Merge pull request #5750 from MrPetovan/bug/5723-frio-fix-new-event-acl

[frio] Fix new event ACL
This commit is contained in:
Michael Vogel 2018-09-09 16:40:31 +00:00 committed by GitHub
commit dcb9bf4136
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 87 additions and 62 deletions

View File

@ -20,7 +20,8 @@ use Friendica\Util\Temporal;
require_once 'include/items.php';
function events_init(App $a) {
function events_init(App $a)
{
if (!local_user()) {
return;
}
@ -42,7 +43,8 @@ function events_init(App $a) {
return;
}
function events_post(App $a) {
function events_post(App $a)
{
logger('post: ' . print_r($_REQUEST, true), LOGGER_DATA);
@ -50,8 +52,8 @@ function events_post(App $a) {
return;
}
$event_id = (x($_POST, 'event_id') ? intval($_POST['event_id']) : 0);
$cid = (x($_POST, 'cid') ? intval($_POST['cid']) : 0);
$event_id = !empty($_POST['event_id']) ? intval($_POST['event_id']) : 0;
$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
$uid = local_user();
$start_text = escape_tags(defaults($_REQUEST, 'start_text', ''));
@ -137,7 +139,7 @@ function events_post(App $a) {
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
// Undo the pseudo-contact of self, since there are real contacts now
if (strpos($str_contact_allow, '<' . $self . '>') !== false ) {
if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
$str_contact_allow = str_replace('<' . $self . '>', '', $str_contact_allow);
}
// Make sure to set the `private` field as true. This is necessary to
@ -187,8 +189,8 @@ function events_post(App $a) {
goaway($_SESSION['return_url']);
}
function events_content(App $a) {
function events_content(App $a)
{
if (!local_user()) {
notice(L10n::t('Permission denied.') . EOL);
return;
@ -244,7 +246,7 @@ function events_content(App $a) {
$mode = 'view';
$y = 0;
$m = 0;
$ignored = (x($_REQUEST, 'ignored') ? intval($_REQUEST['ignored']) : 0);
$ignored = !empty($_REQUEST['ignored']) ? intval($_REQUEST['ignored']) : 0;
if ($a->argc > 1) {
if ($a->argc > 2 && $a->argv[1] == 'event') {
@ -272,7 +274,6 @@ function events_content(App $a) {
// The view mode part is similiar to /mod/cal.php
if ($mode == 'view') {
$thisyear = DateTimeFormat::localNow('Y');
$thismonth = DateTimeFormat::localNow('m');
if (!$y) {
@ -312,10 +313,10 @@ function events_content(App $a) {
$finish = sprintf('%d-%d-%d %d:%d:%d', $y, $m, $dim, 23, 59, 59);
if ($a->argc > 1 && $a->argv[1] === 'json') {
if (x($_GET, 'start')) {
if (!empty($_GET['start'])) {
$start = $_GET['start'];
}
if (x($_GET, 'end')) {
if (!empty($_GET['end'])) {
$finish = $_GET['end'];
}
}
@ -349,7 +350,7 @@ function events_content(App $a) {
$r = Event::sortByDate($r);
foreach ($r as $rr) {
$j = $rr['adjust'] ? DateTimeFormat::local($rr['start'], 'j') : DateTimeFormat::utc($rr['start'], 'j');
if (!x($links,$j)) {
if (empty($links[$j])) {
$links[$j] = System::baseUrl() . '/' . $a->cmd . '#link-' . $j;
}
}
@ -363,12 +364,12 @@ function events_content(App $a) {
$events = Event::prepareListForTemplate($r);
}
if ($a->argc > 1 && $a->argv[1] === 'json'){
if ($a->argc > 1 && $a->argv[1] === 'json') {
echo json_encode($events);
killme();
}
if (x($_GET, 'id')) {
if (!empty($_GET['id'])) {
$tpl = get_markup_template("event.tpl");
} else {
$tpl = get_markup_template("events_js.tpl");
@ -378,7 +379,7 @@ function events_content(App $a) {
foreach ($events as $key => $event) {
$event_item = [];
foreach ($event['item'] as $k => $v) {
$k = str_replace('-' ,'_', $k);
$k = str_replace('-', '_', $k);
$event_item[$k] = $v;
}
$events[$key]['item'] = $event_item;
@ -403,7 +404,7 @@ function events_content(App $a) {
'$list' => L10n::t('list'),
]);
if (x($_GET, 'id')) {
if (!empty($_GET['id'])) {
echo $o;
killme();
}
@ -428,41 +429,45 @@ function events_content(App $a) {
}
// In case of an error the browser is redirected back here, with these parameters filled in with the previous values
if (x($_REQUEST, 'nofinish')) {$orig_event['nofinish'] = $_REQUEST['nofinish'];}
if (x($_REQUEST, 'adjust')) {$orig_event['adjust'] = $_REQUEST['adjust'];}
if (x($_REQUEST, 'summary')) {$orig_event['summary'] = $_REQUEST['summary'];}
if (x($_REQUEST, 'description')) {$orig_event['description'] = $_REQUEST['description'];}
if (x($_REQUEST, 'location')) {$orig_event['location'] = $_REQUEST['location'];}
if (x($_REQUEST, 'start')) {$orig_event['start'] = $_REQUEST['start'];}
if (x($_REQUEST, 'finish')) {$orig_event['finish'] = $_REQUEST['finish'];}
if (x($_REQUEST,'finish')) $orig_event['finish'] = $_REQUEST['finish'];
if (!empty($_REQUEST['nofinish'])) {$orig_event['nofinish'] = $_REQUEST['nofinish'];}
if (!empty($_REQUEST['adjust'])) {$orig_event['adjust'] = $_REQUEST['adjust'];}
if (!empty($_REQUEST['summary'])) {$orig_event['summary'] = $_REQUEST['summary'];}
if (!empty($_REQUEST['description'])) {$orig_event['description'] = $_REQUEST['description'];}
if (!empty($_REQUEST['location'])) {$orig_event['location'] = $_REQUEST['location'];}
if (!empty($_REQUEST['start'])) {$orig_event['start'] = $_REQUEST['start'];}
if (!empty($_REQUEST['finish'])) {$orig_event['finish'] = $_REQUEST['finish'];}
$n_checked = ((x($orig_event) && $orig_event['nofinish']) ? ' checked="checked" ' : '');
$a_checked = ((x($orig_event) && $orig_event['adjust']) ? ' checked="checked" ' : '');
$n_checked = (!empty($orig_event['nofinish']) ? ' checked="checked" ' : '');
$a_checked = (!empty($orig_event['adjust']) ? ' checked="checked" ' : '');
$t_orig = (x($orig_event) ? $orig_event['summary'] : '');
$d_orig = (x($orig_event) ? $orig_event['desc'] : '');
$l_orig = (x($orig_event) ? $orig_event['location'] : '');
$eid = (x($orig_event) ? $orig_event['id'] : 0);
$cid = (x($orig_event) ? $orig_event['cid'] : 0);
$uri = (x($orig_event) ? $orig_event['uri'] : '');
$t_orig = !empty($orig_event) ? $orig_event['summary'] : '';
$d_orig = !empty($orig_event) ? $orig_event['desc'] : '';
$l_orig = !empty($orig_event) ? $orig_event['location'] : '';
$eid = !empty($orig_event) ? $orig_event['id'] : 0;
$cid = !empty($orig_event) ? $orig_event['cid'] : 0;
$uri = !empty($orig_event) ? $orig_event['uri'] : '';
$sh_disabled = '';
$sh_checked = '';
if (x($orig_event)) {
$sh_checked = (($orig_event['allow_cid'] === '<' . local_user() . '>' && !$orig_event['allow_gid'] && !$orig_event['deny_cid'] && !$orig_event['deny_gid']) ? '' : ' checked="checked" ');
if (!empty($orig_event)
&& ($orig_event['allow_cid'] !== '<' . local_user() . '>'
|| $orig_event['allow_gid']
|| $orig_event['deny_cid']
|| $orig_event['deny_gid']))
{
$sh_checked = ' checked="checked" ';
}
if ($cid || $mode === 'edit') {
$sh_disabled = 'disabled="disabled"';
}
$sdt = (x($orig_event) ? $orig_event['start'] : 'now');
$fdt = (x($orig_event) ? $orig_event['finish'] : 'now');
$sdt = !empty($orig_event) ? $orig_event['start'] : 'now';
$fdt = !empty($orig_event) ? $orig_event['finish'] : 'now';
$tz = date_default_timezone_get();
if (x($orig_event)) {
if (!empty($orig_event)) {
$tz = ($orig_event['adjust'] ? date_default_timezone_get() : 'UTC');
}
@ -470,15 +475,15 @@ function events_content(App $a) {
$smonth = DateTimeFormat::convert($sdt, $tz, 'UTC', 'm');
$sday = DateTimeFormat::convert($sdt, $tz, 'UTC', 'd');
$shour = (x($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'H') : '00');
$sminute = (x($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'i') : '00');
$shour = !empty($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'H') : '00';
$sminute = !empty($orig_event) ? DateTimeFormat::convert($sdt, $tz, 'UTC', 'i') : '00';
$fyear = DateTimeFormat::convert($fdt, $tz, 'UTC', 'Y');
$fmonth = DateTimeFormat::convert($fdt, $tz, 'UTC', 'm');
$fday = DateTimeFormat::convert($fdt, $tz, 'UTC', 'd');
$fhour = (x($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'H') : '00');
$fminute = (x($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'i') : '00');
$fhour = !empty($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'H') : '00';
$fminute = !empty($orig_event) ? DateTimeFormat::convert($fdt, $tz, 'UTC', 'i') : '00';
$perms = ACL::getDefaultUserPermissions($orig_event);
@ -497,7 +502,7 @@ function events_content(App $a) {
$tpl = get_markup_template('event_form.tpl');
$o .= replace_macros($tpl,[
$o .= replace_macros($tpl, [
'$post' => System::baseUrl() . '/events',
'$eid' => $eid,
'$cid' => $cid,
@ -511,11 +516,31 @@ function events_content(App $a) {
'$title' => L10n::t('Event details'),
'$desc' => L10n::t('Starting date and Title are required.'),
'$s_text' => L10n::t('Event Starts:') . ' <span class="required" title="' . L10n::t('Required') . '">*</span>',
'$s_dsel' => Temporal::getDateTimeField(new DateTime(), DateTime::createFromFormat('Y', $syear+5), DateTime::createFromFormat('Y-m-d H:i', "$syear-$smonth-$sday $shour:$sminute"), L10n::t('Event Starts:'), 'start_text', true, true, '', '', true),
'$s_dsel' => Temporal::getDateTimeField(
new DateTime(),
DateTime::createFromFormat('Y', $syear+5),
DateTime::createFromFormat('Y-m-d H:i', "$syear-$smonth-$sday $shour:$sminute"),
L10n::t('Event Starts:'),
'start_text',
true,
true,
'',
'',
true
),
'$n_text' => L10n::t('Finish date/time is not known or not relevant'),
'$n_checked' => $n_checked,
'$f_text' => L10n::t('Event Finishes:'),
'$f_dsel' => Temporal::getDateTimeField(new DateTime(), DateTime::createFromFormat('Y', $fyear+5), DateTime::createFromFormat('Y-m-d H:i', "$fyear-$fmonth-$fday $fhour:$fminute"), L10n::t('Event Finishes:'), 'finish_text', true, true, 'start_text'),
'$f_dsel' => Temporal::getDateTimeField(
new DateTime(),
DateTime::createFromFormat('Y', $fyear+5),
DateTime::createFromFormat('Y-m-d H:i', "$fyear-$fmonth-$fday $fhour:$fminute"),
L10n::t('Event Finishes:'),
'finish_text',
true,
true,
'start_text'
),
'$a_text' => L10n::t('Adjust for viewer timezone'),
'$a_checked' => $a_checked,
'$d_text' => L10n::t('Description:'),
@ -536,7 +561,6 @@ function events_content(App $a) {
'$basic' => L10n::t('Basic'),
'$advanced' => L10n::t('Advanced'),
'$permissions' => L10n::t('Permissions'),
]);
return $o;

View File

@ -305,7 +305,9 @@ $(function() {
// Asynchronous calls are deferred until the very end of the page load to ease on slower connections
window.addEventListener("load", function(){
NavUpdate();
if (typeof acl !== 'undefined') {
acl.get(0, 100);
}
});
// Allow folks to stop the ajax page updates with the pause/break key

View File

@ -54,20 +54,19 @@ $(document).ready(function() {
// without page reloading (e.g. closing an old modal and open a new modal).
// Otherwise we wouldn't get the ACL data.
/// @todo: Try to implement some kind of ACL reloading in acl.js.
if (typeof acl !== "undefined") {
var eventPerms = document.getElementById('event-edit-form');
acl = new ACL(
baseurl + "/acl",
[
eventPerms.dataset.allow_cid,
eventPerms.dataset.allow_gid,
eventPerms.dataset.deny_cid,
eventPerms.dataset.deny_gid
JSON.parse(eventPerms.dataset.allow_cid),
JSON.parse(eventPerms.dataset.allow_gid),
JSON.parse(eventPerms.dataset.deny_cid),
JSON.parse(eventPerms.dataset.deny_gid)
]
);
}
acl.get(0, 100);
});
// Load the html of the actual event and incect the output to the