Skip to content
Permalink
Browse files

action=blogcommentlist のリンク表示の修正

ブログの管理,編集権限がない場合は、
リンクをクリックすると
 Error!
 このアクションの実行が許可されていません。
となるので
リンクを表示しないように変更。
  • Loading branch information...
piyoyo
piyoyo committed Mar 27, 2015
1 parent 8298d03 commit 78630a2b3593b7882ff3a6299423ce5b82fae773
Showing with 59 additions and 16 deletions.
  1. +14 −1 nucleus/libs/ADMIN.php
  2. +45 −15 nucleus/libs/showlist.php
@@ -1192,7 +1192,20 @@ function action_blogcommentlist($blogid = '')
$search = postVar('search'); // search through comments
$query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
if ($member->isAdmin() || $member->isBlogAdmin($blogid))
{
$query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
}
else
{
$query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem, cmember, iauthor, 0 as is_badmin' .
' FROM '.sql_table('comment').
' LEFT OUTER JOIN '.sql_table('member').
' ON mnumber=cmember'.
' LEFT OUTER JOIN '.sql_table('item').
' ON citem=inumber '.
' WHERE cblog=' . intval($blogid);
}
if ($search != '')
$query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
@@ -389,16 +389,32 @@ function listplug_nextBatchId() {
function listplug_table_commentlist($template, $type) {
static $amountComments = array();
$colspan = 3;
if ( isset($_GET['action']) && ($_GET['action'] == 'blogcommentlist') )
$action = isset($_GET['action']) ? strval( $_GET['action'] ) : '';
if ( $action == 'blogcommentlist')
$colspan++;
switch($type) {
case 'HEAD':
echo "<th>"._LISTS_INFO."</th><th>"._LIST_COMMENT."</th><th colspan='{$colspan}'>"._LISTS_ACTIONS."</th>";
break;
case 'BODY':
global $member;
$current = $template['current'];
$current->ctime = strtotime($current->ctime); // string -> unix timestamp
if (!isset($current->is_badmin) || $current->is_badmin)
{
$show_action_link = 1;
$show_action_link_itemcommentlist = ($action == 'blogcommentlist');
}
else
{
$current->iauthor = intval($current->iauthor);
$current->cmember = intval($current->cmember);
$show_action_link = ($current->cmember == $member->id) || ($current->iauthor == $member->id);
$show_action_link_itemcommentlist = ($action == 'blogcommentlist') && ($current->iauthor == $member->id);
}
// todo: blog item link $current->cblog
echo '<td>';
echo date("Y-m-d@H:i",$current->ctime);
@@ -422,32 +438,46 @@ function listplug_table_commentlist($template, $type) {
echo '<td>';
$id = listplug_nextBatchId();
echo '<input type="checkbox" id="batch',$id,'" name="batch[',$id,']" value="',$current->cnumber,'" />';
if ($show_action_link)
echo '<input type="checkbox" id="batch',$id,'" name="batch[',$id,']" value="',$current->cnumber,'" />';
echo '<label for="batch',$id,'">';
echo $current->cbody;
echo '</label>';
echo '</td>';
echo "<td style=\"white-space:nowrap\"><a href='index.php?action=commentedit&amp;commentid=$current->cnumber'>"._LISTS_EDIT."</a></td>";
echo "<td style=\"white-space:nowrap\"><a href='index.php?action=commentdelete&amp;commentid=$current->cnumber'>"._LISTS_DELETE."</a></td>";
if ($show_action_link)
{
echo "<td style=\"white-space:nowrap\"><a href='index.php?action=commentedit&amp;commentid=$current->cnumber'>"._LISTS_EDIT."</a></td>";
echo "<td style=\"white-space:nowrap\"><a href='index.php?action=commentdelete&amp;commentid=$current->cnumber'>"._LISTS_DELETE."</a></td>";
}
else
{
echo "<td style=\"white-space:nowrap\">&nbsp;</td>";
echo "<td style=\"white-space:nowrap\">&nbsp;</td>";
}
if ($template['canAddBan'])
echo "<td style=\"white-space:nowrap\"><a href='index.php?action=banlistnewfromitem&amp;itemid=$current->citem&amp;ip=", hsc($current->cip), "' title='", hsc($current->chost), "'>"._LIST_COMMENT_BANIP."</a></td>";
$action = isset($_GET['action']) ? strval( $_GET['action'] ) : '';
// add link
if ($action == 'blogcommentlist')
{
if (!isset($amountComments[$current->citem]))
{
$COMMENTS = new COMMENTS($current->citem);
$amountComments[$current->citem] = $COMMENTS->amountComments();
}
echo '<td style=" word-break: break-all">';
$s = sprintf('(%d) %s' , $amountComments[$current->citem], _LIST_COMMENT_LIST_FOR_ITEM);
$s = sprintf(_LIST_BACK_TO, $s);
printf('<a href="index.php?action=itemcommentlist&itemid=%d">%s</a></td>'
, $current->citem , $s );
echo '</td>';
if ($show_action_link_itemcommentlist)
{
if (!isset($amountComments[$current->citem]))
{
$COMMENTS = new COMMENTS($current->citem);
$amountComments[$current->citem] = $COMMENTS->amountComments();
}
echo '<td style=" word-break: break-all">';
$s = sprintf('(%d) %s' , $amountComments[$current->citem], _LIST_COMMENT_LIST_FOR_ITEM);
$s = sprintf(_LIST_BACK_TO, $s);
printf('<a href="index.php?action=itemcommentlist&itemid=%d">%s</a></td>'
, $current->citem , $s );
echo '</td>';
}
else
echo '<td>&nbsp;</td>';
}
// end link

0 comments on commit 78630a2

Please sign in to comment.
You can’t perform that action at this time.