Update of /cvsroot/phpwebsite-comm/modules/article/class
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv18219/class
Modified Files:
AM_Lists.php AM_Data.php Article.php
Log Message:
Added ownership check before showing an edit link
Index: AM_Data.php
===================================================================
RCS file: /cvsroot/phpwebsite-comm/modules/article/class/AM_Data.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** AM_Data.php 21 Aug 2008 20:17:32 -0000 1.15
--- AM_Data.php 8 Oct 2008 17:21:18 -0000 1.16
***************
*** 211,215 ****
if (!empty($object)) {
/* if user can edit articles or can edit this article... */
! if (Current_User::allow('article', 'edit_articles', $object->id) & !$object->isLocked($object->editlock, $object->edituser))
$link[] = PHPWS_Text::moduleLink(dgettext('article', 'Edit this article'), 'article', array('op'=>'edit', 'id' => $object->id));
/* if user can delete articles or can delete this article... */
--- 211,215 ----
if (!empty($object)) {
/* if user can edit articles or can edit this article... */
! if ((Current_User::allow('article', 'edit_articles', $object->id) || (Current_User::getId() && $object->created_id == Current_User::getId())) & !$object->isLocked($object->editlock, $object->edituser))
$link[] = PHPWS_Text::moduleLink(dgettext('article', 'Edit this article'), 'article', array('op'=>'edit', 'id' => $object->id));
/* if user can delete articles or can delete this article... */
Index: AM_Lists.php
===================================================================
RCS file: /cvsroot/phpwebsite-comm/modules/article/class/AM_Lists.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** AM_Lists.php 21 Aug 2008 20:17:32 -0000 1.17
--- AM_Lists.php 8 Oct 2008 17:21:18 -0000 1.18
***************
*** 252,256 ****
/* ACTION */
/* if user can edit articles or can edit this article... */
! if (Current_User::allow('article', 'edit_articles', $created_id)) {
/* If someone else is editing this page... */
if (PHPWS_Article::isLocked($editlock, $edituser))
--- 252,256 ----
/* ACTION */
/* if user can edit articles or can edit this article... */
! if (Current_User::allow('article', 'edit_articles', $id) || (Current_User::getId() && $created_id == Current_User::getId())) {
/* If someone else is editing this page... */
if (PHPWS_Article::isLocked($editlock, $edituser))
Index: Article.php
===================================================================
RCS file: /cvsroot/phpwebsite-comm/modules/article/class/Article.php,v
retrieving revision 1.52
retrieving revision 1.53
diff -C2 -d -r1.52 -r1.53
*** Article.php 21 Aug 2008 20:17:32 -0000 1.52
--- Article.php 8 Oct 2008 17:21:18 -0000 1.53
***************
*** 282,286 ****
/* if user can edit articles or can edit this article... */
! if (Current_User::allow('article', 'edit_articles', $this->id)) {
/* If someone else is editing this article... */
if ($this->isLocked($this->editlock, $this->edituser))
--- 282,286 ----
/* if user can edit articles or can edit this article... */
! if (Current_User::allow('article', 'edit_articles', $this->id) || (Current_User::getId() && $this->created_id == Current_User::getId())) {
/* If someone else is editing this article... */
if ($this->isLocked($this->editlock, $this->edituser))
***************
*** 924,928 ****
{
$now = time();
! return ($this->mainarticle
|| ($this->approved
&& $this->publication_date <= $now
--- 924,928 ----
{
$now = time();
! return $this->mainarticle
|| ($this->approved
&& $this->publication_date <= $now
***************
*** 930,934 ****
|| ($_REQUEST['module']=='article'
&& !$saving
! && Current_User::allow('article', 'edit_articles', $this->id))
|| $GLOBALS['module']=='approval');
}
--- 930,935 ----
|| ($_REQUEST['module']=='article'
&& !$saving
! && (Current_User::allow('article', 'edit_articles', $this->id)
! || (Current_User::getId() && $this->created_id == Current_User::getId()))
|| $GLOBALS['module']=='approval');
}
|
