chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r12694] fix permissions problems in the blog : it simply didn't work because of the use of api_is_allowed_to_edit instead of api_is_allowed !

Browse Source
skala
Eric Marguin 18 years ago
parent c57f8a8f1c
commit 39ff8032b0
2 changed files with 20 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 24
      main/blog/blog.php
  2. 16
      main/inc/lib/blog.lib.php

24
main/blog/blog.php
Unescape View File

@ -137,7 +137,7 @@ if ($_GET['action'] == 'view_post')
if ($_GET['do'] == 'delete_comment') if ($_GET['do'] == 'delete_comment')
{ {
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id))
{ {
Blog :: delete_comment($blog_id, (int)$_GET['comment_id']); Blog :: delete_comment($blog_id, (int)$_GET['comment_id']);
} }
@ -150,7 +150,7 @@ if ($_GET['action'] == 'view_post')
if ($_GET['do'] == 'delete_article') if ($_GET['do'] == 'delete_article')
{ {
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_delete', $task_id)) if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id))
{ {
Blog :: delete_post($blog_id, (int)$_GET['article_id']); Blog :: delete_post($blog_id, (int)$_GET['article_id']);
$current_page = ''; // Article is gone, go to blog home $current_page = ''; // Article is gone, go to blog home
@ -165,14 +165,14 @@ if ($_GET['action'] == 'view_post')
{ {
if ($_GET['type'] == 'post') if ($_GET['type'] == 'post')
{ {
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_rate')) if (api_is_allowed('BLOG_'.$blog_id, 'article_rate'))
{ {
Blog :: add_rating('post', $blog_id, (int)$_GET['post_id'], (int)$_GET['rating']); Blog :: add_rating('post', $blog_id, (int)$_GET['post_id'], (int)$_GET['rating']);
} }
} }
if ($_GET['type'] == 'comment') if ($_GET['type'] == 'comment')
{ {
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_comments_add')) if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add'))
{ {
Blog :: add_rating('comment', $blog_id, (int)$_GET['comment_id'], (int)$_GET['rating']); Blog :: add_rating('comment', $blog_id, (int)$_GET['comment_id'], (int)$_GET['rating']);
} }
@ -248,9 +248,9 @@ Blog :: display_minimonthcalendar($month, $year, $blog_id);
<td class="blog_menu"> <td class="blog_menu">
<ul> <ul>
<li><a href="<?php echo api_get_self(); ?>?blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('Home') ?>"><?php echo get_lang('Home') ?></a></li> <li><a href="<?php echo api_get_self(); ?>?blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('Home') ?>"><?php echo get_lang('Home') ?></a></li>
<?php if(api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_add')) { ?><li><a href="<?php echo api_get_self(); ?>?action=new_post&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('NewPost') ?>"><?php echo get_lang('NewPost') ?></a></li><?php } ?> <?php if(api_is_allowed('BLOG_'.$blog_id, 'article_add')) { ?><li><a href="<?php echo api_get_self(); ?>?action=new_post&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('NewPost') ?>"><?php echo get_lang('NewPost') ?></a></li><?php } ?>
<?php if(api_is_allowed_to_edit('BLOG_'.$blog_id, 'task_management')) { ?><li><a href="<?php echo api_get_self(); ?>?action=manage_tasks&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageTasks') ?>"><?php echo get_lang('TaskManager') ?></a></li> <?php } ?> <?php if(api_is_allowed('BLOG_'.$blog_id, 'task_management')) { ?><li><a href="<?php echo api_get_self(); ?>?action=manage_tasks&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageTasks') ?>"><?php echo get_lang('TaskManager') ?></a></li> <?php } ?>
<?php if(api_is_allowed_to_edit('BLOG_'.$blog_id, 'member_management')) { ?><li><a href="<?php echo api_get_self(); ?>?action=manage_members&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageMembers') ?>"><?php echo get_lang('MemberManager') ?></a></li><?php } ?> <?php if(api_is_allowed('BLOG_'.$blog_id, 'member_management')) { ?><li><a href="<?php echo api_get_self(); ?>?action=manage_members&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageMembers') ?>"><?php echo get_lang('MemberManager') ?></a></li><?php } ?>
</ul> </ul>
</td> </td>
</tr> </tr>
@ -355,7 +355,7 @@ else
switch ($current_page) switch ($current_page)
{ {
case 'new_post' : case 'new_post' :
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_add', $user_task ? $task_id : 0)) if (api_is_allowed('BLOG_'.$blog_id, 'article_add', $user_task ? $task_id : 0))
{ {
Blog :: display_form_new_post($blog_id); Blog :: display_form_new_post($blog_id);
} }
@ -370,14 +370,14 @@ switch ($current_page)
case 'edit_post' : case 'edit_post' :
$task_id = (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0; $task_id = (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'article_edit', $task_id)) if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id))
Blog :: display_form_edit_post($blog_id, mysql_real_escape_string((int)$_GET['post_id'])); Blog :: display_form_edit_post($blog_id, mysql_real_escape_string((int)$_GET['post_id']));
else else
api_not_allowed(); api_not_allowed();
break; break;
case 'manage_members' : case 'manage_members' :
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'member_management')) if (api_is_allowed('BLOG_'.$blog_id, 'member_management'))
{ {
Blog :: display_form_user_subscribe($blog_id); Blog :: display_form_user_subscribe($blog_id);
echo '<br /><br />'; echo '<br /><br />';
@ -391,7 +391,7 @@ switch ($current_page)
Blog :: display_form_user_rights($blog_id); Blog :: display_form_user_rights($blog_id);
break; break;
case 'manage_tasks' : case 'manage_tasks' :
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'task_management')) if (api_is_allowed('BLOG_'.$blog_id, 'task_management'))
{ {
if ($_GET['do'] == 'add') if ($_GET['do'] == 'add')
{ {
@ -413,7 +413,7 @@ switch ($current_page)
echo '<br /><br />'; echo '<br /><br />';
Blog :: display_assigned_task_list($blog_id); Blog :: display_assigned_task_list($blog_id);
echo '<br /><br />'; echo '<br /><br />';
if (api_is_allowed_to_edit('BLOG_'.$blog_id, 'role_management')) if (api_is_allowed('BLOG_'.$blog_id, 'role_management'))
{ {
?> ?>
<a href="<?php echo api_get_self(); ?>?action=manage_rights&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageRights') ?>"><?php echo get_lang('RightsManager') ?></a> <a href="<?php echo api_get_self(); ?>?action=manage_rights&amp;blog_id=<?php echo $blog_id ?>" title="<?php echo get_lang('ManageRights') ?>"><?php echo get_lang('RightsManager') ?></a>

16
main/inc/lib/blog.lib.php
Unescape View File

@ -838,13 +838,13 @@ class Blog
$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0; $task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_edit', $task_id)) if(api_is_allowed('BLOG_' . $blog_id, 'article_edit', $task_id))
$blog_post_actions .= '<a href="blog.php?action=edit_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;article_id=' . $blog_post['post_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('EditThisPost') . '"><img src="../img/edit.gif" /></a>'; $blog_post_actions .= '<a href="blog.php?action=edit_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;article_id=' . $blog_post['post_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('EditThisPost') . '"><img src="../img/edit.gif" /></a>';
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_delete', $task_id)) if(api_is_allowed('BLOG_' . $blog_id, 'article_delete', $task_id))
$blog_post_actions .= '<a href="blog.php?action=view_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;do=delete_article&amp;article_id=' . $blog_post['post_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('DeleteThisArticle') . '" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"))). '\')) return false;"><img src="../img/delete.gif" border="0" /></a>'; $blog_post_actions .= '<a href="blog.php?action=view_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;do=delete_article&amp;article_id=' . $blog_post['post_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('DeleteThisArticle') . '" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"))). '\')) return false;"><img src="../img/delete.gif" border="0" /></a>';
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_rate')) if(api_is_allowed('BLOG_' . $blog_id, 'article_rate'))
$rating_select = Blog::display_rating_form('post',$blog_id,$post_id); $rating_select = Blog::display_rating_form('post',$blog_id,$post_id);
$blog_post_text=stripslashes($blog_post_text); $blog_post_text=stripslashes($blog_post_text);
@ -868,7 +868,7 @@ class Blog
} }
// Display comment form // Display comment form
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_comments_add')) if(api_is_allowed('BLOG_' . $blog_id, 'article_comments_add'))
{ {
Blog::display_new_comment_form($blog_id, $post_id, $blog_post['title']); Blog::display_new_comment_form($blog_id, $post_id, $blog_post['title']);
} }
@ -1026,8 +1026,8 @@ class Blog
$blog_comment_date = ucfirst(format_locale_date($dateFormatLong,strtotime($comment['date_creation']))); $blog_comment_date = ucfirst(format_locale_date($dateFormatLong,strtotime($comment['date_creation'])));
$blog_comment_time = date('H:m',strtotime($comment['date_creation'])); $blog_comment_time = date('H:m',strtotime($comment['date_creation']));
$blog_comment_actions = ""; $blog_comment_actions = "";
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_comments_delete', $task_id)) { $blog_comment_actions .= '<a href="blog.php?action=view_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;do=delete_comment&amp;comment_id=' . $comment['comment_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('DeleteThisComment') . '" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"))). '\')) return false;"><img src="../img/delete.gif" border="0" /></a>'; } if(api_is_allowed('BLOG_' . $blog_id, 'article_comments_delete', $task_id)) { $blog_comment_actions .= '<a href="blog.php?action=view_post&amp;blog_id=' . $blog_id . '&amp;post_id=' . $post_id . '&amp;do=delete_comment&amp;comment_id=' . $comment['comment_id'] . '&amp;task_id=' . $task_id . '" title="' . get_lang('DeleteThisComment') . '" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"))). '\')) return false;"><img src="../img/delete.gif" border="0" /></a>'; }
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_comments_rate')) { $rating_select = Blog::display_rating_form('comment', $blog_id, $post_id, $comment['comment_id']); } if(api_is_allowed('BLOG_' . $blog_id, 'article_comments_rate')) { $rating_select = Blog::display_rating_form('comment', $blog_id, $post_id, $comment['comment_id']); }
if(!is_null($comment['task_id'])) if(!is_null($comment['task_id']))
{ {
@ -1059,7 +1059,7 @@ class Blog
*/ */
function display_form_new_post($blog_id) function display_form_new_post($blog_id)
{ {
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_add')) if(api_is_allowed('BLOG_' . $blog_id, 'article_add'))
{ {
echo '<script type="text/javascript"> echo '<script type="text/javascript">
function FCKeditor_OnComplete( editorInstance ) function FCKeditor_OnComplete( editorInstance )
@ -1258,7 +1258,7 @@ class Blog
*/ */
function display_task_list($blog_id) function display_task_list($blog_id)
{ {
if(api_is_allowed_to_edit('BLOG_' . $blog_id, 'article_add')) if(api_is_allowed('BLOG_' . $blog_id, 'article_add'))
{ {
// Init // Init
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);

Write Preview
Loading…
Cancel
Save