New role Moderator for users

This commit is contained in:
Diego Najar 2018-05-20 21:48:43 +02:00
parent 605281d561
commit 6984170dce
23 changed files with 240 additions and 226 deletions

View File

@ -1,4 +1,4 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
// Title of the page // Title of the page
$layout['title'] .= ' - '.$Language->g('About'); $layout['title'] = $Language->g('About') . ' - ' . $layout['title'];

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions
@ -20,15 +17,14 @@ $plugin = false;
$pluginClassName = $layout['parameters']; $pluginClassName = $layout['parameters'];
// Check if the plugin exists // Check if the plugin exists
if( isset($plugins['all'][$pluginClassName]) ) { if (isset($plugins['all'][$pluginClassName])) {
$plugin = $plugins['all'][$pluginClassName]; $plugin = $plugins['all'][$pluginClassName];
} } else {
else {
Redirect::page('plugins'); Redirect::page('plugins');
} }
// Check if the plugin has the method form() // Check if the plugin has the method form()
if( !method_exists($plugin, 'form') ) { if (!method_exists($plugin, 'form')) {
Redirect::page('plugins'); Redirect::page('plugins');
} }
@ -36,8 +32,7 @@ if( !method_exists($plugin, 'form') ) {
// POST Method // POST Method
// ============================================================================ // ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{
// Add to syslog // Add to syslog
$Syslog->add(array( $Syslog->add(array(
'dictionaryKey'=>'plugin-configured', 'dictionaryKey'=>'plugin-configured',
@ -45,13 +40,10 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
)); ));
// Call the method post of the plugin // Call the method post of the plugin
if( $plugin->post() ) { if ($plugin->post()) {
// Create an alert
Alert::set( $Language->g('The changes have been saved') ); Alert::set( $Language->g('The changes have been saved') );
Redirect::page('configure-plugin/'.$plugin->className()); Redirect::page('configure-plugin/'.$plugin->className());
} } else {
else {
// Create an alert
Alert::set( $Language->g('Complete all fields') ); Alert::set( $Language->g('Complete all fields') );
} }
} }
@ -61,4 +53,4 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
// ============================================================================ // ============================================================================
// Title of the page // Title of the page
$layout['title'] .= ' - '.$Language->g('Plugin').' - '.$plugin->name(); $layout['title'] = $Language->g('Plugin').' - '.$plugin->name().' - '.$layout['title'];

View File

@ -4,6 +4,8 @@
// Check role // Check role
// ============================================================================ // ============================================================================
checkRole(array('admin', 'moderator'));
// ============================================================================ // ============================================================================
// Functions // Functions
// ============================================================================ // ============================================================================

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,6 +4,19 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if (!checkRole(array('admin','moderator'), false)) {
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
$page = buildPage($pageKey);
if (!$page || $page->username()!==$Login->username()) {
$Syslog->add(array(
'dictionaryKey'=>'access-deny',
'notes'=>$Login->username()
));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
}
// ============================================================================ // ============================================================================
// Functions // Functions
// ============================================================================ // ============================================================================

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Main after POST // Main after POST

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -4,10 +4,7 @@
// Check role // Check role
// ============================================================================ // ============================================================================
if ($Login->role()!=='admin') { checkRole(array('admin'));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
// ============================================================================ // ============================================================================
// Functions // Functions

View File

@ -0,0 +1,161 @@
<div class="uk-block dashboard-links">
<div class="uk-grid uk-grid-match" data-uk-grid-margin="{target:'.uk-panel'}">
<div class="uk-width-medium-1-3">
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-content' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New content') ?></a></h4>
<p><?php $L->p('Create new content for your site') ?></p>
</div>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'content' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage content') ?></a></h4>
<p><?php $L->p('Edit or delete content from your site') ?></p>
</div>
</div>
<?php if($Login->role() == 'admin') { ?>
<div class="uk-width-medium-1-3" style="border-right: 1px solid #E6E6E6; border-left: 1px solid #E6E6E6">
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-category' ?>"><i class="uk-icon-file-text-o"></i> <?php $L->p('New category') ?></a></h4>
<p><?php $L->p('Create a new category to organize your content') ?></p>
</div>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'categories' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage categories') ?></a></h4>
<p><?php $L->p('Edit or delete your categories') ?></p>
</div>
</div>
<?php } ?>
<div class="uk-width-medium-1-3">
<?php if($Login->role() == 'admin') { ?>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'add-user' ?>"><i class="uk-icon-user-plus"></i> <?php $L->p('Add a new user') ?></a></h4>
<p><?php $L->p('Invite a friend to collaborate on your site') ?></p>
</div>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'settings-regional' ?>"><i class="uk-icon-globe"></i> <?php $L->p('Language and timezone') ?></a></h4>
<p><?php $L->p('Change your language and region settings') ?></p>
</div>
<?php } else { ?>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'edit-user/'.$Login->username() ?>"><i class="uk-icon-user"></i> <?php $L->p('Profile') ?></a></h4>
<p><?php $L->p('View and edit your profile') ?></p>
</div>
<?php } ?>
</div>
</div>
</div>
<div id="dashboard-panel" class="uk-grid uk-grid-small">
<div class="uk-width-1-3">
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Notifications') ?></h4>
<ul class="uk-list uk-list-line">
<?php
// Print Notifications
$logs = array_slice($Syslog->db, 0, NOTIFICATIONS_AMOUNT);
foreach($logs as $log) {
$dict = $L->g($log['dictionaryKey']);
echo '<li>';
echo $dict;
if( !empty($log['notes'])) {
echo ' « <b>'.$log['notes'].'</b> »';
}
echo '<br><span class="notification-date">';
echo Date::format($log['date'], DB_DATE_FORMAT, NOTIFICATIONS_DATE_FORMAT);
echo ' - by '.$log['username'];
echo '</span>';
echo '</li>';
}
?>
</ul>
</div>
</div>
<div class="uk-width-1-3">
<?php if (pluginEnabled('pluginSimpleStats')) {
$SimpleStats = getPlugin('pluginSimpleStats');
echo '<div class="uk-panel">';
echo '<h4 class="panel-title">'.$SimpleStats->getValue('label').'</h4>';
echo $SimpleStats->dashboard();
echo '</div>';
}
?>
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Statistics') ?></h4>
<table class="uk-table statistics">
<tbody>
<tr>
<td><?php $Language->p('Published') ?></td>
<td><?php echo count($dbPages->getPublishedDB(false)) ?></td>
</tr>
<tr>
<td><?php $Language->p('Static') ?></td>
<td><?php echo count($dbPages->getStaticDB(false)) ?></td>
</tr>
<td><?php $Language->p('Users') ?></td>
<td><?php echo $dbUsers->count() ?></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="uk-width-1-3">
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Scheduled content') ?></h4>
<ul class="uk-list">
<?php
$scheduledPages = $dbPages->getScheduledDB(true);
if (empty($scheduledPages)) {
echo '<li>'.$Language->g('There are no scheduled content').'</li>';
} else {
foreach ($scheduledPages as $key) {
$page = buildPage($key);
echo '<li><span class="label-time">'.$page->dateRaw(SCHEDULED_DATE_FORMAT).'</span><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
}
}
?>
</ul>
</div>
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Draft content') ?></h4>
<ul class="uk-list">
<?php
$draftPages = $dbPages->getDraftDB(true);
if (empty($draftPages)) {
echo '<li>'.$Language->g('There are no draft content').'</li>';
} else {
foreach ($draftPages as $key) {
$page = buildPage($key);
echo '<li><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
}
}
?>
</ul>
</div>
</div>
</div>

View File

@ -1,78 +1,19 @@
<div class="uk-block dashboard-links"> <div class="container">
<div class="uk-grid uk-grid-match" data-uk-grid-margin="{target:'.uk-panel'}"> <div class="row">
<div class="col-7">
<div class="uk-width-medium-1-3"> 1 of 2
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-content' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New content') ?></a></h4>
<p><?php $L->p('Create new content for your site') ?></p>
</div> </div>
<div class="col-5">
<div class="uk-panel"> <!-- Notifications -->
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'content' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage content') ?></a></h4> <ul class="list-group">
<p><?php $L->p('Edit or delete content from your site') ?></p> <?php
</div>
</div>
<?php if($Login->role() == 'admin') { ?>
<div class="uk-width-medium-1-3" style="border-right: 1px solid #E6E6E6; border-left: 1px solid #E6E6E6">
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-category' ?>"><i class="uk-icon-file-text-o"></i> <?php $L->p('New category') ?></a></h4>
<p><?php $L->p('Create a new category to organize your content') ?></p>
</div>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'categories' ?>"><i class="uk-icon-folder-o"></i> <?php $L->p('Manage categories') ?></a></h4>
<p><?php $L->p('Edit or delete your categories') ?></p>
</div>
</div>
<?php } ?>
<div class="uk-width-medium-1-3">
<?php if($Login->role() == 'admin') { ?>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'add-user' ?>"><i class="uk-icon-user-plus"></i> <?php $L->p('Add a new user') ?></a></h4>
<p><?php $L->p('Invite a friend to collaborate on your site') ?></p>
</div>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'settings-regional' ?>"><i class="uk-icon-globe"></i> <?php $L->p('Language and timezone') ?></a></h4>
<p><?php $L->p('Change your language and region settings') ?></p>
</div>
<?php } else { ?>
<div class="uk-panel">
<h4><a href="<?php echo HTML_PATH_ADMIN_ROOT.'edit-user/'.$Login->username() ?>"><i class="uk-icon-user"></i> <?php $L->p('Profile') ?></a></h4>
<p><?php $L->p('View and edit your profile') ?></p>
</div>
<?php } ?>
</div>
</div>
</div>
<div id="dashboard-panel" class="uk-grid uk-grid-small">
<div class="uk-width-1-3">
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Notifications') ?></h4>
<ul class="uk-list uk-list-line">
<?php
// Print Notifications
$logs = array_slice($Syslog->db, 0, NOTIFICATIONS_AMOUNT); $logs = array_slice($Syslog->db, 0, NOTIFICATIONS_AMOUNT);
foreach($logs as $log) { foreach ($logs as $log) {
$dict = $L->g($log['dictionaryKey']); $phrase = $L->g($log['dictionaryKey']);
echo '<li>'; echo '<li class="list-group-item">';
echo $dict; echo $phrase;
if( !empty($log['notes'])) { if (!empty($log['notes'])) {
echo ' « <b>'.$log['notes'].'</b> »'; echo ' « <b>'.$log['notes'].'</b> »';
} }
echo '<br><span class="notification-date">'; echo '<br><span class="notification-date">';
@ -81,81 +22,9 @@
echo '</span>'; echo '</span>';
echo '</li>'; echo '</li>';
} }
?> ?>
</ul> </ul>
</div>
</div>
</div> </div>
<div class="uk-width-1-3">
<?php if (pluginEnabled('pluginSimpleStats')) {
$SimpleStats = getPlugin('pluginSimpleStats');
echo '<div class="uk-panel">';
echo '<h4 class="panel-title">'.$SimpleStats->getValue('label').'</h4>';
echo $SimpleStats->dashboard();
echo '</div>';
}
?>
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Statistics') ?></h4>
<table class="uk-table statistics">
<tbody>
<tr>
<td><?php $Language->p('Published') ?></td>
<td><?php echo count($dbPages->getPublishedDB(false)) ?></td>
</tr>
<tr>
<td><?php $Language->p('Static') ?></td>
<td><?php echo count($dbPages->getStaticDB(false)) ?></td>
</tr>
<td><?php $Language->p('Users') ?></td>
<td><?php echo $dbUsers->count() ?></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="uk-width-1-3">
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Scheduled content') ?></h4>
<ul class="uk-list">
<?php
$scheduledPages = $dbPages->getScheduledDB(true);
if (empty($scheduledPages)) {
echo '<li>'.$Language->g('There are no scheduled content').'</li>';
} else {
foreach ($scheduledPages as $key) {
$page = buildPage($key);
echo '<li><span class="label-time">'.$page->dateRaw(SCHEDULED_DATE_FORMAT).'</span><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
}
}
?>
</ul>
</div>
<div class="uk-panel">
<h4 class="panel-title"><?php $L->p('Draft content') ?></h4>
<ul class="uk-list">
<?php
$draftPages = $dbPages->getDraftDB(true);
if (empty($draftPages)) {
echo '<li>'.$Language->g('There are no draft content').'</li>';
} else {
foreach ($draftPages as $key) {
$page = buildPage($key);
echo '<li><a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'.($page->title()?$page->title():'['.$Language->g('Empty title').'] ').'</a></li>';
}
}
?>
</ul>
</div>
</div>
</div> </div>

View File

@ -28,7 +28,7 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formSelect(array( echo Bootstrap::formSelect(array(
'name'=>'role', 'name'=>'role',
'label'=>$L->g('Role'), 'label'=>$L->g('Role'),
'options'=>array('editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')), 'options'=>array('editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
'selected'=>$user->role(), 'selected'=>$user->role(),
'class'=>'', 'class'=>'',
'tip'=>'' 'tip'=>''

View File

@ -761,6 +761,28 @@ function changeUserPassword($args) {
return false; return false;
} }
// Returns true if the user is allowed to procceded
function checkRole($allowRoles, $redirect=true) {
global $Login;
global $Language;
global $syslog;
$userRole = $Login->role();
if (in_array($userRole, $allowRoles)) {
return true;
}
if ($redirect) {
$Syslog->add(array(
'dictionaryKey'=>'access-deny',
'notes'=>$Login->username()
));
Alert::set($Language->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
return false;
}
// Add a new category to the system // Add a new category to the system
// Returns TRUE is successfully added, FALSE otherwise // Returns TRUE is successfully added, FALSE otherwise
function createCategory($category) { function createCategory($category) {