Commit 1f428a59 authored by pkdille's avatar pkdille

[MOD] access check: deploy some accesslib check functions to some files.

parent 3642de6b
......@@ -4,20 +4,12 @@
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// Initialization
$section_class="tiki_wiki_page print";
require_once ('tiki-setup.php');
include_once ('lib/wiki/wikilib.php');
if ($prefs['feature_wiki'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki");
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_wiki_print'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki_print");
$smarty->display("error.tpl");
die;
}
$access->check_feature( array('feature_wiki', 'feature_wiki_print') );
// Create the HomePage if it doesn't exist
if (!$tikilib->page_exists($prefs['wikiHomePage'])) {
$tikilib->create_page($prefs['wikiHomePage'], 0, '', $tikilib->now, 'Tiki initialization');
......@@ -38,12 +30,7 @@ if (!($info = $tikilib->get_page_info($page))) {
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view');
// Now increment page hits since we are visiting this page
if ($prefs['count_admin_pvs'] == 'y' || $user != 'admin') {
......
......@@ -3,15 +3,13 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-print_blog_post.php,v 1.17 2007-10-12 07:55:29 nyloth Exp $
$section = 'blogs';
require_once ('tiki-setup.php');
include_once ('lib/blogs/bloglib.php');
if ($prefs['feature_blogs'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_blogs");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_blogs');
if (!isset($_REQUEST["postId"])) {
$smarty->assign('msg', tra("No post indicated"));
$smarty->display("error.tpl");
......@@ -45,13 +43,8 @@ $smarty->assign('parsed_data', $parsed_data);
$smarty->assign('individual', 'n');
$tikilib->get_perm_object($_REQUEST["blogId"], 'blog');
$access->check_permission('tiki_p_read_blog');
if ($tiki_p_read_blog != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can not view this section"));
$smarty->display("error.tpl");
die;
}
$blog_data = $tikilib->get_blog($_REQUEST["blogId"]);
$ownsblog = 'n';
if ($user && $user == $blog_data["user"]) {
......
......@@ -7,11 +7,7 @@
require_once 'tiki-setup.php';
require_once 'lib/categories/categlib.php';
if ($prefs['feature_print_indexed'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_print_indexed");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_print_indexed');
$inputConfiguration = array(array('staticKeyFilters' => array('list' => 'alpha',)), array('staticKeyFiltersForArrays' => array('languages' => 'alpha', 'categId' => 'digits',)), array('catchAllUnset' => null),);
......
......@@ -3,14 +3,12 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-print_multi_pages.php,v 1.15.2.3 2008-01-21 09:47:15 nyloth Exp $
require_once ('tiki-setup.php');
include_once ('lib/structures/structlib.php');
if ($prefs['feature_wiki_multiprint'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki_multiprint");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_wiki_multiprint');
if (!isset($_REQUEST['printpages']) && !isset($_REQUEST['printstructures'])) {
$smarty->assign('msg', tra("No pages indicated"));
$smarty->display("error.tpl");
......
......@@ -3,23 +3,15 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-print_pages.php,v 1.20.2.2 2007-12-24 20:32:32 sylvieg Exp $
$section = 'wiki page';
require_once ('tiki-setup.php');
include_once ('lib/structures/structlib.php');
$auto_query_args = array('page_ref_id', 'page', 'find', 'pageName', 'structureId', 'offset', 'printpages', 'printstructures');
if ($prefs['feature_wiki_multiprint'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki_multiprint");
$smarty->display("error.tpl");
die;
}
// Now check permissions if user can view wiki pages
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_wiki_multiprint');
$access->check_permission('tiki_p_view');
$smarty->assign('headtitle', tra('Print'));
if (!isset($cookietab)) { $cookietab = '1'; }
if (!isset($_REQUEST['printpages']) && !isset($_REQUEST['printstructures'])) {
......@@ -104,6 +96,6 @@ include_once ('tiki-section_options.php');
ask_ticket('print-pages');
// disallow robots to index page:
$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
// Display the template
$smarty->assign('mid', 'tiki-print_pages.tpl');
$smarty->display("tiki.tpl");
......@@ -5,11 +5,9 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
require_once ('tiki-setup.php');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
require_once ('lib/quizzes/quizlib.php');
if (isset($_REQUEST['answerUploadId'])) {
$quizlib->download_answer($_REQUEST['answerUploadId']);
......
......@@ -3,9 +3,8 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-quiz_edit.php,v 1.21.2.1 2007-11-04 21:49:20 nyloth Exp $
/*
/*
(The expire date must be rigid. That is, papers will not be accepted after the expire
date, even if the quiz was started before the expire date. Otherwise, in cases where
we have "show answers after expire date", a student who has completed the quiz could
......@@ -24,11 +23,9 @@ You can also set the same option under the Generl Options section.
*/
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
// quizId of 0 is used as a place holder; There should NEVER be a row in the
// tiki_quizzes table with an id of zero.
if (!isset($_REQUEST["quizId"])) {
......@@ -36,12 +33,9 @@ if (!isset($_REQUEST["quizId"])) {
}
$tikilib->get_perm_object($_REQUEST["quizId"], 'quiz');
if ($tiki_p_admin_quizzes != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You don't have permission to edit quizzes."));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin_quizzes');
$cat_type = 'quiz';
$cat_objid = $_REQUEST["quizId"];
include_once ("categorize_list.php");
......@@ -176,6 +170,6 @@ $tpl = array();
setup_options($tpl);
$smarty->assign('tpl', $tpl);
ask_ticket('edit-quiz-question');
// Display the template
$smarty->assign('mid', 'tiki-quiz_edit.tpl');
$smarty->display("tiki.tpl");
......@@ -3,22 +3,15 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-quiz_stats.php,v 1.15 2007-10-12 07:55:31 nyloth Exp $
$section = 'quizzes';
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
$auto_query_args = array('sort_mode', 'offset', 'find');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_quiz_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
$access->check_permission('tiki_p_view_quiz_stats');
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'quizName_asc';
} else {
......@@ -71,6 +64,6 @@ $smarty->assign_by_ref('cant_pages', $channels["cant"]);
$smarty->assign_by_ref('channels', $channels["data"]);
include_once ('tiki-section_options.php');
ask_ticket('quiz-stats');
// Display the template
$smarty->assign('mid', 'tiki-quiz_stats.tpl');
$smarty->display("tiki.tpl");
......@@ -3,24 +3,17 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-quiz_stats_quiz.php,v 1.17 2007-10-12 07:55:31 nyloth Exp $
$section = 'quizzes';
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
$tikilib->get_perm_object($_REQUEST["quizId"], 'quiz');
if ($tiki_p_view_quiz_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view_quiz_stats');
if (!isset($_REQUEST["quizId"])) {
$smarty->assign('msg', tra("No quiz indicated"));
$smarty->display("error.tpl");
......
......@@ -3,13 +3,16 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-removepage.php,v 1.19 2007-10-12 07:55:32 nyloth Exp $
$section = 'wiki page';
$section_class = "tiki_wiki_page manage"; // This will be body class instead of $section
require_once ('tiki-setup.php');
include_once ('lib/wiki/histlib.php');
include_once ('lib/wiki/wikilib.php');
$access->check_feature('feature_wiki');
// Get the page from the request var or default it to HomePage
if (!isset($_REQUEST["page"])) {
$smarty->assign('msg', tra("No page indicated"));
......@@ -24,14 +27,10 @@ if (!($info = $tikilib->get_page_info($page))) {
$smarty->display('error.tpl');
die;
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_remove != 'y' || $tiki_p_edit != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot remove versions from this page"));
$smarty->display("error.tpl");
die;
}
$access->check_permission( array('tiki_p_remove', 'tiki_p_edit') );
if ($_REQUEST["version"] <> "last") {
$smarty->assign_by_ref('version', $_REQUEST["version"]);
$version = $_REQUEST["version"];
......
......@@ -3,12 +3,15 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-rename_page.php,v 1.21.2.1 2007-11-27 19:39:55 nkoth Exp $
$section = 'wiki page';
$section_class = "tiki_wiki_page manage"; // This will be body class instead of $section
require_once ('tiki-setup.php');
include_once ('lib/wiki/wikilib.php');
$access->check_feature('feature_wiki');
// Get the page from the request var or default it to HomePage
if (!isset($_REQUEST["page"])) {
$smarty->assign('msg', tra("No page indicated"));
......@@ -30,12 +33,8 @@ if (!($info = $tikilib->get_page_info($page))) {
}
// Now check permissions to rename this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_view != 'y' || $tiki_p_rename != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot rename this page"));
$smarty->display("error.tpl");
die;
}
$access->check_permission( array('tiki_p_view', 'tiki_p_rename') );
if (isset($_REQUEST["rename"])) {
check_ticket('rename-page');
// If the new pagename does match userpage prefix then display an error
......
......@@ -3,11 +3,13 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-rollback.php,v 1.21 2007-10-12 07:55:32 nyloth Exp $
require_once ('tiki-setup.php');
include_once ('lib/wiki/histlib.php');
include_once ('lib/wiki/wikilib.php');
$access->check_feature('feature_wiki');
// Get the page from the request var or default it to HomePage
if (!isset($_REQUEST["page"])) {
$smarty->assign('msg', tra("No page indicated"));
......@@ -35,14 +37,10 @@ if (!$histlib->version_exists($page, $version)) {
$smarty->display("error.tpl");
die;
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_rollback != 'y' || $tiki_p_edit != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot rollback this page"));
$smarty->display("error.tpl");
die;
}
$access->check_permission( array('tiki_p_rollback', 'tiki_p_edit') );
$version = $histlib->get_version($page, $version);
$version["data"] = $tikilib->parse_data($version["data"], array('preview_mode' => true));
$smarty->assign_by_ref('preview', $version);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment