@@ -5,6 +5,8 @@ $action = ($_GET['action'] == "index" or !isset($_GET['action'])) ? $admin->determine_action() : $_GET['action']; + $admin->handle_redirects($action); + class AdminTwig { public function __construct() { $this->twig = new Twig_Loader(MAIN_DIR."/admin/layout", (is_writable(INCLUDES_DIR."/caches") and !DEBUG) ? INCLUDES_DIR."/caches" : null); @@ -23,12 +25,14 @@ $trigger->filter($$main_nav, $main_nav."_pages"); } + $visitor = Visitor::current(); + $admin->context["theme"] = $theme; $admin->context["flash"] = Flash::current(); $admin->context["trigger"] = $trigger; $admin->context["title"] = camelize($action, true); $admin->context["site"] = Config::current(); - $admin->context["visitor"] = Visitor::current(); + $admin->context["visitor"] = $visitor; $admin->context["logged_in"] = logged_in(); $admin->context["route"] = array("action" => $action); $admin->context["hide_admin"] = isset($_SESSION["chyrp_hide_admin"]); @@ -39,18 +43,53 @@ $admin->context["POST"] = $_POST; $admin->context["GET"] = $_GET; - $admin->context["selected"] = array("write" => (in_array($action, $write) or match("/^write_/", $action)) ? - "selected" : - "deselected", - "manage" => (in_array($action, $manage) or match(array("/^manage_/", "/^edit_/", "/^delete_/"), $action)) ? - "selected" : - "deselected", - "settings" => (in_array($action, $settings) or match("/_settings$/", $action)) ? - "selected" : - "deselected", - "extend" => (in_array($action, $extend)) ? - "selected" : - "deselected"); + $admin->context["navigation"] = array(); + + $show = array("write" => array($visitor->group()->can("add_draft", "add_post", "add_page")), + "manage" => array($visitor->group()->can("view_own_draft", + "view_draft", + "edit_own_draft", + "edit_own_post", + "edit_post", + "delete_own_draft", + "delete_own_post", + "delete_post", + "add_page", + "edit_page", + "delete_page", + "add_user", + "edit_user", + "delete_user", + "add_group", + "edit_group", + "delete_group")), + "settings" => array($visitor->group()->can("change_settings")), + "extend" => array($visitor->group()->can("toggle_extensions"))); + + foreach ($show as $name => &$arr) + $trigger->filter($arr, $name."_nav_show"); + + $admin->context["navigation"]["write"] = array("title" => __("Write"), + "show" => in_array(true, $show["write"]), + "selected" => (in_array($action, $write) or + match("/^write_/", $action))); + + $admin->context["navigation"]["manage"] = array("title" => __("Manage"), + "show" => in_array(true, $show["manage"]), + "selected" => (in_array($action, $manage) or + match(array("/^manage_/", + "/^edit_/", + "/^delete_/", + "/^new_/"), $action))); + + $admin->context["navigation"]["settings"] = array("title" => __("Settings"), + "show" => in_array(true, $show["settings"]), + "selected" => (in_array($action, $settings) or + match("/_settings$/", $action))); + + $admin->context["navigation"]["extend"] = array("title" => __("Extend"), + "show" => in_array(true, $show["extend"]), + "selected" => (in_array($action, $extend))); $this->subnav_context(); @@ -85,6 +124,7 @@ global $admin, $action; $trigger = Trigger::current(); + $visitor = Visitor::current(); $admin->context["subnav"] = array(); $subnav =& $admin->context["subnav"]; @@ -95,26 +135,44 @@ foreach (Config::current()->enabled_feathers as $index => $feather) { $info = Horde_Yaml::loadFile(FEATHERS_DIR."/".$feather."/info.yaml"); $subnav["write"]["write_post&feather=".$feather] = array("title" => __($info["name"], $feather), + "show" => $visitor->group()->can("add_draft", "add_post"), "attributes" => ' id="list_feathers['.$feather.']"', "selected" => (isset($_GET['feather']) and $_GET['feather'] == $feather) or (!isset($_GET['feather']) and $action == "write_post" and !$index)); } # Write navs - $subnav["write"]["write_page"] = array("title" => __("Page")); + $subnav["write"]["write_page"] = array("title" => __("Page"), + "show" => $visitor->group()->can("add_page")); $trigger->filter($subnav["write"], array("admin_write_nav", "write_nav")); $pages["write"] = array_merge(array("write_post"), array_keys($subnav["write"]));; # Manage navs - $subnav["manage"] = array("manage_posts" => array("title" => __("Posts"), "selected" => array("edit_post", "delete_post")), - "manage_pages" => array("title" => __("Pages"), "selected" => array("edit_page", "delete_page")), - "manage_users" => array("title" => __("Users"), "selected" => array("edit_user", "delete_user")), - "manage_groups" => array("title" => __("Groups"), "selected" => array("edit_group", "delete_group"))); + $subnav["manage"] = array("manage_posts" => array("title" => __("Posts"), + "show" => (Post::any_editable() or Post::any_deletable()), + "selected" => array("edit_post", "delete_post")), + "manage_pages" => array("title" => __("Pages"), + "show" => ($visitor->group()->can("edit_page", "delete_page")), + "selected" => array("edit_page", "delete_page")), + "manage_users" => array("title" => __("Users"), + "show" => ($visitor->group()->can("add_user", + "edit_user", + "delete_user")), + "selected" => array("edit_user", "delete_user", "new_user")), + "manage_groups" => array("title" => __("Groups"), + "show" => ($visitor->group()->can("add_group", + "edit_group", + "delete_group")), + "selected" => array("edit_group", "delete_group", "new_group"))); $trigger->filter($subnav["manage"], "manage_nav"); - $subnav["manage"]["import"] = array("title" => __("Import")); - $subnav["manage"]["export"] = array("title" => __("Export")); + $subnav["manage"]["import"] = array("title" => __("Import"), + "show" => ($visitor->group()->can("add_post"))); + $subnav["manage"]["export"] = array("title" => __("Export"), + "show" => ($visitor->group()->can("add_post"))); + $pages["manage"][] = "new_user"; + $pages["manage"][] = "new_group"; foreach (array_keys($subnav["manage"]) as $manage) $pages["manage"] = array_merge($pages["manage"], array($manage, preg_replace("/manage_(.+)/e", @@ -125,24 +183,35 @@ $manage))); # Settings navs - $subnav["settings"] = array("general_settings" => array("title" => __("General")), - "content_settings" => array("title" => __("Content")), - "user_settings" => array("title" => __("Users")), - "route_settings" => array("title" => __("Routes"))); + $subnav["settings"] = array("general_settings" => array("title" => __("General"), + "show" => $visitor->group()->can("change_settings")), + "content_settings" => array("title" => __("Content"), + "show" => $visitor->group()->can("change_settings")), + "user_settings" => array("title" => __("Users"), + "show" => $visitor->group()->can("change_settings")), + "route_settings" => array("title" => __("Routes"), + "show" => $visitor->group()->can("change_settings"))); $trigger->filter($subnav["settings"], "settings_nav"); $pages["settings"] = array_keys($subnav["settings"]); # Extend navs - $subnav["extend"] = array("modules" => array("title" => __("Modules")), - "feathers" => array("title" => __("Feathers")), - "themes" => array("title" => __("Themes"))); + $subnav["extend"] = array("modules" => array("title" => __("Modules"), + "show" => $visitor->group()->can("toggle_extensions")), + "feathers" => array("title" => __("Feathers"), + "show" => $visitor->group()->can("toggle_extensions")), + "themes" => array("title" => __("Themes"), + "show" => $visitor->group()->can("toggle_extensions"))); $trigger->filter($subnav["extend"], "extend_nav"); $pages["extend"] = array_keys($subnav["extend"]); - foreach (array("write", "manage", "settings", "extend") as $main_nav) + foreach (array_keys($subnav) as $main_nav) foreach ($trigger->filter($pages[$main_nav], $main_nav."_nav_pages") as $extend) $subnav[$extend] =& $subnav[$main_nav]; + foreach ($subnav as $main_nav => &$sub_nav) + foreach ($sub_nav as &$nav) + $nav["show"] = (!isset($nav["show"]) or $nav["show"]); + $trigger->filter($subnav, "admin_subnav"); } } admin/index.php @@ -15,18 +15,11 @@ ${ trigger.call("admin_head") } <div class="column"> <ul id="navigation"> {% block navigation %} -{% if visitor.group.can("add_draft", "add_post") %} - <li class="first $selected.write"><a href="{% admin "write_post" %}">${ "Write" | translate }</a></li> -{% endif %} -{% if visitor.group.can("view_own_draft", "view_draft", "edit_own_draft", "edit_own_post", "edit_post", "delete_own_draft", "delete_own_post", "delete_post") %} - <li class="second $selected.manage"><a href="{% admin "manage_posts" %}">${ "Manage" | translate }</a></li> -{% endif %} -{% if visitor.group.can("change_settings") %} - <li class="third $selected.settings"><a href="{% admin "general_settings" %}">${ "Settings" | translate }</a></li> -{% endif %} -{% if visitor.group.can("toggle_extensions") %} - <li class="fourth $selected.extend"><a href="{% admin "modules" %}">${ "Extend" | translate }</a></li> -{% endif %} +{% for action, nav in navigation | items %} + {% if nav.show %} + <li class="$action{% if nav.selected %} selected{% endif %}"$nav.attributes><a href="{% admin action %}">$nav.title</a></li> + {% endif %} +{% endfor %} {% endblock %} </ul> <h1>$site.name</h1> @@ -43,7 +36,9 @@ ${ trigger.call("admin_head") } {% block subnav %} {% if subnav[route.action] %} {% for action, nav in subnav[route.action] | items %} + {% if nav.show %} <li${ route.action | selected(nav.selected, action) }$nav.attributes><a href="{% admin action %}">$nav.title</a></li> + {% endif %} {% endfor %} {% endif %} {% endblock %} admin/layout/layout.twig @@ -8,7 +8,7 @@ <form class="detail" action="index.php" method="get" accept-charset="utf-8"> <fieldset> <input type="hidden" name="action" value="manage_users" /> - {% if visitor.group.can("edit_user") %} + {% if visitor.group.can("add_user") %} <a href="{% admin "new_user" %}" class="button yay right"> <img src="images/icons/add.png" alt="add" /> ${ "New User" | translate } </a> admin/layout/pages/manage_users.twig @@ -75,10 +75,10 @@ a:visited { #header #navigation li a:hover { opacity: 1; } -#header #navigation li.first a { border-color: #ef4646; } -#header #navigation li.second a { border-color: #e19a2c; } -#header #navigation li.third a { border-color: #16d907; } -#header #navigation li.fourth a { border-color: #0096ff; } +#header #navigation li.write a { border-color: #ef4646; } +#header #navigation li.manage a { border-color: #e19a2c; } +#header #navigation li.settings a { border-color: #16d907; } +#header #navigation li.extend a { border-color: #0096ff; } #welcome { background: #dfdfdf url('images/welcome.gif') repeat-x; admin/style.css @@ -1689,38 +1689,66 @@ * Function: determine_action * Determines through simple logic which page should be shown as the default when browsing to /admin/. */ - public function determine_action() { + public function determine_action($action = null) { $visitor = Visitor::current(); - # "Write > Post", if they can add posts or drafts. - if ($visitor->group()->can("add_post") or $visitor->group()->can("add_draft")) - return "write_post"; + if (!isset($action) or $action == "write") { + # "Write > Post", if they can add posts or drafts. + if ($visitor->group()->can("add_post") or $visitor->group()->can("add_draft")) + return "write_post"; - # "Write > Page", if they can add pages. - if ($visitor->group()->can("add_page")) - return "write_page"; + # "Write > Page", if they can add pages. + if ($visitor->group()->can("add_page")) + return "write_page"; + } + + if (!isset($action) or $action == "manage") { + # "Manage > Posts", if they can manage any posts. + if (Post::any_editable() or Post::any_deletable()) + return "manage_posts"; - # "Manage > Posts", if they can manage any posts. - if (Post::any_editable() or Post::any_deletable()) - return "manage_posts"; + # "Manage > Pages", if they can manage pages. + if ($visitor->group()->can("edit_page") or $visitor->group()->can("delete_page")) + return "manage_pages"; - # "Manage > Pages", if they can manage pages. - if ($visitor->group()->can("edit_page") or $visitor->group()->can("delete_page")) - return "manage_pages"; + # "Manage > Users", if they can manage users. + if ($visitor->group()->can("edit_user") or $visitor->group()->can("delete_user")) + return "manage_users"; - # "Manage > Users", if they can manage users. - if ($visitor->group()->can("edit_user") or $visitor->group()->can("delete_user")) - return "manage_users"; + # "Manage > Groups", if they can manage groups. + if ($visitor->group()->can("edit_group") or $visitor->group()->can("delete_group")) + return "manage_groups"; + } + + if (!isset($action) or $action == "settings") { + # "General Settings", if they can configure the installation. + if ($visitor->group()->can("change_settings")) + return "general_settings"; + } - # "Manage > Groups", if they can manage groups. - if ($visitor->group()->can("edit_group") or $visitor->group()->can("delete_group")) - return "manage_groups"; + if (!isset($action) or $action == "extend") { + # "Modules", if they can configure the installation. + if ($visitor->group()->can("toggle_extensions")) + return "modules"; + } + + $extended = $action; + Trigger::current()->filter($extended, "determine_action"); + if ($extended != $action) + return $extended; + + if (!isset($action)) + show_403(__("Access Denied"), __("You do not have sufficient privileges to access this area.")); + } - # "Settings", if they can configure the installation. - if ($visitor->group()->can("change_settings")) - return "settings"; + public function handle_redirects($action) { + $redirectable = array("write", "manage", "settings", "extend"); + Trigger::current()->filter($redirectable, "admin_redirectables"); + if (!in_array($action, $redirectable)) return; - show_403(__("Access Denied"), __("You do not have sufficient privileges to access this area.")); + $redirect = $this->determine_action($action); + if (!empty($redirect)) + redirect("/admin/?action=".$redirect); } /** includes/controller/Admin.php @@ -298,15 +298,17 @@ array($user->login, $config->name, $new_password))); if ($sent) - return Flash::warning(_f("An e-mail has been sent to your e-mail address that contains a new password. Once you have logged in with it, feel free to change it at <a href=\"%s\">User Controls</a>.", + return Flash::notice(_f("An e-mail has been sent to your e-mail address that contains a new password. Once you have logged in, you can change it at <a href=\"%s\">User Controls</a>.", array(url("controls/")))); + # Set their password back to what it was originally. $user->update($user->login, $user->password, $user->full_name, $user->email, $user->website, $user->group_id); + Flash::warning(__("E-Mail could not be sent. Password change cancelled.")); } } includes/controller/Main.php @@ -259,13 +259,13 @@ if (in_array($string, $uncountable)) break; - $replaced = preg_replace($key, $val, $string); + $replaced = preg_replace($key, $val, $string, 1); if ($replaced != $string) break; } - if ($replaced == $string and !in_array($string, $uncountable)) + if ($replaced == $string and !in_array($string, $uncountable) and substr($string, -1) == "s") return substr($string, 0, -1); else return $replaced; includes/helpers.php @@ -141,7 +141,7 @@ } static function admin_manage_spam() { - if (!Comment::any_editable() and !Comment::any_deletable()) + if (!Visitor::current()->group()->can("edit_comment", "delete_comment", true)) show_403(__("Access Denied"), __("You do not have sufficient privileges to manage any comments.", "comments")); global $admin; @@ -299,8 +299,12 @@ if (!Comment::any_editable() and !Comment::any_deletable()) return $navs; - $navs["manage_comments"] = array("title" => __("Comments", "comments"), "selected" => array("edit_comment", "delete_comment")); - $navs["manage_spam"] = array("title" => __("Spam", "comments")); + $navs["manage_comments"] = array("title" => __("Comments", "comments"), + "selected" => array("edit_comment", "delete_comment")); + + if (Visitor::current()->group()->can("edit_comment", "delete_comment")) + $navs["manage_spam"] = array("title" => __("Spam", "comments")); + return $navs; } @@ -352,6 +356,12 @@ $params[":query"] = "%".$search."%"; } + $visitor = Visitor::current(); + if (!$visitor->group()->can("edit_comment", "delete_comment", true)) { + $where[] = "__comments.user_id = :user_id"; + $params[":user_id"] = $visitor->id; + } + $admin->context["comments"] = new Paginator(Comment::find(array("placeholders" => true, "where" => $where, "params" => $params)), 25); } @@ -364,8 +374,11 @@ $comments = array_keys($_POST['comment']); if (isset($_POST['delete'])) { - foreach ($comments as $comment) - Comment::delete($comment); + foreach ($comments as $comment) { + $comment = new Comment($comment); + if ($comment->deletable()) + Comment::delete($comment); + } Flash::notice(__("Selected comments deleted.", "comments")); } @@ -757,4 +770,16 @@ return $atom; } + + public function manage_nav_show($possibilities) { + $possibilities[] = (Comment::any_editable() or Comment::any_deletable()); + return $possibilities; + } + + public function determine_action($action) { + if ($action != "manage") return; + + if (Comment::any_editable() or Comment::any_deletable()) + return "manage_comments"; + } } modules/comments/comments.php @@ -32,6 +32,7 @@ <label for="author_url">${ "Author Website" | translate }</label> <input class="text" type="text" name="author_url" value="${ comment.author_url | escape }" id="author_url" /> </p> +{% if visitor.group.can("edit_comment") %} <p> <label for="status">${ "Status" | translate }</label> <select name="status" id="status"> @@ -42,6 +43,7 @@ <option value="trackback"${ comment.status | option_selected("trackback") }>${ "Trackback" | translate }</option> </select> </p> +{% endif %} <p> <label for="created_at">${ "Timestamp" | translate }</label> <input class="text" type="text" name="created_at" value="${ comment.created_at | strftime }" id="created_at" /> modules/comments/pages/admin/edit_comment.twig @@ -21,6 +21,7 @@ </form> <br /> <form action="{% admin "bulk_comments" %}" method="post"> +{% if visitor.group.can("edit_comment", "delete_comment") %} <div class="controls right"> <h4>${ "With selected:" | translate("comments") }</h4> <button class="lite" name="deny"> @@ -36,6 +37,7 @@ <img src="images/icons/delete.png" alt="delete" /> ${ "delete" | translate("comments") } </button> </div> +{% endif %} <h2>${ "Last 25 Comments" | translate("comments") }</h2> <table border="0" cellspacing="0" cellpadding="0" class="wide"> <thead> @@ -82,6 +84,7 @@ {% endfor %} </tbody> </table> +{% if visitor.group.can("edit_comment", "delete_comment") %} <br /> <div class="controls"> <h4>${ "With selected:" | translate("comments") }</h4> @@ -98,6 +101,7 @@ <img src="images/icons/delete.png" alt="delete" /> ${ "delete" | translate("comments") } </button> </div> +{% endif %} </form> <br /> $comments.next_link modules/comments/pages/admin/manage_comments.twig @@ -1,6 +1,6 @@ <li id="comment_$comment.id"> {% if comment.status == "denied" %} - <em>${ "Your comment is awaiting moderation." | translate }</em> + <span class="waiting">${ "Your comment is awaiting moderation." | translate }</span> {% endif %} <blockquote> $comment.body themes/stardust/content/comment.twig @@ -8,14 +8,22 @@ <input type="hidden" name="email" value="$visitor.email" id="email" /> <input type="hidden" name="url" value="$visitor.website" id="url" /> {% else %} - <label for="author">${ "Your Name" | translate }</label> - <input type="text" name="author" value="" id="author" /><br /> - <label for="email">${ "Your E-Mail" | translate }</label> - <input type="text" name="email" value="" id="email" /><br /> - <label for="url">${ "Your Website" | translate }</label> - <input type="text" name="url" value="" id="url" /><br /> + <p> + <label for="author">${ "Your Name" | translate }</label> + <input type="text" name="author" value="" id="author" /> + </p> + <p> + <label for="email">${ "Your E-Mail" | translate }</label> + <input type="text" name="email" value="" id="email" /> + </p> + <p> + <label for="url">${ "Your Website" | translate }</label> + <input type="text" name="url" value="" id="url" /> + </p> {% endif %} - <textarea name="body" rows="8" cols="40" class="wide"></textarea> + <p> + <textarea name="body" rows="8" cols="40" class="wide"></textarea> + </p> <input type="hidden" name="post_id" value="$post.id" id="post_id" /> <button type="submit">${ "Speak" | translate }</button> themes/stardust/forms/comment/new.twig @@ -1,7 +1,6 @@ {% extends "layouts/default.twig" %} {% block content %} <h2>${ "Controls" | translate }</h2> - <br /> <form action="{% url "update_self/" %}" method="post"> <p> <label for="full_name">${ "Full Name" | translate }</label> themes/stardust/forms/user/controls.twig @@ -1,7 +1,6 @@ {% extends "layouts/default.twig" %} {% block content %} <h2>${ "Log In" | translate }</h2> - <br /> <form action="{% url "login/" %}" method="post"> <p> <label for="login">${ "Username" | translate }</label> themes/stardust/forms/user/login.twig @@ -1,18 +1,11 @@ {% extends "layouts/default.twig" %} {% block content %} <h2>${ "Lost Password" | translate }</h2> - <br /> <form action="{% url "lost_password/" %}" method="post"> - {% if invalid_user %} - <p>${ "You have specified a user that does not exist." | translate }</p> - {% endif %} - {% if sent %} - <p>${ "E-mail sent!" | translate }</p> - {% endif %} <p class="lost_pass">${ "Please enter your username below and we will e-mail you a new password for your account." | translate }</p> <p> <label for="login">${ "Username" | translate }</label> - <input type="login" name="login" value="" id="login" /> + <input type="text" name="login" value="" id="login" /> </p> <p><button name="submit" type="submit" id="submit">${ "Submit" | translate }</button></p> themes/stardust/forms/user/lost_password.twig @@ -1,7 +1,6 @@ {% extends "layouts/default.twig" %} {% block content %} <h2>${ "Register" | translate }</h2> - <br /> <form action="{% url "registration/" %}" method="post"> <p> <label for="login">${ "Username" | translate }</label> themes/stardust/forms/user/register.twig @@ -369,6 +369,10 @@ ol.comments ol li { list-style-type: decimal; } +#add_comment { + margin-top: 3em; +} + div.post { margin: 0 0 3em; word-wrap: break-word; @@ -609,7 +613,8 @@ span.pages { font-weight: bold; padding: 0 0.3em; } -span.who { +span.who, +span.waiting { background-color: #e2e2e2; font-weight: bold; display: block; themes/stardust/stylesheets/screen.css.php ef5ae7a0265e1689a93b839188dd51d1f16b10b0 Alex Suraci i.am@toogeneric.com http://github.com/vito/chyrp/commit/13dbb213947fc67f7d87fee4f9bdb83be5bf6187 13dbb213947fc67f7d87fee4f9bdb83be5bf6187 2008-07-10T13:57:38-07:00 2008-07-10T13:57:38-07:00 * Hide admin nav items if the user can't perform the action. [#96 state:resolved] * Vastly increased the flexibility of Admin area navigation items. 0a641953ff3481f8d9e28f6475674898aa512148 Alex Suraci i.am@toogeneric.com