Navigation

← Previous Change
Next Change →

Changeset 1087 for devel

Timestamp:

04/26/07 09:05:09 (2 years ago)

Author:

ben

Message:

Added permissions checking for all of the new community functions.

Files:

devel/mod/community/lib/communities_actions.php (modified) (1 diff)
devel/mod/community/lib/communities_edit.php (modified) (1 diff)
devel/mod/community/lib/communities_members.php (modified) (1 diff)
devel/mod/community/lib/communities_moderator_of.php (modified) (1 diff)
devel/mod/community/lib/community_memberships.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

devel/mod/community/lib/communities_actions.php

r1080	r1087
11	11	$friend_id = optional_param('friend_id',0,PARAM_INT);
12	12
13		~~switch($action~~) {
	13	if (isloggedin()) {
14	14
15		// Create a new community
16		case "community:create":
17		$comm_name = optional_param('comm_name');
18		$comm_username = optional_param('comm_username');
19		if (logged_on && !empty($comm_name) && !empty($comm_username) &&
20		($CFG->community_create_flag == "" \|\| user_flag_get($CFG->community_create_flag, $USER->ident))) {
21		if (!preg_match("/^[A-Za-z0-9]{3,12}$/",$comm_username)) {
22		$messages[] = __gettext("Error! The community username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
23		} else if (trim($comm_name) == "") {
24		$messages[] = __gettext("Error! The community name cannot be blank.");
25		} else {
26		$comm_username = strtolower(trim($comm_username));
27		if (record_exists('users','username',$comm_username)) {
28		$messages[] = sprintf(__gettext("The username %s is already taken by another user. You will need to pick a different one."), $comm_username);
	15	switch($action) {
	16
	17	// Create a new community
	18	case "community:create":
	19	$comm_name = optional_param('comm_name');
	20	$comm_username = optional_param('comm_username');
	21	if (logged_on && !empty($comm_name) && !empty($comm_username) &&
	22	($CFG->community_create_flag == "" \|\| user_flag_get($CFG->community_create_flag, $USER->ident))) {
	23	if (!preg_match("/^[A-Za-z0-9]{3,12}$/",$comm_username)) {
	24	$messages[] = __gettext("Error! The community username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
	25	} else if (trim($comm_name) == "") {
	26	$messages[] = __gettext("Error! The community name cannot be blank.");
29	27	} else {
30		$name = trim($comm_name);
31		$c = new StdClass;
32		$c->name = $name;
33		$c->username = $comm_username;
34		$c->user_type = 'community';
35		$c->owner = $USER->ident;
36		$cid = insert_record('users',$c);
37		$c->ident = $cid;
38
39		$rssresult = run("weblogs:rss:publish", array($cid, false));
40		$rssresult = run("files:rss:publish", array($cid, false));
41		$rssresult = run("profile:rss:publish", array($cid, false));
42
43		$f = new StdClass;
44		$f->owner = $USER->ident;
45		$f->friend = $cid;
46		insert_record('friends',$f);
47		plugin_hook("community","publish",$c);
48		$messages[] = __gettext("Your community was created and you were added as its first member.");
49		$_SESSION['messages'] = $messages;
50		header("Location: " . $CFG->wwwroot."profile/edit.php?profile_id=".$cid);
51		exit;
	28	$comm_username = strtolower(trim($comm_username));
	29	if (record_exists('users','username',$comm_username)) {
	30	$messages[] = sprintf(__gettext("The username %s is already taken by another user. You will need to pick a different one."), $comm_username);
	31	} else {
	32	$name = trim($comm_name);
	33	$c = new StdClass;
	34	$c->name = $name;
	35	$c->username = $comm_username;
	36	$c->user_type = 'community';
	37	$c->owner = $USER->ident;
	38	$cid = insert_record('users',$c);
	39	$c->ident = $cid;
	40
	41	$rssresult = run("weblogs:rss:publish", array($cid, false));
	42	$rssresult = run("files:rss:publish", array($cid, false));
	43	$rssresult = run("profile:rss:publish", array($cid, false));
	44
	45	$f = new StdClass;
	46	$f->owner = $USER->ident;
	47	$f->friend = $cid;
	48	insert_record('friends',$f);
	49	plugin_hook("community","publish",$c);
	50	$messages[] = __gettext("Your community was created and you were added as its first member.");
	51	$_SESSION['messages'] = $messages;
	52	header("Location: " . $CFG->wwwroot."profile/edit.php?profile_id=".$cid);
	53	exit;
	54	}
52	55	}
53	56	}
54		}
55
56		// There is deliberately not a break here - creating a community should automatically make you a member.
57
58		// Friend someone
59		case "friend":
60		if (!empty($friend_id) && logged_on) {
61		if (user_info("user_type",$friend_id) == "community") {
62		if ($friend = get_record('users','ident',$friend_id)) {
63		$owner = get_record('users','ident',$friend->owner);
64		if ($friend->moderation == "no") {
65		$messages[] = sprintf(__gettext("You joined %s."), stripslashes($friend->name));
66		if (user_flag_get("emailnotifications",$owner->ident)) {
67		$message_body = sprintf(__gettext("%s has joined %s!\n\nTo visit this user's profile, click on the following link:\n\n\t".
68		"%s\n\nTo view all community members, click here:\n\n\t%s\n\nRegards,\n\nThe %s team."),
69		$_SESSION['name'], $friend->name, $CFG->wwwroot . user_info("username",$USER->ident) . "/", $CFG->wwwroot . "_communities/members.php?owner=" . $friend_id,$CFG->sitename);
70		$title = sprintf(__gettext("New %s member"), $friend->name);
71		notify_user($owner->ident,$title,$message_body);
	57
	58	// There is deliberately not a break here - creating a community should automatically make you a member.
	59
	60	// Friend someone
	61	case "friend":
	62	if (!empty($friend_id) && logged_on) {
	63	if (user_info("user_type",$friend_id) == "community") {
	64	if ($friend = get_record('users','ident',$friend_id)) {
	65	$owner = get_record('users','ident',$friend->owner);
	66	if ($friend->moderation == "no") {
	67	$messages[] = sprintf(__gettext("You joined %s."), stripslashes($friend->name));
	68	if (user_flag_get("emailnotifications",$owner->ident)) {
	69	$message_body = sprintf(__gettext("%s has joined %s!\n\nTo visit this user's profile, click on the following link:\n\n\t".
	70	"%s\n\nTo view all community members, click here:\n\n\t%s\n\nRegards,\n\nThe %s team."),
	71	$_SESSION['name'], $friend->name, $CFG->wwwroot . user_info("username",$USER->ident) . "/", $CFG->wwwroot . "_communities/members.php?owner=" . $friend_id,$CFG->sitename);
	72	$title = sprintf(__gettext("New %s member"), $friend->name);
	73	notify_user($owner->ident,$title,$message_body);
	74	}
	75	} else if ($friend->moderation == "yes") {
	76	$messages[] = sprintf(__gettext("Membership of %s needs to be approved. Your request has been added to the list."), stripslashes($friend->name));
	77	if (user_flag_get("emailnotifications",$owner->ident)) {
	78	$message_body = sprintf(__gettext("%s has applied to join %s!\n\nTo visit this user's profile, click on the following link:\n\n\t".
	79	"%s\n\nTo view all membership requests and approve or deny this user, click here:\n\n\t%s\n\nRegards,\n\nThe %s team."),
	80	$_SESSION['name'], $friend->name, $CFG->wwwroot . user_info("username",$USER->ident) . "/", $CFG->wwwroot . "_communities/members.php?owner=" . $friend_id,$CFG->sitename);
	81	$title = sprintf(__gettext("New %s member request"), $friend->name);
	82	notify_user($owner->ident,$title,$message_body);
	83	}
	84	} else if ($friend->moderation == "priv") {
	85	$messages[] = sprintf(__gettext("%s is a private community. Your membership request has been declined."), stripslashes($friend->name));
72	86	}
73		~~} else if ($friend->moderation == "yes") {~~
74		~~$messages[] = sprintf(__gettext("Membership of %s needs to be approved. Your request has been added to the list."), stripslashes($friend->name));~~
75		~~if (user_flag_get("emailnotifications",$owner->ident)) {~~
76		~~$message_body = sprintf(__gettext("%s has applied to join %s!\n\nTo visit this user's profile, click on the following link:\n\n\t".~~
77		~~"%s\n\nTo view all membership requests and approve or deny this user, click here:\n\n\t%s\n\nRegards,\n\nThe %s team."),~~
78		~~$_SESSION['name'], $friend->name, $CFG->wwwroot . user_info("username",$USER->ident) . "/", $CFG->wwwroot . "_communities/members.php?owner=" . $friend_id,$CFG->sitename);~~
79		~~$title = sprintf(__gettext("New %s member request"), $friend->name);~~
80		~~notify_user($owner->ident,$title,$message_body);~~
81		}
82		~~} else if ($friend->moderation == "priv") {~~
83		~~$messages[] = sprintf(__gettext("%s is a private community. Your membership request has been declined."), stripslashes($friend->name));~~
84	87	}
85	88	}
86	89	}
87		}
88		~~break;~~
89
90		~~// Unfriend someone~~
91		~~case "unfriend":~~
92		~~if (!empty($friend_id) && logged_on~~) {
93		~~if (user_type($friend_id) == "community") {~~
94		~~$name = user_info('username', $friend_id~~);
95		~~$messages[] = sprintf(__gettext("You left %s."), $name);~~
	90	break;
	91
	92	// Unfriend someone
	93	case "unfriend":
	94	if (!empty($friend_id) && logged_on) {
	95	if (user_type($friend_id) == "community") {
	96	$name = user_info('username', $friend_id);
	97	$messages[] = sprintf(__gettext("You left %s."), $name);
	98	}
96	99	}
97		}
98		break;
99
100		case "community:delete":
101		if (user_delete($page_owner)) {
102		plugin_hook("community","publish",$page_owner);
103		$messages[] = __gettext("The community was deleted.");
104		} else {
105		$messages[] = __gettext("Error: the community could not be deleted.");
106		}
107		$_SESSION['messages'] = $messages;
108
109		header("Location: ".$CFG->wwwroot.$USER->username."/communities");
110		exit;
111		break;
112		case "separate":
113		if(!empty($friend_id)){
114		if(user_type($profile_id) == "community"){
115		$name = user_info("username",$friend_id);
116		if(delete_records("friends","owner",$friend_id,"friend",$profile_id)){
117		$messages[] = sprintf(__gettext("%s was removed from your community"),$name);
	100	break;
	101
	102	case "community:delete":
	103	if (run("permissions:check",array("userdetails:change", $page_owner))) {
	104	if (user_delete($page_owner)) {
	105	plugin_hook("community","publish",$page_owner);
	106	$messages[] = __gettext("The community was deleted.");
	107	} else {
	108	$messages[] = __gettext("Error: the community could not be deleted.");
	109	}
	110	$_SESSION['messages'] = $messages;
	111	header("Location: ".$CFG->wwwroot.$USER->username."/communities");
	112	exit;
	113	}
	114	break;
	115	case "separate":
	116	if(!empty($friend_id)){
	117	if(user_type($profile_id) == "community"){
	118	$name = user_info("username",$friend_id);
	119	if(delete_records("friends","owner",$friend_id,"friend",$profile_id)){
	120	$messages[] = sprintf(__gettext("%s was removed from your community"),$name);
	121	}
	122	else{
	123	$messages = sprintf(__gettext("%s coundn't be removed from your community"),$name);
	124	}
	125	}
118	126	}
119		~~else{~~
120		~~$messages = sprintf(__gettext("%s coundn't be removed from your community"),$name);~~
121		}
122		}
123		}
124		~~break;~~
125
126		~~case "weblogs:post:add":~~
127		~~if (user_type($page_owner) == "community") {~~
128		~~$messages[] = __gettext("Your post has been added to the community weblog.");~~
129		}
130	127	break;
131
132		// Approve a membership request
133		case "community:approve:request":
134		$request_id = optional_param('request_id',0,PARAM_INT);
135		if (!empty($request_id) && logged_on && user_type($page_owner) == "community") {
136		if ($request = get_record_sql('SELECT u.name,fr.owner,fr.friend FROM '.$CFG->prefix.'friends_requests fr LEFT JOIN '.$CFG->prefix.'users u ON u.ident = fr.owner
137		WHERE fr.ident = ?',array($request_id))) {
138		if (run("permissions:check",array("userdetails:change", $page_owner))) {
139		$f = new StdClass;
140		$f->owner = $request->owner;
141		$f->friend = $request->friend;
142		if (insert_record('friends',$f)) {
143		delete_records('friends_requests','ident',$request_id);
144		$messages[] = sprintf(__gettext("You approved the membership request. %s is now a member of this community."),stripslashes($request->name));
	128
	129	case "weblogs:post:add":
	130	if (user_type($page_owner) == "community") {
	131	$messages[] = __gettext("Your post has been added to the community weblog.");
	132	}
	133	break;
	134
	135	// Approve a membership request
	136	case "community:approve:request":
	137	$request_id = optional_param('request_id',0,PARAM_INT);
	138	if (!empty($request_id) && logged_on && user_type($page_owner) == "community") {
	139	if ($request = get_record_sql('SELECT u.name,fr.owner,fr.friend FROM '.$CFG->prefix.'friends_requests fr LEFT JOIN '.$CFG->prefix.'users u ON u.ident = fr.owner
	140	WHERE fr.ident = ?',array($request_id))) {
	141	if (run("permissions:check",array("userdetails:change", $page_owner))) {
	142	$f = new StdClass;
	143	$f->owner = $request->owner;
	144	$f->friend = $request->friend;
	145	if (insert_record('friends',$f)) {
	146	delete_records('friends_requests','ident',$request_id);
	147	$messages[] = sprintf(__gettext("You approved the membership request. %s is now a member of this community."),stripslashes($request->name));
	148	} else {
	149	$messages[] = __gettext("An error occurred: the membership request could not be approved.");
	150	}
145	151	} else {
146		$messages[] = __gettext("~~An error occurred: the membership request could not be approved~~.");
	152	$messages[] = __gettext("Error: you do not have authority to modify this membership request.");
147	153	}
148	154	} else {
149		$messages[] = __gettext("~~Error: you do not have authority to modify this membership request~~.");
	155	$messages[] = __gettext("An error occurred: the membership request could not be found.");
150	156	}
151		} else {
152		$messages[] = __gettext("An error occurred: the membership request could not be found.");
	157
153	158	}
154
155		}
156		break;
157
158		// Reject a membership request
159		case "community:decline:request":
160		$request_id = optional_param('request_id',0,PARAM_INT);
161		if (!empty($request_id) && logged_on && user_type($page_owner) == "community") {
162		if ($request = get_record_sql('SELECT u.name,fr.owner,fr.friend FROM '.$CFG->prefix.'friends_requests fr LEFT JOIN '.$CFG->prefix.'users u ON u.ident = fr.owner
163		WHERE fr.ident = ?',array($request_id))) {
164		if (run("permissions:check",array("userdetails:change", $page_owner))) {
165		delete_records('friends_requests','ident',$request_id);
166		$messages[] = sprintf(__gettext("You declined the membership request. %s is not a member of this community."),stripslashes($request->name));
	159	break;
	160
	161	// Reject a membership request
	162	case "community:decline:request":
	163	$request_id = optional_param('request_id',0,PARAM_INT);
	164	if (!empty($request_id) && logged_on && user_type($page_owner) == "community") {
	165	if ($request = get_record_sql('SELECT u.name,fr.owner,fr.friend FROM '.$CFG->prefix.'friends_requests fr LEFT JOIN '.$CFG->prefix.'users u ON u.ident = fr.owner
	166	WHERE fr.ident = ?',array($request_id))) {
	167	if (run("permissions:check",array("userdetails:change", $page_owner))) {
	168	delete_records('friends_requests','ident',$request_id);
	169	$messages[] = sprintf(__gettext("You declined the membership request. %s is not a member of this community."),stripslashes($request->name));
	170	} else {
	171	$messages[] = __gettext("Error: you do not have authority to modify this membership request.");
	172	}
167	173	} else {
168		$messages[] = __gettext("~~Error: you do not have authority to modify this membership request~~.");
	174	$messages[] = __gettext("An error occurred: the membership request could not be found.");
169	175	}
170		} else {
171		$messages[] = __gettext("An error occurred: the membership request could not be found.");
	176
172	177	}
173
174		}
175		~~break;~~
176
	178	break;
	179
	180	}
	181
177	182	}
178	183	?>

devel/mod/community/lib/communities_edit.php

r1080	r1087
26	26	$membercount = count($members);
27	27	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/members\">".__gettext("Members")." (".$membercount.")</a>";
28		if($info->owner == $~~user_id~~){
29		$_body = &$owned;
30		$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/profile\">".__gettext("Administrate")."</a>";
31		~~$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to delete this community?"~~) ."')\"";
32		$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/delete\" $msg>".__gettext("Delete")."</a>";
33		}
34		~~else{~~
35		~~$_body = &$member~~;
36		~~$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to separate this user from the community?") ."')\"~~";
37		~~$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/separate/".$user_id."\" $msg>".__gettext("Separate")."</a>";~~
	28	if($info->owner == $_SESSION['userid']){
	29	$_body = &$owned;
	30	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/profile\">".__gettext("Administrate")."</a>";
	31	$msg= "onclick=\"return confirm('". addslashes(__gettext("Are you sure you want to delete this community?")) ."')\"";
	32	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/delete\" $msg>".__gettext("Delete")."</a>";
	33	if ($user_id != $_SESSION['userid']) {
	34	$_body = &$member;
	35	$msg= "onclick=\"return confirm('". addslashes(__gettext("Are you sure you want to separate this user from the community?")) ."')\"";
	36	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/separate/".$user_id."\" $msg>".__gettext("Separate")."</a>";
	37	}
38	38	}
39	39	$functions = implode("\n",array_map(create_function('$entry',"return \"<li>\$entry</li>\";"),$functions));

devel/mod/community/lib/communities_members.php

r1080	r1087
22	22	// $friends_menu = run("users:infobox:menu",array($info->ident));
23	23	$functions = array();
24		if($community_owner != $info->ident){
25		$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to separate this user from the community?") ."')\"";
26		$functions[] = "<a href=\"".$CFG->wwwroot.$community_name."/community/separate/".$info->ident."\" $msg>".__gettext("Separate")."</a>";
	24	if($community_owner != $info->ident &&
	25	$community_owner == $_SESSION['userid']){
	26	$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to separate this user from the community?") ."')\"";
	27	$functions[] = "<a href=\"".$CFG->wwwroot.$community_name."/community/separate/".$info->ident."\" $msg>".__gettext("Separate")."</a>";
27	28	}
28		else{
29		$functions[] = "<b>(".__gettext("Owner").")</b>";
	29	else if ($community_owner == $info->ident) {
	30	$functions[] = "<b>(".__gettext("Owner").")</b>";
30	31	}
31	32	//@todo Add the funcionality to add admin users.

devel/mod/community/lib/communities_moderator_of.php

r1080	r1087
23	23	$membercount = count($members);
24	24	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/members\">".__gettext("Members")." (".$membercount.")</a>";
25		$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/profile\">".__gettext("Administrate")."</a>";
26		$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to delete this community?") ."')\"";
27		$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/delete\" $msg>".__gettext("Delete")."</a>";
	25	if ($info->owner == $_SESSION['userid']) {
	26	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/profile\">".__gettext("Administrate")."</a>";
	27	$msg= "onclick=\"return confirm('". __gettext("Are you sure you want to delete this community?") ."')\"";
	28	$functions[] = "<a href=\"".$CFG->wwwroot.$info->username."/community/delete\" $msg>".__gettext("Delete")."</a>";
	29	}
28	30
29	31	$functions = implode("\n",array_map(create_function('$entry',"return \"<li>\$entry</li>\";"),$functions));

devel/mod/community/lib/community_memberships.php

r1080	r1087
41	41	__gettext("Members"),
42	42	$friends,
43		"<a href=\"".~~url.user_info('ident~~',$page_owner)."/community/members\">" . __gettext("Members") . "</a>"
	43	"<a href=\"".$CFG->wwwroot.user_info('username',$page_owner)."/community/members\">" . __gettext("Members") . "</a>"
44	44	)
45	45	);

Download in other formats: