Merge pull request #5750 from MrPetovan/bug/5723-frio-fix-new-event-acl

[frio] Fix new event ACL
This commit is contained in:
Michael Vogel 2018-09-09 16:40:31 +00:00 committed by GitHub
commit dcb9bf4136
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 87 additions and 62 deletions

View file

@ -20,7 +20,8 @@ use Friendica\Util\Temporal;
require_once 'include/items.php'; require_once 'include/items.php';
function events_init(App $a) { function events_init(App $a)
{
if (!local_user()) { if (!local_user()) {
return; return;
} }
@ -42,7 +43,8 @@ function events_init(App $a) {
return; return;
} }
function events_post(App $a) { function events_post(App $a)
{
logger('post: ' . print_r($_REQUEST, true), LOGGER_DATA); logger('post: ' . print_r($_REQUEST, true), LOGGER_DATA);
@ -50,8 +52,8 @@ function events_post(App $a) {
return; return;
} }
$event_id = (x($_POST, 'event_id') ? intval($_POST['event_id']) : 0); $event_id = !empty($_POST['event_id']) ? intval($_POST['event_id']) : 0;
$cid = (x($_POST, 'cid') ? intval($_POST['cid']) : 0); $cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
$uid = local_user(); $uid = local_user();
$start_text = escape_tags(defaults($_REQUEST, 'start_text', '')); $start_text = escape_tags(defaults($_REQUEST, 'start_text', ''));
@ -137,7 +139,7 @@ function events_post(App $a) {
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
// Undo the pseudo-contact of self, since there are real contacts now // Undo the pseudo-contact of self, since there are real contacts now
if (strpos($str_contact_allow, '<' . $self . '>') !== false ) { if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
$str_contact_allow = str_replace('<' . $self . '>', '', $str_contact_allow); $str_contact_allow = str_replace('<' . $self . '>', '', $str_contact_allow);
} }
// Make sure to set the `private` field as true. This is necessary to // Make sure to set the `private` field as true. This is necessary to
@ -187,8 +189,8 @@ function events_post(App $a) {
goaway($_SESSION['return_url']); goaway($_SESSION['return_url']);
} }
function events_content(App $a) { function events_content(App $a)
{
if (!local_user()) { if (!local_user()) {
notice(L10n::t('Permission denied.') . EOL); notice(L10n::t('Permission denied.') . EOL);
return; return;
@ -244,7 +246,7 @@ function events_content(App $a) {
$mode = 'view'; $mode = 'view';
$y = 0; $y = 0;
$m = 0; $m = 0;
$ignored = (x($_REQUEST, 'ignored') ? intval($_REQUEST['ignored']) : 0); $ignored = !empty($_REQUEST['ignored']) ? intval($_REQUEST['ignored']) : 0;
if ($a->argc > 1) { if ($a->argc > 1) {
if ($a->argc > 2 && $a->argv[1] == 'event') { if ($a->argc > 2 && $a->argv[1] == 'event') {
@ -272,7 +274,6 @@ function events_content(App $a) {
// The view mode part is similiar to /mod/cal.php // The view mode part is similiar to /mod/cal.php
if ($mode == 'view') { if ($mode == 'view') {
$thisyear = DateTimeFormat::localNow('Y'); $thisyear = DateTimeFormat::localNow('Y');
$thismonth = DateTimeFormat::localNow('m'); $thismonth = DateTimeFormat::localNow('m');
if (!$y) { if (!$y) {
@ -312,10 +313,10 @@ function events_content(App $a) {
$finish = sprintf('%d-%d-%d %d:%d:%d', $y, $m, $dim, 23, 59, 59); $finish = sprintf('%d-%d-%d %d:%d:%d', $y, $m, $dim, 23, 59, 59);
if ($a->argc > 1 && $a->argv[1] === 'json') { if ($a->argc > 1 && $a->argv[1] === 'json') {
if (x($_GET, 'start')) { if (!empty($_GET['start'])) {
$start = $_GET['start']; $start = $_GET['start'];
} }
if (x($_GET, 'end')) { if (!empty($_GET['end'])) {
$finish = $_GET['end']; $finish = $_GET['end'];
} }
} }
@ -349,7 +350,7 @@ function events_content(App $a) {
$r = Event::sortByDate($r); $r = Event::sortByDate($r);
foreach ($r as $rr) { foreach ($r as $rr) {
$j = $rr['adjust'] ? DateTimeFormat::local($rr['start'], 'j') : DateTimeFormat::utc($rr['start'], 'j'); $j = $rr['adjust'] ? DateTimeFormat::local($rr['start'], 'j') : DateTimeFormat::utc($rr['start'], 'j');
if (!x($links,$j)) { if (empty($links[$j])) {
$links[$j] = System::baseUrl() . '/' . $a->cmd . '#link-' . $j; $links[$j] = System::baseUrl() . '/' . $a->cmd . '#link-' . $j;
} }
} }
@ -363,12 +364,12 @@ function events_content(App $a) {
$events = Event::prepareListForTemplate($r); $events = Event::prepareListForTemplate($r);
} }
if ($a->argc > 1 && $a->argv[1] === 'json'){ if ($a->argc > 1 && $a->argv[1] === 'json') {
echo json_encode($events); echo json_encode($events);
killme(); killme();
} }
if (x($_GET, 'id')) { if (!empty($_GET['id'])) {
$tpl = get_markup_template("event.tpl"); $tpl = get_markup_template("event.tpl");
} else { } else {
$tpl = get_markup_template("events_js.tpl"); $tpl = get_markup_template("events_js.tpl");
@ -378,7 +379,7 @@ function events_content(App $a) {
foreach ($events as $key => $event) { foreach ($events as $key => $event) {
$event_item = []; $event_item = [];
foreach ($event['item'] as $k => $v) { foreach ($event['item'] as $k => $v) {
$k = str_replace('-' ,'_', $k); $k = str_replace('-', '_', $k);
$event_item[$k] = $v; $event_item[$k] = $v;
} }
$events[$key]['item'] = $event_item; $events[$key]['item'] = $event_item;
@ -403,7 +404,7 @@ function events_content(App $a) {
'$list' => L10n::t('list'), '$list' => L10n::t('list'),
]); ]);
if (x($_GET, 'id')) { if (!empty($_GET['id'])) {
echo $o; echo $o;
killme(); killme();
} }
@ -428,41 +429,45 @@ function events_content(App $a) {
} }
// In case of an error the browser is redirected back here, with these parameters filled in with the previous values // In case of an error the browser is redirected back here, with these parameters filled in with the previous values
if (x($_REQUEST, 'nofinish')) {$orig_event['nofinish'] = $_REQUEST['nofinish'];} if (!empty($_REQUEST['nofinish'])) {$orig_event['nofinish'] = $_REQUEST['nofinish'];}
if (x($_REQUEST, 'adjust')) {$orig_event['adjust'] = $_REQUEST['adjust'];} if (!empty($_REQUEST['adjust'])) {$orig_event['adjust'] = $_REQUEST['adjust'];}
if (x($_REQUEST, 'summary')) {$orig_event['summary'] = $_REQUEST['summary'];} if (!empty($_REQUEST['summary'])) {$orig_event['summary'] = $_REQUEST['summary'];}
if (x($_REQUEST, 'description')) {$orig_event['description'] = $_REQUEST['description'];} if (!empty($_REQUEST['description'])) {$orig_event['description'] = $_REQUEST['description'];}
if (x($_REQUEST, 'location')) {$orig_event['location'] = $_REQUEST['location'];} if (!empty($_REQUEST['location'])) {$orig_event['location'] = $_REQUEST['location'];}
if (x($_REQUEST, 'start')) {$orig_event['start'] = $_REQUEST['start'];} if (!empty($_REQUEST['start'])) {$orig_event['start'] = $_REQUEST['start'];}
if (x($_REQUEST, 'finish')) {$orig_event['finish'] = $_REQUEST['finish'];} if (!empty($_REQUEST['finish'])) {$orig_event['finish'] = $_REQUEST['finish'];}
if (x($_REQUEST,'finish')) $orig_event['finish'] = $_REQUEST['finish'];
$n_checked = ((x($orig_event) && $orig_event['nofinish']) ? ' checked="checked" ' : ''); $n_checked = (!empty($orig_event['nofinish']) ? ' checked="checked" ' : '');
$a_checked = ((x($orig_event) && $orig_event['adjust']) ? ' checked="checked" ' : ''); $a_checked = (!empty($orig_event['adjust']) ? ' checked="checked" ' : '');
$t_orig = (x($orig_event) ? $orig_event['summary'] : ''); $t_orig = !empty($orig_event) ? $orig_event['summary'] : '';
$d_orig = (x($orig_event) ? $orig_event['desc'] : ''); $d_orig = !empty($orig_event) ? $orig_event['desc'] : '';
$l_orig = (x($orig_event) ? $orig_event['location'] : ''); $l_orig = !empty($orig_event) ? $orig_event['location'] : '';
$eid = (x($orig_event) ? $orig_event['id'] : 0); $eid = !empty($orig_event) ? $orig_event['id'] : 0;
$cid = (x($orig_event) ? $orig_event['cid'] : 0); $cid = !empty($orig_event) ? $orig_event['cid'] : 0;
$uri = (x($orig_event) ? $orig_event['uri'] : ''); $uri = !empty($orig_event) ? $orig_event['uri'] : '';
$sh_disabled = ''; $sh_disabled = '';
$sh_checked = ''; $sh_checked = '';
if (x($orig_event)) { if (!empty($orig_event)
$sh_checked = (($orig_event['allow_cid'] === '<' . local_user() . '>' && !$orig_event['allow_gid'] && !$orig_event['deny_cid'] && !$orig_event['deny_gid']) ? '' : ' checked="checked" '); && ($orig_event['allow_cid'] !== '<' . local_user() . '>'
|| $orig_event['allow_gid']
|| $orig_event['deny_cid']
|| $orig_event['deny_gid']))
{
$sh_checked = ' checked="checked" ';
} }
if ($cid || $mode === 'edit') { if ($cid || $mode === 'edit') {
$sh_disabled = 'disabled="disabled"'; $sh_disabled = 'disabled="disabled"';
} }
$sdt = (x($orig_event) ? $orig_event['start'] : 'now'); $sdt = !empty($orig_event) ? $orig_event['start'] : 'now';
$fdt = (x($orig_event) ? $orig_event['finish'] : 'now'); $fdt = !empty($orig_event) ? $orig_event['finish'] : 'now';
$tz = date_default_timezone_get(); $tz = date_default_timezone_get();
if (x($orig_event)) { if (!empty($orig_event)) {
$tz = ($orig_event['adjust'] ? date_default_timezone_get() : 'UTC'); $tz = ($orig_event['adjust'] ? date_default_timezone_get() : 'UTC');
} }
@ -470,15 +475,15 @@ function events_content(App $a) {
$smonth = DateTimeFormat::convert($sdt, $tz, 'UTC', 'm'); $smonth = DateTimeFormat::convert($sdt, $tz, 'UTC', 'm');
$sday = DateTimeFormat::convert($sdt, $tz, 'UTC', 'd'); $sday = DateTimeFormat::convert($sdt, $tz, 'UTC', 'd');
$shour = (x($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'H') : '00'); $shour = !empty($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'H') : '00';
$sminute = (x($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'i') : '00'); $sminute = !empty($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'i') : '00';
$fyear = DateTimeFormat::convert($fdt, $tz, 'UTC', 'Y'); $fyear = DateTimeFormat::convert($fdt, $tz, 'UTC', 'Y');
$fmonth = DateTimeFormat::convert($fdt, $tz, 'UTC', 'm'); $fmonth = DateTimeFormat::convert($fdt, $tz, 'UTC', 'm');
$fday = DateTimeFormat::convert($fdt, $tz, 'UTC', 'd'); $fday = DateTimeFormat::convert($fdt, $tz, 'UTC', 'd');
$fhour = (x($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'H') : '00'); $fhour = !empty($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'H') : '00';
$fminute = (x($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'i') : '00'); $fminute = !empty($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'i') : '00';
$perms = ACL::getDefaultUserPermissions($orig_event); $perms = ACL::getDefaultUserPermissions($orig_event);
@ -497,7 +502,7 @@ function events_content(App $a) {
$tpl = get_markup_template('event_form.tpl'); $tpl = get_markup_template('event_form.tpl');
$o .= replace_macros($tpl,[ $o .= replace_macros($tpl, [
'$post' => System::baseUrl() . '/events', '$post' => System::baseUrl() . '/events',
'$eid' => $eid, '$eid' => $eid,
'$cid' => $cid, '$cid' => $cid,
@ -511,11 +516,31 @@ function events_content(App $a) {
'$title' => L10n::t('Event details'), '$title' => L10n::t('Event details'),
'$desc' => L10n::t('Starting date and Title are required.'), '$desc' => L10n::t('Starting date and Title are required.'),
'$s_text' => L10n::t('Event Starts:') . ' <span class="required" title="' . L10n::t('Required') . '">*</span>', '$s_text' => L10n::t('Event Starts:') . ' <span class="required" title="' . L10n::t('Required') . '">*</span>',
'$s_dsel' => Temporal::getDateTimeField(new DateTime(), DateTime::createFromFormat('Y', $syear+5), DateTime::createFromFormat('Y-m-d H:i', "$syear-$smonth-$sday $shour:$sminute"), L10n::t('Event Starts:'), 'start_text', true, true, '', '', true), '$s_dsel' => Temporal::getDateTimeField(
new DateTime(),
DateTime::createFromFormat('Y', $syear+5),
DateTime::createFromFormat('Y-m-d H:i', "$syear-$smonth-$sday $shour:$sminute"),
L10n::t('Event Starts:'),
'start_text',
true,
true,
'',
'',
true
),
'$n_text' => L10n::t('Finish date/time is not known or not relevant'), '$n_text' => L10n::t('Finish date/time is not known or not relevant'),
'$n_checked' => $n_checked, '$n_checked' => $n_checked,
'$f_text' => L10n::t('Event Finishes:'), '$f_text' => L10n::t('Event Finishes:'),
'$f_dsel' => Temporal::getDateTimeField(new DateTime(), DateTime::createFromFormat('Y', $fyear+5), DateTime::createFromFormat('Y-m-d H:i', "$fyear-$fmonth-$fday $fhour:$fminute"), L10n::t('Event Finishes:'), 'finish_text', true, true, 'start_text'), '$f_dsel' => Temporal::getDateTimeField(
new DateTime(),
DateTime::createFromFormat('Y', $fyear+5),
DateTime::createFromFormat('Y-m-d H:i', "$fyear-$fmonth-$fday $fhour:$fminute"),
L10n::t('Event Finishes:'),
'finish_text',
true,
true,
'start_text'
),
'$a_text' => L10n::t('Adjust for viewer timezone'), '$a_text' => L10n::t('Adjust for viewer timezone'),
'$a_checked' => $a_checked, '$a_checked' => $a_checked,
'$d_text' => L10n::t('Description:'), '$d_text' => L10n::t('Description:'),
@ -536,7 +561,6 @@ function events_content(App $a) {
'$basic' => L10n::t('Basic'), '$basic' => L10n::t('Basic'),
'$advanced' => L10n::t('Advanced'), '$advanced' => L10n::t('Advanced'),
'$permissions' => L10n::t('Permissions'), '$permissions' => L10n::t('Permissions'),
]); ]);
return $o; return $o;

View file

@ -305,7 +305,9 @@ $(function() {
// Asynchronous calls are deferred until the very end of the page load to ease on slower connections // Asynchronous calls are deferred until the very end of the page load to ease on slower connections
window.addEventListener("load", function(){ window.addEventListener("load", function(){
NavUpdate(); NavUpdate();
acl.get(0, 100); if (typeof acl !== 'undefined') {
acl.get(0, 100);
}
}); });
// Allow folks to stop the ajax page updates with the pause/break key // Allow folks to stop the ajax page updates with the pause/break key

View file

@ -1,7 +1,7 @@
$(document).ready(function() { $(document).ready(function() {
// Go to the permissions tab if the checkbox is checked. // Go to the permissions tab if the checkbox is checked.
$('body').on("click", "#id_share", function() { $('body').on("click", "#id_share", function() {
if ($('#id_share').is(':checked') && !( $('#id_share').attr("disabled"))) { if ($('#id_share').is(':checked') && !( $('#id_share').attr("disabled"))) {
$('#acl-wrapper').show(); $('#acl-wrapper').show();
$("a#event-perms-lnk").parent("li").show(); $("a#event-perms-lnk").parent("li").show();
toggleEventNav("a#event-perms-lnk"); toggleEventNav("a#event-perms-lnk");
@ -54,20 +54,19 @@ $(document).ready(function() {
// without page reloading (e.g. closing an old modal and open a new modal). // without page reloading (e.g. closing an old modal and open a new modal).
// Otherwise we wouldn't get the ACL data. // Otherwise we wouldn't get the ACL data.
/// @todo: Try to implement some kind of ACL reloading in acl.js. /// @todo: Try to implement some kind of ACL reloading in acl.js.
if (typeof acl !== "undefined") {
var eventPerms = document.getElementById('event-edit-form');
acl = new ACL( var eventPerms = document.getElementById('event-edit-form');
baseurl + "/acl",
[
eventPerms.dataset.allow_cid,
eventPerms.dataset.allow_gid,
eventPerms.dataset.deny_cid,
eventPerms.dataset.deny_gid
]
);
}
acl = new ACL(
baseurl + "/acl",
[
JSON.parse(eventPerms.dataset.allow_cid),
JSON.parse(eventPerms.dataset.allow_gid),
JSON.parse(eventPerms.dataset.deny_cid),
JSON.parse(eventPerms.dataset.deny_gid)
]
);
acl.get(0, 100);
}); });
// Load the html of the actual event and incect the output to the // Load the html of the actual event and incect the output to the
@ -81,7 +80,7 @@ function doEventPreview() {
} }
// The following functions show/hide the specific event-edit content // The following functions show/hide the specific event-edit content
// in dependence of the selected nav. // in dependence of the selected nav.
function eventAclActive() { function eventAclActive() {
$("#event-edit-wrapper, #event-preview, #event-desc-wrapper").hide(); $("#event-edit-wrapper, #event-preview, #event-desc-wrapper").hide();