[Fusionforge-commits] r13125 - in branches/Branch_5_1: src/www/admin src/www/news/admin tests/func/RBAC
Roland Mas
lolando at fusionforge.org
Thu Apr 14 15:47:20 CEST 2011
Author: lolando
Date: 2011-04-14 15:47:19 +0200 (Thu, 14 Apr 2011)
New Revision: 13125
Added:
branches/Branch_5_1/src/www/admin/pending-news.php
Modified:
branches/Branch_5_1/src/www/admin/index.php
branches/Branch_5_1/src/www/news/admin/index.php
branches/Branch_5_1/tests/func/RBAC/rbacTest.php
Log:
Stopped moving news-related forums to the newsadmin group; also split
the news approval page into its own file.
Modified: branches/Branch_5_1/src/www/admin/index.php
===================================================================
--- branches/Branch_5_1/src/www/admin/index.php 2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/src/www/admin/index.php 2011-04-14 13:47:19 UTC (rev 13125)
@@ -157,7 +157,7 @@
<h2><?php echo _('News'); ?></h2>
<ul>
- <li><?php echo util_make_link ('/news/admin/',_('Approve/Reject')); ?> <?php echo _('Front-page news'); ?></li>
+ <li><?php echo util_make_link ('/admin/pending-news.php',_('Pending news (moderation for front-page)')); ?></li>
</ul>
<h2><?php echo _('Stats'); ?></h2>
Added: branches/Branch_5_1/src/www/admin/pending-news.php
===================================================================
--- branches/Branch_5_1/src/www/admin/pending-news.php (rev 0)
+++ branches/Branch_5_1/src/www/admin/pending-news.php 2011-04-14 13:47:19 UTC (rev 13125)
@@ -0,0 +1,224 @@
+<?php
+/**
+ * News Facility
+ *
+ * Copyright 1999-2001, VA Linux Systems
+ * Copyright 2002-2004, GForge Team
+ * Copyright 2010, Alain Peyrat - Alcatel-Lucent
+ * Copyright 2011, Roland Mas
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+require_once('../env.inc.php');
+require_once $gfcommon.'include/pre.php';
+require_once $gfwww.'include/note.php';
+require_once $gfwww.'news/admin/news_admin_utils.php';
+require_once $gfwww.'news/news_utils.php';
+//common forum tools which are used during the creation/editing of news items
+require_once $gfcommon.'forum/Forum.class.php';
+require_once $gfcommon.'include/TextSanitizer.class.php'; // to make the HTML input by the user safe to store
+
+$post_changes = getStringFromRequest('post_changes');
+$approve = getStringFromRequest('approve');
+$status = getIntFromRequest('status');
+$summary = getStringFromRequest('summary');
+$details = getStringFromRequest('details');
+$id = getIntFromRequest('id');
+$for_group = getIntFromRequest('for_group');
+
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
+
+/*
+
+ News uber-user admin pages
+
+ Show all waiting news items except those already rejected.
+
+ Admin members of forge_get_config('news_group') (news project) can edit/change/approve news items
+
+*/
+session_require_global_perm ('approve_news') ;
+
+if ($post_changes) {
+ if ($approve) {
+
+ $result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $for_group));
+ if (db_numrows($result) < 1) {
+ exit_error(_('Newsbyte not found'),'news');
+ }
+
+ $forum_id = db_result($result,0,'forum_id');
+
+ if ($status==1) {
+ /*
+ Update the db so the item shows on the home page
+ */
+ if (getStringFromRequest('_details_content_type') == 'html') {
+ $details = TextSanitizer::purify($details);
+ } else {
+ $details = htmlspecialchars($details);
+ }
+ $result=db_query_params('UPDATE news_bytes SET is_approved=1, post_date=$1, summary=$2, details=$3 WHERE id=$4',
+ array(time(),
+ htmlspecialchars($summary),
+ $details,
+ $id));
+ if (!$result || db_affected_rows($result) < 1) {
+ $error_msg .= _('Error On Update:');
+ } else {
+ $feedback .= _('Newsbyte Updated.');
+ }
+ } else if ($status==2) {
+ /*
+ Move msg to deleted status
+ */
+ $result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
+ if (!$result || db_affected_rows($result) < 1) {
+ $error_msg .= _('Error On Update:');
+ $error_msg .= db_error();
+ } else {
+ $feedback .= _('Newsbyte Deleted.');
+ }
+ }
+
+ /*
+ Show the list_queue
+ */
+ $approve='';
+ $list_queue='y';
+ } else if (getStringFromRequest('mass_reject')) {
+ /*
+ Move msg to rejected status
+ */
+ $news_id = getArrayFromRequest('news_id');
+ $result = db_query_params("UPDATE news_bytes
+SET is_approved='2'
+WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
+ if (!$result || db_affected_rows($result) < 1) {
+ $error_msg .= _('Error On Update:');
+ $error_msg .= db_error();
+ } else {
+ $feedback .= _('Newsbytes Rejected.');
+ }
+ }
+}
+
+news_header(array('title'=>_('News admin')));
+
+if ($approve) {
+ /*
+ Show the submit form
+ */
+
+ $result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.*
+FROM news_bytes,groups WHERE id=$1
+AND news_bytes.group_id=groups.group_id ", array($id));
+ if (db_numrows($result) < 1) {
+ exit_error(_('Newsbyte not found'),'news');
+ }
+ if (db_result($result,0,'is_approved') == 4) {
+ exit_error(_('Newsbyte deleted'),'news');
+ }
+
+ $group = group_get_object(db_result($result,0,'group_id'));
+ $user =& user_get_object(db_result($result,0,'submitted_by'));
+
+ echo '
+ <p />
+ <form action="'.getStringFromServer('PHP_SELF').'" method="post">
+ <input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />
+ <input type="hidden" name="id" value="'.db_result($result,0,'id').'" />
+ <strong>'._('Submitted for project').':</strong> '.
+ util_make_link_g (strtolower(db_result($result,0,'unix_group_name')),db_result($result,0,'group_id'),$group->getPublicName()).'<br />
+ <strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
+ <input type="hidden" name="approve" value="y" />
+ <input type="hidden" name="post_changes" value="y" />
+ <input type="radio" name="status" value="1" /> '._('Approve For Front Page').'<br />
+ <input type="radio" name="status" value="0" /> '._('Do Nothing').'<br />
+ <input type="radio" name="status" value="2" checked="checked" /> '._('Reject').'<br />
+ <strong>'._('Subject').':</strong><br />
+ <input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="60" maxlength="60" /><br />
+ <strong>'._('Details').':</strong><br />';
+
+ $GLOBALS['editor_was_set_up']=false;
+ $params = array () ;
+ $params['name'] = 'details';
+ $params['width'] = "600";
+ $params['height'] = "300";
+ $params['group'] = db_result($result,0,'group_id');
+ $params['body'] = db_result($result,0,'details');
+ plugin_hook("text_editor",$params);
+ if (!$GLOBALS['editor_was_set_up']) {
+ //if we don't have any plugin for text editor, display a simple textarea edit box
+ echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
+ }
+ unset($GLOBALS['editor_was_set_up']);
+
+
+ echo '<br />
+ <input type="submit" name="submit" value="'._('Submit').'" />
+ </form>';
+
+} else {
+
+ /*
+ Show list of waiting news items
+ */
+
+ $old_date = time()-60*60*24*30;
+ $qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=0
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
+ AND groups.status=$2
+ ORDER BY post_date', array ($old_date, 'A')) ;
+
+ $old_date = time()-(60*60*24*7);
+ $qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=2
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
+
+ $qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=1
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
+ show_news_approve_form(
+ $qpa_pending,
+ $qpa_rejected,
+ $qpa_approved
+ );
+
+}
+news_footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
Modified: branches/Branch_5_1/src/www/news/admin/index.php
===================================================================
--- branches/Branch_5_1/src/www/news/admin/index.php 2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/src/www/news/admin/index.php 2011-04-14 13:47:19 UTC (rev 13125)
@@ -62,7 +62,7 @@
*/
if ($post_changes) {
- $result = db_query_params("SELECT nb.forum_id, fgl.group_id FROM news_bytes nb, forum_group_list fgl WHERE nb.id=$1 AND nb.group_id=$2 AND nb.forum_id=fgl.group_forum_id", array($id, $group_id));
+ $result = db_query_params("SELECT forum_id FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $group_id));
if (db_numrows($result) < 1) {
exit_error(_('Newsbyte not found'),'news');
}
@@ -92,32 +92,14 @@
$details = htmlspecialchars($details);
}
- db_begin();
$result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2,
details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
if (!$result || db_affected_rows($result) < 1) {
$error_msg .= _('Error On Update:');
$error_msg .= db_error();
- db_rollback();
} else {
- // If the forum has been moved to the newsadmin project
- // (because the newsbyte has been approved),
- // reassign it back to its original project
- if ($group_id != $old_group_id) {
- $result = db_query_params("UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2", array($group_id, $forum_id));
-
- $for_group = group_get_object($group_id);
- $for_group->normalizeAllRoles();
- $sitenews_group = group_get_object(forge_get_config('news_group'));
- $sitenews_group->normalizeAllRoles();
- }
-
$feedback .= _('Newsbyte Updated.');
- // No notification if news is deleted.
-// if ($status != 4)
-// send_news_notification_email($id);
- db_commit();
}
/*
Show the list_queue
@@ -207,198 +189,8 @@
}
news_footer(array());
-} else {
- /*
-
- News uber-user admin pages
-
- Show all waiting news items except those already rejected.
-
- Admin members of forge_get_config('news_group') (news project) can edit/change/approve news items
-
- */
- session_require_global_perm ('approve_news') ;
-
- if ($post_changes) {
- if ($approve) {
-
- $result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $for_group));
- if (db_numrows($result) < 1) {
- exit_error(_('Newsbyte not found'),'news');
- }
-
- $forum_id = db_result($result,0,'forum_id');
-
- if ($status==1) {
- /*
- Update the db so the item shows on the home page
- */
- if (getStringFromRequest('_details_content_type') == 'html') {
- $details = TextSanitizer::purify($details);
- } else {
- $details = htmlspecialchars($details);
- }
- db_begin();
- $result=db_query_params('UPDATE news_bytes SET is_approved=1, post_date=$1, summary=$2, details=$3 WHERE id=$4',
- array(time(),
- htmlspecialchars($summary),
- $details,
- $id));
- if (!$result || db_affected_rows($result) < 1) {
- $error_msg .= _('Error On Update:');
- db_rollback();
- } else {
- db_query_params('UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2',
- array(forge_get_config('news_group'),
- $forum_id));
- $for_group = group_get_object($for_group);
- $for_group->normalizeAllRoles();
- $sitenews_group = group_get_object(forge_get_config('news_group'));
- $sitenews_group->normalizeAllRoles();
- db_commit();
- $feedback .= _('Newsbyte Updated.');
- }
- } else if ($status==2) {
- /*
- Move msg to deleted status
- */
- db_begin();
- $result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
- if (!$result || db_affected_rows($result) < 1) {
- $error_msg .= _('Error On Update:');
- $error_msg .= db_error();
- db_rollback();
- } else {
- db_query_params('UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2',
- array($for_group,
- $forum_id));
- $for_group = group_get_object($for_group);
- $for_group->normalizeAllRoles();
- $sitenews_group = group_get_object(forge_get_config('news_group'));
- $sitenews_group->normalizeAllRoles();
- db_commit();
- $feedback .= _('Newsbyte Deleted.');
- }
- }
-
- /*
- Show the list_queue
- */
- $approve='';
- $list_queue='y';
- } else if (getStringFromRequest('mass_reject')) {
- /*
- Move msg to rejected status
- */
- $news_id = getArrayFromRequest('news_id');
- $result = db_query_params("UPDATE news_bytes
-SET is_approved='2'
-WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
- if (!$result || db_affected_rows($result) < 1) {
- $error_msg .= _('Error On Update:');
- $error_msg .= db_error();
- } else {
- $feedback .= _('Newsbytes Rejected.');
- }
- }
- }
-
- news_header(array('title'=>_('News admin')));
-
- if ($approve) {
- /*
- Show the submit form
- */
-
- $result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.*
-FROM news_bytes,groups WHERE id=$1
-AND news_bytes.group_id=groups.group_id ", array($id));
- if (db_numrows($result) < 1) {
- exit_error(_('Newsbyte not found'),'news');
- }
- if (db_result($result,0,'is_approved') == 4) {
- exit_error(_('Newsbyte deleted'),'news');
- }
-
- $group = group_get_object(db_result($result,0,'group_id'));
- $user =& user_get_object(db_result($result,0,'submitted_by'));
-
- echo '
- <p />
- <form action="'.getStringFromServer('PHP_SELF').'" method="post">
- <input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />
- <input type="hidden" name="id" value="'.db_result($result,0,'id').'" />
- <strong>'._('Submitted for project').':</strong> '.
- util_make_link_g (strtolower(db_result($result,0,'unix_group_name')),db_result($result,0,'group_id'),$group->getPublicName()).'<br />
- <strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
- <input type="hidden" name="approve" value="y" />
- <input type="hidden" name="post_changes" value="y" />
- <input type="radio" name="status" value="1" /> '._('Approve For Front Page').'<br />
- <input type="radio" name="status" value="0" /> '._('Do Nothing').'<br />
- <input type="radio" name="status" value="2" checked="checked" /> '._('Reject').'<br />
- <strong>'._('Subject').':</strong><br />
- <input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="60" maxlength="60" /><br />
- <strong>'._('Details').':</strong><br />';
-
- $GLOBALS['editor_was_set_up']=false;
- $params = array () ;
- $params['name'] = 'details';
- $params['width'] = "600";
- $params['height'] = "300";
- $params['group'] = db_result($result,0,'group_id');
- $params['body'] = db_result($result,0,'details');
- plugin_hook("text_editor",$params);
- if (!$GLOBALS['editor_was_set_up']) {
- //if we don't have any plugin for text editor, display a simple textarea edit box
- echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
- }
- unset($GLOBALS['editor_was_set_up']);
-
-
- echo '<br />
- <input type="submit" name="submit" value="'._('Submit').'" />
- </form>';
-
- } else {
-
- /*
- Show list of waiting news items
- */
-
- $old_date = time()-60*60*24*30;
- $qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=0
- AND news_bytes.group_id=groups.group_id
- AND post_date > $1
- AND groups.status=$2
- ORDER BY post_date', array ($old_date, 'A')) ;
-
- $old_date = time()-(60*60*24*7);
- $qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=2
- AND news_bytes.group_id=groups.group_id
- AND post_date > $1
- ORDER BY post_date', array ($old_date)) ;
-
- $qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=1
- AND news_bytes.group_id=groups.group_id
- AND post_date > $1
- ORDER BY post_date', array ($old_date)) ;
- show_news_approve_form(
- $qpa_pending,
- $qpa_rejected,
- $qpa_approved
- );
-
- }
- news_footer(array());
+} else { // No group, or newsadmin group
+ session_redirect('/admin/pending-news.php');
}
// Local Variables:
Modified: branches/Branch_5_1/tests/func/RBAC/rbacTest.php
===================================================================
--- branches/Branch_5_1/tests/func/RBAC/rbacTest.php 2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/tests/func/RBAC/rbacTest.php 2011-04-14 13:47:19 UTC (rev 13125)
@@ -176,19 +176,19 @@
$this->waitForPageToLoad("30000");
// Try to push it to front page with user toto
- $this->open( ROOT . '/news/admin/') ;
+ $this->open( ROOT . '/admin/pending-news.php') ;
$this->waitForPageToLoad("30000");
$this->assertTrue ($this->isPermissionDenied()) ;
// Try to push it to front page with user projapp
$this->switchUser ("projapp") ;
- $this->open( ROOT . '/news/admin/') ;
+ $this->open( ROOT . '/admin/pending-news.php') ;
$this->waitForPageToLoad("30000");
$this->assertTrue ($this->isPermissionDenied()) ;
// Push it to front page with user newsmod
$this->switchUser ("newsmod") ;
- $this->open( ROOT . '/news/admin/') ;
+ $this->open( ROOT . '/admin/pending-news.php') ;
$this->waitForPageToLoad("30000");
$this->assertTrue ($this->isTextPresent("These items need to be approved")) ;
$this->assertTrue ($this->isTextPresent("First TotoNews")) ;
More information about the Fusionforge-commits
mailing list