[Fusionforge-commits] r13125 - in branches/Branch_5_1: src/www/admin src/www/news/admin tests/func/RBAC

Roland Mas lolando at fusionforge.org
Thu Apr 14 15:47:20 CEST 2011


Author: lolando
Date: 2011-04-14 15:47:19 +0200 (Thu, 14 Apr 2011)
New Revision: 13125

Added:
   branches/Branch_5_1/src/www/admin/pending-news.php
Modified:
   branches/Branch_5_1/src/www/admin/index.php
   branches/Branch_5_1/src/www/news/admin/index.php
   branches/Branch_5_1/tests/func/RBAC/rbacTest.php
Log:
Stopped moving news-related forums to the newsadmin group; also split
the news approval page into its own file.


Modified: branches/Branch_5_1/src/www/admin/index.php
===================================================================
--- branches/Branch_5_1/src/www/admin/index.php	2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/src/www/admin/index.php	2011-04-14 13:47:19 UTC (rev 13125)
@@ -157,7 +157,7 @@
 
 <h2><?php echo _('News'); ?></h2>
 <ul>
-	<li><?php echo util_make_link ('/news/admin/',_('Approve/Reject')); ?> <?php echo _('Front-page news'); ?></li>
+	<li><?php echo util_make_link ('/admin/pending-news.php',_('Pending news (moderation for front-page)')); ?></li>
 </ul>
 
 <h2><?php echo _('Stats'); ?></h2>

Added: branches/Branch_5_1/src/www/admin/pending-news.php
===================================================================
--- branches/Branch_5_1/src/www/admin/pending-news.php	                        (rev 0)
+++ branches/Branch_5_1/src/www/admin/pending-news.php	2011-04-14 13:47:19 UTC (rev 13125)
@@ -0,0 +1,224 @@
+<?php
+/**
+ * News Facility
+ *
+ * Copyright 1999-2001, VA Linux Systems
+ * Copyright 2002-2004, GForge Team
+ * Copyright 2010, Alain Peyrat - Alcatel-Lucent
+ * Copyright 2011, Roland Mas
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+require_once('../env.inc.php');
+require_once $gfcommon.'include/pre.php';
+require_once $gfwww.'include/note.php';
+require_once $gfwww.'news/admin/news_admin_utils.php';
+require_once $gfwww.'news/news_utils.php';
+//common forum tools which are used during the creation/editing of news items
+require_once $gfcommon.'forum/Forum.class.php';
+require_once $gfcommon.'include/TextSanitizer.class.php'; // to make the HTML input by the user safe to store
+
+$post_changes = getStringFromRequest('post_changes');
+$approve = getStringFromRequest('approve');
+$status = getIntFromRequest('status');
+$summary = getStringFromRequest('summary');
+$details = getStringFromRequest('details');
+$id = getIntFromRequest('id');
+$for_group = getIntFromRequest('for_group');
+
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
+
+/*
+  
+  News uber-user admin pages
+  
+  Show all waiting news items except those already rejected.
+  
+  Admin members of forge_get_config('news_group') (news project) can edit/change/approve news items
+  
+*/
+session_require_global_perm ('approve_news') ;
+
+if ($post_changes) {
+	if ($approve) {
+		
+		$result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $for_group));
+		if (db_numrows($result) < 1) {
+			exit_error(_('Newsbyte not found'),'news');
+		}
+			
+		$forum_id = db_result($result,0,'forum_id');
+
+		if ($status==1) {
+			/*
+			  Update the db so the item shows on the home page
+			*/
+			if (getStringFromRequest('_details_content_type') == 'html') {
+				$details = TextSanitizer::purify($details);
+			} else {
+				$details = htmlspecialchars($details);
+			}
+			$result=db_query_params('UPDATE news_bytes SET is_approved=1, post_date=$1, summary=$2, details=$3 WHERE id=$4',
+						array(time(),
+						      htmlspecialchars($summary),
+						      $details,
+						      $id));
+			if (!$result || db_affected_rows($result) < 1) {
+				$error_msg .= _('Error On Update:');
+			} else {
+				$feedback .= _('Newsbyte Updated.');
+			}
+		} else if ($status==2) {
+			/*
+			  Move msg to deleted status
+			*/
+			$result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
+			if (!$result || db_affected_rows($result) < 1) {
+				$error_msg .= _('Error On Update:');
+				$error_msg .= db_error();
+			} else {
+				$feedback .= _('Newsbyte Deleted.');
+			}
+		}
+
+		/*
+		  Show the list_queue
+		*/
+		$approve='';
+		$list_queue='y';
+	} else if (getStringFromRequest('mass_reject')) {
+		/*
+		  Move msg to rejected status
+		*/
+		$news_id = getArrayFromRequest('news_id');
+		$result = db_query_params("UPDATE news_bytes 
+SET is_approved='2' 
+WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
+		if (!$result || db_affected_rows($result) < 1) {
+			$error_msg .= _('Error On Update:');
+			$error_msg .= db_error();
+		} else {
+			$feedback .= _('Newsbytes Rejected.');
+		}
+	}
+}
+
+news_header(array('title'=>_('News admin')));
+
+if ($approve) {
+	/*
+	  Show the submit form
+	*/
+
+	$result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.* 
+FROM news_bytes,groups WHERE id=$1 
+AND news_bytes.group_id=groups.group_id ", array($id));
+	if (db_numrows($result) < 1) {
+		exit_error(_('Newsbyte not found'),'news');
+	}
+	if (db_result($result,0,'is_approved') == 4) {
+		exit_error(_('Newsbyte deleted'),'news');
+	}
+		
+	$group = group_get_object(db_result($result,0,'group_id'));
+	$user =& user_get_object(db_result($result,0,'submitted_by'));
+
+	echo '
+		<p />
+		<form action="'.getStringFromServer('PHP_SELF').'" method="post">
+		<input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />
+		<input type="hidden" name="id" value="'.db_result($result,0,'id').'" />
+		<strong>'._('Submitted for project').':</strong> '.
+		util_make_link_g (strtolower(db_result($result,0,'unix_group_name')),db_result($result,0,'group_id'),$group->getPublicName()).'<br />
+		<strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
+		<input type="hidden" name="approve" value="y" />
+		<input type="hidden" name="post_changes" value="y" />
+		<input type="radio" name="status" value="1" /> '._('Approve For Front Page').'<br />
+		<input type="radio" name="status" value="0" /> '._('Do Nothing').'<br />
+		<input type="radio" name="status" value="2" checked="checked" /> '._('Reject').'<br />
+		<strong>'._('Subject').':</strong><br />
+		<input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="60" maxlength="60" /><br />
+		<strong>'._('Details').':</strong><br />';
+		
+	$GLOBALS['editor_was_set_up']=false;
+	$params = array () ;
+	$params['name'] = 'details';
+	$params['width'] = "600";
+	$params['height'] = "300";
+	$params['group'] = db_result($result,0,'group_id');
+	$params['body'] = db_result($result,0,'details');
+	plugin_hook("text_editor",$params);
+	if (!$GLOBALS['editor_was_set_up']) {
+		//if we don't have any plugin for text editor, display a simple textarea edit box
+		echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
+	}
+	unset($GLOBALS['editor_was_set_up']);		
+		
+		
+	echo '<br />
+		<input type="submit" name="submit" value="'._('Submit').'" />
+		</form>';
+
+} else {
+
+	/*
+	  Show list of waiting news items
+	*/
+
+	$old_date = time()-60*60*24*30;
+	$qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+				group_name,unix_group_name
+			FROM news_bytes,groups
+			WHERE is_approved=0
+			AND news_bytes.group_id=groups.group_id
+			AND post_date > $1
+			AND groups.status=$2
+			ORDER BY post_date', array ($old_date, 'A')) ;
+
+	$old_date = time()-(60*60*24*7);
+	$qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+				group_name,unix_group_name
+			FROM news_bytes,groups
+			WHERE is_approved=2
+			AND news_bytes.group_id=groups.group_id
+			AND post_date > $1
+			ORDER BY post_date', array ($old_date)) ;
+
+	$qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+				group_name,unix_group_name
+			FROM news_bytes,groups
+			WHERE is_approved=1
+			AND news_bytes.group_id=groups.group_id
+			AND post_date > $1
+			ORDER BY post_date', array ($old_date)) ;
+	show_news_approve_form(
+		$qpa_pending,
+		$qpa_rejected,
+		$qpa_approved
+		);
+
+}
+news_footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Modified: branches/Branch_5_1/src/www/news/admin/index.php
===================================================================
--- branches/Branch_5_1/src/www/news/admin/index.php	2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/src/www/news/admin/index.php	2011-04-14 13:47:19 UTC (rev 13125)
@@ -62,7 +62,7 @@
 
 	*/
 	if ($post_changes) {
-		$result = db_query_params("SELECT nb.forum_id, fgl.group_id FROM news_bytes nb, forum_group_list fgl WHERE nb.id=$1 AND nb.group_id=$2 AND nb.forum_id=fgl.group_forum_id", array($id, $group_id));
+		$result = db_query_params("SELECT forum_id FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $group_id));
 		if (db_numrows($result) < 1) {
 			exit_error(_('Newsbyte not found'),'news');
 		}
@@ -92,32 +92,14 @@
 				$details = htmlspecialchars($details);
 			}
 
-			db_begin(); 
 			$result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2, 
 details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
 			
 			if (!$result || db_affected_rows($result) < 1) {
 				$error_msg .= _('Error On Update:');
 				$error_msg .= db_error();
-				db_rollback();
 			} else {
-				// If the forum has been moved to the newsadmin project
-				// (because the newsbyte has been approved),
-				// reassign it back to its original project
-				if ($group_id != $old_group_id) {
-					$result = db_query_params("UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2", array($group_id, $forum_id));
-					
-					$for_group = group_get_object($group_id);
-					$for_group->normalizeAllRoles();
-					$sitenews_group = group_get_object(forge_get_config('news_group'));
-					$sitenews_group->normalizeAllRoles();
-				}
-
 				$feedback .= _('Newsbyte Updated.');
-				// No notification if news is deleted.
-//				if ($status != 4)
-//					send_news_notification_email($id);
-				db_commit();
 			}
 			/*
 				Show the list_queue
@@ -207,198 +189,8 @@
 	}
 	news_footer(array());
 
-} else {
-	/*
-
-		News uber-user admin pages
-
-		Show all waiting news items except those already rejected.
-
-		Admin members of forge_get_config('news_group') (news project) can edit/change/approve news items
-
-	*/
-	session_require_global_perm ('approve_news') ;
-
-	if ($post_changes) {
-		if ($approve) {
-
-			$result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $for_group));
-			if (db_numrows($result) < 1) {
-				exit_error(_('Newsbyte not found'),'news');
-			}
-			
-			$forum_id = db_result($result,0,'forum_id');
-
-			if ($status==1) {
-				/*
-					Update the db so the item shows on the home page
-				*/
-				if (getStringFromRequest('_details_content_type') == 'html') {
-					$details = TextSanitizer::purify($details);
-				} else {
-					$details = htmlspecialchars($details);
-				}
-				db_begin();
-				$result=db_query_params('UPDATE news_bytes SET is_approved=1, post_date=$1, summary=$2, details=$3 WHERE id=$4',
-							array(time(),
-							      htmlspecialchars($summary),
-							      $details,
-							      $id));
-				if (!$result || db_affected_rows($result) < 1) {
-					$error_msg .= _('Error On Update:');
-					db_rollback();
-				} else {
-					db_query_params('UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2',
-							array(forge_get_config('news_group'),
-							      $forum_id));
-					$for_group = group_get_object($for_group);
-					$for_group->normalizeAllRoles();
-					$sitenews_group = group_get_object(forge_get_config('news_group'));
-					$sitenews_group->normalizeAllRoles();
-					db_commit();
-					$feedback .= _('Newsbyte Updated.');
-				}
-			} else if ($status==2) {
-				/*
-					Move msg to deleted status
-				*/
-				db_begin();
-				$result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
-				if (!$result || db_affected_rows($result) < 1) {
-					$error_msg .= _('Error On Update:');
-					$error_msg .= db_error();
-					db_rollback();
-				} else {
-					db_query_params('UPDATE forum_group_list SET group_id=$1 WHERE group_forum_id=$2',
-							array($for_group,
-							      $forum_id));
-					$for_group = group_get_object($for_group);
-					$for_group->normalizeAllRoles();
-					$sitenews_group = group_get_object(forge_get_config('news_group'));
-					$sitenews_group->normalizeAllRoles();
-					db_commit();
-					$feedback .= _('Newsbyte Deleted.');
-				}
-			}
-
-			/*
-				Show the list_queue
-			*/
-			$approve='';
-			$list_queue='y';
-		} else if (getStringFromRequest('mass_reject')) {
-			/*
-				Move msg to rejected status
-			*/
-			$news_id = getArrayFromRequest('news_id');
-			$result = db_query_params("UPDATE news_bytes 
-SET is_approved='2' 
-WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
-			if (!$result || db_affected_rows($result) < 1) {
-				$error_msg .= _('Error On Update:');
-				$error_msg .= db_error();
-			} else {
-				$feedback .= _('Newsbytes Rejected.');
-			}
-		}
-	}
-
-	news_header(array('title'=>_('News admin')));
-
-	if ($approve) {
-		/*
-			Show the submit form
-		*/
-
-		$result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.* 
-FROM news_bytes,groups WHERE id=$1 
-AND news_bytes.group_id=groups.group_id ", array($id));
-		if (db_numrows($result) < 1) {
-			exit_error(_('Newsbyte not found'),'news');
-		}
-		if (db_result($result,0,'is_approved') == 4) {
-			exit_error(_('Newsbyte deleted'),'news');
-		}
-		
-		$group = group_get_object(db_result($result,0,'group_id'));
-		$user =& user_get_object(db_result($result,0,'submitted_by'));
-
-		echo '
-		<p />
-		<form action="'.getStringFromServer('PHP_SELF').'" method="post">
-		<input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />
-		<input type="hidden" name="id" value="'.db_result($result,0,'id').'" />
-		<strong>'._('Submitted for project').':</strong> '.
-		util_make_link_g (strtolower(db_result($result,0,'unix_group_name')),db_result($result,0,'group_id'),$group->getPublicName()).'<br />
-		<strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
-		<input type="hidden" name="approve" value="y" />
-		<input type="hidden" name="post_changes" value="y" />
-		<input type="radio" name="status" value="1" /> '._('Approve For Front Page').'<br />
-		<input type="radio" name="status" value="0" /> '._('Do Nothing').'<br />
-		<input type="radio" name="status" value="2" checked="checked" /> '._('Reject').'<br />
-		<strong>'._('Subject').':</strong><br />
-		<input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="60" maxlength="60" /><br />
-		<strong>'._('Details').':</strong><br />';
-		
-		$GLOBALS['editor_was_set_up']=false;
-		$params = array () ;
-		$params['name'] = 'details';
-		$params['width'] = "600";
-		$params['height'] = "300";
-		$params['group'] = db_result($result,0,'group_id');
-		$params['body'] = db_result($result,0,'details');
-		plugin_hook("text_editor",$params);
-		if (!$GLOBALS['editor_was_set_up']) {
-			//if we don't have any plugin for text editor, display a simple textarea edit box
-			echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
-		}
-		unset($GLOBALS['editor_was_set_up']);		
-		
-		
-		echo '<br />
-		<input type="submit" name="submit" value="'._('Submit').'" />
-		</form>';
-
-	} else {
-
-		/*
-			Show list of waiting news items
-		*/
-
-		$old_date = time()-60*60*24*30;
-		$qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
-				group_name,unix_group_name
-			FROM news_bytes,groups
-			WHERE is_approved=0
-			AND news_bytes.group_id=groups.group_id
-			AND post_date > $1
-			AND groups.status=$2
-			ORDER BY post_date', array ($old_date, 'A')) ;
-
-		$old_date = time()-(60*60*24*7);
-		$qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
-				group_name,unix_group_name
-			FROM news_bytes,groups
-			WHERE is_approved=2
-			AND news_bytes.group_id=groups.group_id
-			AND post_date > $1
-			ORDER BY post_date', array ($old_date)) ;
-
-		$qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
-				group_name,unix_group_name
-			FROM news_bytes,groups
-			WHERE is_approved=1
-			AND news_bytes.group_id=groups.group_id
-			AND post_date > $1
-			ORDER BY post_date', array ($old_date)) ;
-		show_news_approve_form(
-			$qpa_pending,
-			$qpa_rejected,
-			$qpa_approved
-		);
-
-	}
-	news_footer(array());
+} else { // No group, or newsadmin group
+	session_redirect('/admin/pending-news.php');
 }
 
 // Local Variables:

Modified: branches/Branch_5_1/tests/func/RBAC/rbacTest.php
===================================================================
--- branches/Branch_5_1/tests/func/RBAC/rbacTest.php	2011-04-14 12:37:45 UTC (rev 13124)
+++ branches/Branch_5_1/tests/func/RBAC/rbacTest.php	2011-04-14 13:47:19 UTC (rev 13125)
@@ -176,19 +176,19 @@
 		$this->waitForPageToLoad("30000");
 
 		// Try to push it to front page with user toto
-		$this->open( ROOT . '/news/admin/') ;
+		$this->open( ROOT . '/admin/pending-news.php') ;
 		$this->waitForPageToLoad("30000");
 		$this->assertTrue ($this->isPermissionDenied()) ;
 
 		// Try to push it to front page with user projapp
 		$this->switchUser ("projapp") ;
-		$this->open( ROOT . '/news/admin/') ;
+		$this->open( ROOT . '/admin/pending-news.php') ;
 		$this->waitForPageToLoad("30000");
 		$this->assertTrue ($this->isPermissionDenied()) ;
 
 		// Push it to front page with user newsmod
 		$this->switchUser ("newsmod") ;
-		$this->open( ROOT . '/news/admin/') ;
+		$this->open( ROOT . '/admin/pending-news.php') ;
 		$this->waitForPageToLoad("30000");
 		$this->assertTrue ($this->isTextPresent("These items need to be approved")) ;
 		$this->assertTrue ($this->isTextPresent("First TotoNews")) ;




More information about the Fusionforge-commits mailing list