Changeset 1500 for releases/0.9
- Timestamp:
- 12/24/07 21:10:45 (9 months ago)
- Files:
-
- releases/0.9/htaccess-dist (modified) (1 diff)
- releases/0.9/lib/filelib.php (modified) (1 diff)
- releases/0.9/mod/blog/lib/weblogs_actions.php (modified) (2 diffs)
- releases/0.9/mod/blog/lib/weblogs_posts_add.php (modified) (1 diff)
- releases/0.9/mod/blog/lib/weblogs_posts_edit.php (modified) (1 diff)
- releases/0.9/mod/blog/lib/weblogs_posts_view.php (modified) (1 diff)
- releases/0.9/mod/community/lib/permissions_check.php (modified) (1 diff)
- releases/0.9/mod/file/lib.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
releases/0.9/htaccess-dist
r1473 r1500 134 134 RewriteRule ^([A-Za-z0-9]+)\/files\/([0-9]+)\/?$ mod/file/index.php?files_name=$1&folder=$2 135 135 RewriteRule ^([A-Za-z0-9]+)\/files\/([0-9\-]+)\/([0-9]+)\/(.+)$ mod/file/download.php?files_name=$1&folder=$2&filename=$4&id=$3 136 RewriteRule ^(([A-Za-z0-9])[A-Za-z0-9]+)\/files\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=files 136 137 RewriteRule ^([A-Za-z0-9]+)\/files\/rss\/(.+)\/?$ mod/file/rss2.php?files_name=$1&tag=$2 137 138 RewriteRule ^_icon\/file/([-0-9]+)$ mod/file/icon.php?id=$1 releases/0.9/lib/filelib.php
r806 r1500 4 4 5 5 $mimeinfo = array ( 6 'flv' => array ('type'=>'video/x-flv', 'icon'=>'video.gif'), 6 7 'xxx' => array ('type'=>'document/unknown', 'icon'=>'unknown.gif'), 7 8 '3gp' => array ('type'=>'video/quicktime', 'icon'=>'video.gif'), releases/0.9/mod/blog/lib/weblogs_actions.php
r1401 r1500 70 70 $exists = false; 71 71 if ($oldpost = get_record('weblog_posts','ident',$post->ident)) { 72 if (run("permissions:check", array("weblog:edit", $oldpost->owner))) {72 if (run("permissions:check", array("weblog:edit", $oldpost->owner,$oldpost->weblog))) { 73 73 $exists = true; 74 74 } … … 132 132 if (logged_on && !empty($id)) { 133 133 if ($post_info = get_record('weblog_posts','ident',$id)) { 134 if (run("permissions:check", array("weblog:edit", $post_info->owner))) {134 if (run("permissions:check", array("weblog:edit", $post_info->owner),$post_info->weblog)) { 135 135 $post_info = plugin_hook("weblog_post","delete",$post_info); 136 136 if (!empty($post_info)) { releases/0.9/mod/blog/lib/weblogs_posts_add.php
r1401 r1500 19 19 $extensionContext = trim(optional_param('extension','weblog')); 20 20 21 if (!run("permissions:check", array("weblog:edit",$profile_id))) {21 if (!run("permissions:check", "weblog")) { // just check if the logged on user can add posts 22 22 $messages[] = __gettext("Permission denied"); 23 23 $messages[] = __gettext("You can modify only your own content!"); releases/0.9/mod/blog/lib/weblogs_posts_edit.php
r1401 r1500 13 13 $extensionContext = trim(optional_param('extension','weblog')); 14 14 15 if (!($aver=run("permissions:check", array("weblog:edit",$post->owner )))) {15 if (!($aver=run("permissions:check", array("weblog:edit",$post->owner,$post->weblog)))) { 16 16 $messages[] = __gettext("Permission denied"); 17 17 $messages[] = __gettext("You can modify only your own content!"); releases/0.9/mod/blog/lib/weblogs_posts_view.php
r1395 r1500 121 121 } 122 122 // if ($post->owner == $_SESSION['userid'] && logged_on) { 123 if (run("permissions:check",array("weblog:edit",$post->owner ))) {123 if (run("permissions:check",array("weblog:edit",$post->owner,$post->weblog))) { 124 124 $Edit = __gettext("Edit"); 125 125 $Delete = __gettext("Delete"); releases/0.9/mod/community/lib/permissions_check.php
r1248 r1500 37 37 } else { 38 38 switch($parameter[0]) { 39 39 40 case "files:edit": 40 41 case "weblog:edit": 42 // we need to know 2 things about file or post: its owner and the community it is 43 // posted to. 41 44 $owner = $parameter[1]; 42 if (record_exists('users','ident',$owner,'owner',$USER->ident,'user_type','community')) { 45 if(isset($parameter[2])){ 46 $weblog=$parameter[2]; 47 } else { 48 $weblog=0; 49 } 50 // Here we only check wether the logged on user is the moderator of the community 51 // where the posts was made or file was uploaded ($weblog). 52 // Permission to edit their own content is granted in mod/blog/lib/permission_check.php and 53 // mod/file/lib/permission_check.php. 54 if (record_exists('users','ident',$weblog,'owner',$USER->ident,'user_type','community')) { 43 55 $run_result = true; 44 56 } 45 if (empty($run_result)) { 46 if(run('community:membership',array($page_owner,$USER->ident))){ 47 $run_result = true; 48 } 49 } 57 50 58 break; 51 59 case "userdetails:change": releases/0.9/mod/file/lib.php
r1392 r1500 26 26 27 27 $files_username = user_info('username', $page_owner); 28 28 29 if ($page_owner != -1) { 30 if ($page_owner == $_SESSION['userid'] && $page_owner != -1) { 31 $PAGE->menu_sub[] = array( 'name' => 'file:rss', 32 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/files/rss/"><img src="' . $CFG->wwwroot . 'mod/template/icons/rss.png" border="0" alt="rss" /></a>'); 33 } 34 } 35 29 36 if ($page_owner == $_SESSION['userid'] && $page_owner != -1) { 30 37 $PAGE->menu_sub[] = array( 'name' => 'file:add', 31 38 'html' => a_href( "#addFile", 32 39 __gettext("Add a file or a folder"))); 33 } 34 if ($page_owner != -1) { 35 if ($page_owner == $_SESSION['userid'] && $page_owner != -1) { 36 $PAGE->menu_sub[] = array( 'name' => 'file:rss', 37 'html' => a_href( $CFG->wwwroot.$_SESSION['username']."/files/rss/", 38 __gettext("RSS feed for files"))); 39 } 40 } 40 } 41 41 } 42 42
