r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Editor role now only can edit his own content

This commit is contained in:
Diego Najar 2019-05-12 14:31:33 +02:00
parent 10ba5625da
commit 05a17e9122
3 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
bl-kernel/admin/controllers/content.php
View File

@ -10,6 +10,19 @@ checkRole(array('admin', 'editor'));
// Functions // Functions
// ============================================================================ // ============================================================================
// Returns the content belongs to the current user if the user has the role Editor
function filterContentOwner($list) {
global $login;
global $pages;
$tmp = array();
foreach ($list as $pageKey) {
if ($pages->db[$pageKey]['username']==$login->username()) {
array_push($tmp, $pageKey);
}
}
return $tmp;
}
// ============================================================================ // ============================================================================
// Main before POST // Main before POST
// ============================================================================ // ============================================================================
@ -22,21 +35,25 @@ checkRole(array('admin', 'editor'));
// Main after POST // Main after POST
// ============================================================================ // ============================================================================
// List of published pages $published = $pages->getList($url->pageNumber(), ITEMS_PER_PAGE_ADMIN);
$onlyPublished = true; $drafts = $pages->getDraftDB(true);
$numberOfItems = ITEMS_PER_PAGE_ADMIN; $scheduled = $pages->getScheduledDB(true);
$pageNumber = $url->pageNumber(); $static = $pages->getStaticDB(true);
$published = $pages->getList($pageNumber, $numberOfItems, $onlyPublished); $sticky = $pages->getStickyDB(true);
// If the user is an Editor filter the content he/she can edit
if (checkRole(array('editor'))) {
$published = filterContentOwner($published);
$drafts = filterContentOwner($drafts);
$scheduled = filterContentOwner($scheduled);
$static = filterContentOwner($static);
$sticky = filterContentOwner($sticky);
}
// Check if out of range the pageNumber // Check if out of range the pageNumber
if (empty($published) && $url->pageNumber()>1) { if (empty($published) && $url->pageNumber()>1) {
Redirect::page('content'); Redirect::page('content');
} }
$drafts = $pages->getDraftDB(true);
$scheduled = $pages->getScheduledDB(true);
$static = $pages->getStaticDB(true);
$sticky = $pages->getStickyDB(true);
// Title of the page // Title of the page
$layout['title'] .= ' - '.$L->g('Manage content'); $layout['title'] .= ' - '.$L->g('Manage content');

2
bl-kernel/admin/controllers/edit-content.php
View File

@ -4,7 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if (!checkRole(array('admin','editor'), false)) { if (checkRole(array('editor'), false)) {
try { try {
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters']; $pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
$page = new Page($pageKey); $page = new Page($pageKey);

27
bl-kernel/admin/views/edit-user.php
View File

@ -100,21 +100,34 @@
<!-- Profile picture tab --> <!-- Profile picture tab -->
<div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab"> <div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab">
<div class="custom-file mb-2"> <div class="container">
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile"> <div class="row">
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Choose images to upload'); ?></label> <div class="col-lg-4 col-sm-12 p-0 pr-2">
</div> <div class="custom-file">
<div> <input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" /> <label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Upload image'); ?></label>
</div>
<!-- <button id="jsbuttonRemovePicture" type="button" class="btn btn-primary w-100 mt-4 mb-4"><i class="fa fa-trash"></i> Remove picture</button> -->
</div>
<div class="col-lg-8 col-sm-12 p-0 text-center">
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
</div>
</div>
</div> </div>
<script> <script>
// $("#jsbuttonRemovePicture").on("click", function() {
// var username = $("#jsusername").val();
// bluditAjax.removeProfilePicture(username);
// $("#jsprofilePicturePreview").attr("src", "<?php echo HTML_PATH_CORE_IMG.'default.svg' ?>");
// });
$("#jsprofilePictureInputFile").on("change", function() { $("#jsprofilePictureInputFile").on("change", function() {
var formData = new FormData(); var formData = new FormData();
formData.append('tokenCSRF', tokenCSRF); formData.append('tokenCSRF', tokenCSRF);
formData.append('profilePictureInputFile', $(this)[0].files[0]); formData.append('profilePictureInputFile', $(this)[0].files[0]);
formData.append('username', $("#jsusername").val()); formData.append('username', $("#jsusername").val());
$.ajax({ $.ajax({
url: HTML_PATH_ADMIN_ROOT+"ajax/upload-profile-picture", url: HTML_PATH_ADMIN_ROOT+"ajax/profile-picture-upload",
type: "POST", type: "POST",
data: formData, data: formData,
cache: false, cache: false,