]);
|
formData.append('profilePictureInputFile', $(this)[0].files[0]);
|
||||||
formData.append('username', $("#jsusername").val());
|
formData.append('username', $("#jsusername").val());
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url: HTML_PATH_ADMIN_ROOT+"ajax/upload-profile-picture",
|
url: HTML_PATH_ADMIN_ROOT+"ajax/profile-picture-upload",
|
||||||
type: "POST",
|
type: "POST",
|
||||||
data: formData,
|
data: formData,
|
||||||
cache: false,
|
cache: false,
|
||||||
|
|
Loading…
Reference in New Issue