Commit 69b617f7 authored by sylvieg's avatar sylvieg

[MOD]perms: move userpage perm + wiki_creator to get_perm_object

parent 0903937d
<?php
// CVS: $Id: tikilib.php,v 1.796 2007-10-10 20:27:00 sylvieg Exp $
// CVS: $Id: tikilib.php,v 1.797 2007-10-10 20:54:36 sylvieg Exp $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__)) !== false) {
header("location: index.php");
......@@ -3760,7 +3760,8 @@ function add_pageview() {
/* get all the perm of an object either in a table or global+smarty set
* OPTIMISATION: better to test tiki_p_admin outside for global=false
* TODO: all the objectType
* TODO: all the objectTypes
* TODO: replace switch with object
* global = true set the global perm and smarty var, otherwise return an array of perms
*/
function get_perm_object($objectId, $objectType, $info='', $global=true) {
......@@ -4042,7 +4043,7 @@ function add_pageview() {
switch ($objectType) {
case 'wiki page': case 'wiki':
global $wiki_creator_admin;
if ($wiki_creator_admin == 'y' && $info['creator'] == $user) {
if ($wiki_creator_admin == 'y' && $info['creator'] == $user) { //can admin his page
$perms = $userlib->get_permissions(0, -1, 'permName_desc', '', $this->get_permGroup_from_objectType($objectType));
foreach ($perms['data'] as $perm) {
$perm = $perm['permName'];
......@@ -4055,6 +4056,23 @@ function add_pageview() {
}
return $ret;
}
global $feature_wiki_userpage, $feature_wiki_userpage_prefix;
if ($feature_wiki_userpage == 'y' && strcasecmp($info['pageName'], $feature_wiki_userpage_prefix.$user) == 0) { //can edit his page
if (!$global) {
$perms = $userlib->get_permissions(0, -1, 'permName_desc', '', $this->get_permGroup_from_objectType($objectType));
foreach ($perms['data'] as $perm) {
global $$perm['permName'];
if ($perm['permName'] == 'tiki_p_view' || $perm['permName'] == 'tiki_p_edit') {
$ret[$perm['permName']] = 'y';
} else {
$ret[$perm['permName']] = $$perm['permName'];
}
}
} else {
$smarty->assign('tiki_p_view', 'y');
$smarty->assign('tiki_p_edit', 'y');
}
}
break;
default:
break;
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-editpage.php,v 1.178 2007-10-10 17:44:37 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-editpage.php,v 1.179 2007-10-10 20:54:36 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -501,24 +501,10 @@ if (isset($_REQUEST['do_suck']) && strlen($suck_url) > 0)
}
$_REQUEST['edit'] .= $sdta;
}
// Checks if a "UserPagesomething" can be edited
$isUserPage = false;
if ($feature_wiki_userpage == 'y' && $tiki_p_admin != 'y') {
if(strcasecmp(substr($page,0,strlen($feature_wiki_userpage_prefix)),$feature_wiki_userpage_prefix)==0) {
$name = substr($page,strlen($feature_wiki_userpage_prefix));
if(strcasecmp($user,$name)!=0 && $name != '') {
$smarty->assign('msg',tra("You cannot edit this page because it is a user personal page"));
$smarty->display("error.tpl");
die;
} elseif ($name != '') {
$isUserPage = true;
} else {
$isUserPage = true;
$page .= $user;
$_REQUEST['page'] = $page;
}
}
// if "UserPage" complete with the user name
if ($feature_wiki_userpage == 'y' && $tiki_p_admin != 'y' && $page == $feature_wiki_userpage_prefix) {
$page .= $user;
$_REQUEST['page'] = $page;
}
if (strtolower($_REQUEST["page"]) == 'sandbox' && $feature_sandbox != 'y') {
......@@ -549,7 +535,7 @@ $smarty->assign('comments_show','n');
// Permissions
$tikilib->get_perm_object($page, 'wiki page', $info, true);
if (!( $tiki_p_edit == 'y' || ($wiki_creator_admin == 'y' && $user && $info['creator'] == $user) || $isUserPage )) {
if ($tiki_p_edit != 'y') {
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment