[Netpass-devel] NetPass/www/htdocs/Admin/Editor edit.mhtml,1.3,1.4 index.mhtml,1.4,1.5
Brought to you by:
jeffmurphy
Menu
▾
▴
[Netpass-devel] NetPass/www/htdocs/Admin/Editor edit.mhtml,1.3,1.4 index.mhtml,1.4,1.5
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:21
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/www/htdocs/Admin/Editor Modified Files: edit.mhtml index.mhtml Log Message: working thru forms, making sure per-network admin functionality is implemented Index: edit.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor/edit.mhtml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- edit.mhtml 19 Apr 2005 04:01:24 -0000 1.3 +++ edit.mhtml 27 Apr 2005 03:54:08 -0000 1.4 @@ -25,18 +25,17 @@ my @roGroups = ('Reports'); my $readOnly = "disabled"; -my ($isReadonly, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); -my ($isAdmin, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -my $isRoot = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); -if ($isAdmin) { +if ($isRW) { $readOnly = ""; -} elsif ($isReadonly) { +} elsif ($isRO) { $readOnly = "disabled"; } else { print $q->p({-class=>'error'}, - "Sorry, permission denied.<BR>You must be in one of these groups: ", - join(',', @rwGroups, @roGroups)); + "Sorry, you don't have access to this form.<P>"); return; } @@ -52,19 +51,10 @@ my $pageList = $np->db->getPageList(); my %allGroups = map { $_ => $_ } @{$pageList->{'group'}}; -if ($submit eq " Save Change ") { - my $rv = $np->db->setPage(-name => $name, -group => $group, -content => $content); - if ($rv) { - print "<P class='error'>Failed to update page: $rv</P>"; - } -} -elsif($submit eq " Save Copy ") { - my $rv = $np->db->setPage(-name => $name, -group => $group, -content => $content, -noupdate => 1); - if ($rv) { - print "<P class='error'>Failed to update page: $rv (did you remember to change the name or group?)</P>"; - } -} +if (! $isRoot) { + %allGroups = map {$_ => $_} (@$rwGroups); +} </%perl> Index: index.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor/index.mhtml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- index.mhtml 19 Apr 2005 04:01:25 -0000 1.4 +++ index.mhtml 27 Apr 2005 03:54:08 -0000 1.5 @@ -9,7 +9,6 @@ <%args> $name => ''; -$network => ''; $ta => ''; $search => ''; $group => ''; @@ -29,18 +28,20 @@ my @roGroups = ('Reports'); my $readOnly = "disabled"; -my ($isReadonly, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); -my ($isAdmin, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -my $isRoot = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($allMyRO, $allMyRW); +($junk, $allMyRO) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +($junk, $allMyRW) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -if ($isAdmin) { +if ($isRW) { $readOnly = ""; -} elsif ($isReadonly) { +} elsif ($isRO) { $readOnly = "disabled"; } else { print $q->p({-class=>'error'}, - "Sorry, permission denied.<BR>You must be in one of these groups: ", - join(',', @rwGroups, @roGroups)); + "Sorry, you don't have access to this form.<P>"); return; } @@ -50,15 +51,29 @@ my %allGroups = map { $_ => $_ } @{$pageList->{'group'}}; -# XXX if you are !default->Admin then strip out groups that you dont -# belong too if (! $isRoot) { - foreach my $grp (@$roGroups, @$rwGroups) { - print "Strip group: $grp<BR>"; - } + # 'default' is added so you can at least see the default + # messages (assuming you dont have any default perms). + # we won't allow you to edit them tho. + + %allGroups = map {$_ => $_} ('default', @$allMyRO, @$allMyRW); } +print "You have permission to <B>edit</B> the messages in the following groups: ", join(', ', @$allMyRW), "<BR>" + if ($#{$allMyRW} > -1); + +print "You have permission to <B>view</B> the messages in the following groups: "; + +if ($#{$allMyRO} > -1) { + print join(', ', @$allMyRO); + print ", default" if (grep !/^default$/, @$allMyRO); + print "<BR>"; +} else { + print "default<BR>"; +} + + print $q->table({-border=>0, -width=>600}, $q->TR($q->td({-colspan=>2, -align=>"right"}, @@ -101,138 +116,86 @@ return if(!$submit && !$search); if($submit) { - if ($readOnly eq "") { - savePage($dbh, $name, $ta); - print $q->p("Your changes have been saved..."); - } else { - # this really shouldnt happen. we dont give them a submit button - $np->db->audit( -user => $m->session->{'username'}, - -severity => "ALERT", - -msg => [ "tried to change a Message but is ReadOnly" ]); - - } -} - -my ($results, $count) = getMessages($dbh, $name, $group); - -if($count<0) { - print ("<P class='error'>Sorry, there was an error while processing your request!</P>"); -} - -print $q->h4("Your search returned $count result(s)"); - -if($count==0) { - print $q->p("You may want to re-define your search to be less strict."); - return; + my $rv = savePage($allMyRW, $name, $group, $ta, ($submit eq " Save Copy ")); + print $q->p({-class=>'error'}, $rv); } -my @rows = (); - -push(@rows, $q->TR( - $q->th("Name") . - $q->th("Edit") - ) -); - -my $class = ""; - -while (my $row = $results->fetchrow_hashref() ) { - - $class = ($class eq "")?"gray":""; - - my $href = "edit.mhtml?name=" . $row->{name}."&group=".$row->{'network'}; - if ($readOnly eq "disabled") { - $href = "view.mhtml?name=" . $row->{name}."&group=".$row->{'network'}; - } - - my $delLink = ""; +my $pl = $np->db->getPageList(-name => $name, -group => $group); +if (ref($pl) ne "HASH") { + print ("<P class='error'>Sorry, there was an error while processing your request ($pl).</P>"); +} else { + my $count = $#{$pl->{'name'}} + 1; + my $class = ""; - #if ($readOnly eq "") { - # $delLink = $q->td(({-align=>'center'}, $q->submit(-name => 'submit', -value => 'Delete'))); - #} +</%perl> + <h4>Your search returned <%$count%> result(s)</h4> +% if ($count) { - push( @rows, $q->TR( {-class=> $class }, - $q->td({-align=>'center'}, $row->{name}) . - $q->td({-align=>'center'}, $q->a({-href=>$href}, - ($readOnly eq "")?"[ edit ]":"[ view ]" - )) - ) . "\n"); -} + <table> + <tr><th>Name</th><th>Group</th><th colspan=3>Operation</th></tr> -$results->finish(); +% for(my $row = 0 ; $row <= $#{$pl->{'name'}} ; $row++) { +% $class = ($class eq "")?"gray":""; +% my $rwHref = "edit.mhtml?name=" . $pl->{'name'}->[$row]."&group=".$pl->{'group'}->[$row]; +% my $roHref = "view.mhtml?name=" . $pl->{'name'}->[$row]."&group=".$pl->{'group'}->[$row]; +% my $delLink = ""; -print $q->table({-width=>'80%'}, @rows); -print $q->end_form(); + <tr class="<%$class%>"> + <td width='50%'><%$pl->{'name'}->[$row]%></td> + <td width='25%'><%$pl->{'group'}->[$row]%></td> +% if (grep /^$pl->{'group'}->[$row]$/, @$rwGroups) { + <td width='8%'><a href="<%$rwHref%>">[ edit ]</a></td> + <td width='8%'><a href="">[ del ]</a></td> +% } else { + <td width='8%'> </td> + <td width='8%'> </td> +% } + <td width='8%'><a href="<%$roHref%>">[ view ]</a></td> + </tr> +% } + </table> +% } +%} -print $q->p(); +</form> +<P> +<%perl> return; -####################### +sub savePage { + my $rw = shift; + my $name = shift; + my $group = shift; + my $content = shift; + my $noupdate = shift; -sub getMessages { - my $dbh = shift; - my $name = shift; - my $group = shift; + # enforce permissions - my @clause = (); - my @params = (); + if (grep /^$group$/, @$rw) { - if($name) { - push(@clause, "name LIKE ?"); - push(@params, "%$name%"); - } + $np->db->audit( + -user => $m->session->{'username'}, + -msg => [ "MessageEdit: $name ($group) editted" ]); - if($group) { - push(@clause, "network = ?"); - push(@params, $group); - } + my $rv = $np->db->setPage(-name => $name, -group => $group, + -content => $content, -noupdate => $noupdate); - my $query = "SELECT name, network FROM pages"; - - if($#clause>-1) { - $query .= " WHERE " . join(" AND ", @clause) + if ($rv =~ /duplicate/i) { + return "Save failed. Duplicate entry. Did you use 'Save Copy' but forget to change the name?"; + } + return $rv if ($rv); # error + return "Page saved."; } - $query .= " ORDER BY name LIMIT 150"; - - my $sth = $dbh->prepare($query); - - if(!defined($sth)) { - return ("prepare failed: ". $dbh->errstr, -1); - } - - if( !$sth->execute(@params) ) { - return ("execute failed: ". $dbh->errstr, -1); - } - - my $count = $sth->rows; + # else you dont have permission - return ($sth, $count); + $np->db->audit( -user => $m->session->{'username'}, -severity => "ALERT", + -msg => [ "tried to edit $name ($group) but doesnt have permission to do so" ]); + return "You dont have the appropriate permissions to edit this message."; } -sub savePage { - my $dbh = shift; - my $name = shift; - my $content = shift; - - $np->db->audit( - -user => $m->session->{'logged_in'}, - -msg => [ "MessageEdit: $name editted" ]); - - my $ins_query = "INSERT IGNORE INTO pages (content, name) values (?,?)"; - my $upd_query = "UPDATE pages SET content=? WHERE name = ?"; - - my $ins_sth = $dbh->prepare($ins_query); - my $upd_sth = $dbh->prepare($upd_query); - - $ins_sth->execute($content, $name); - $ins_sth->finish; - $upd_sth->execute($content, $name); - $upd_sth->finish; - -} </%perl> |
