Commit 870237ac authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1545851: Add 'secret url' message when adding items to collections



When one of the views has a secret url as this will allow all the
pages in the collection to be accessed via the secret url once the
secreturl cookie is set

behatnotneeded

Change-Id: Ic14965bb852d235c965b82a64e53a77e6410360d
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 7de2bdc6
......@@ -99,6 +99,14 @@ if (!empty($direction)) {
if ($collectiondifferent) {
$differentarray = array_merge($differentarray, $viewids);
}
// Check if the collection has a secret url token for any of the existing views
$hassecreturl = false;
if (!empty(array_merge($differentarray, $viewids))) {
if (count_records_sql("SELECT token FROM {view_access} WHERE view IN (" . join(',', array_merge($differentarray, $viewids)) . ") AND (token IS NOT NULL AND token !='')")) {
$hassecreturl = true;
}
}
if ($different && !empty($differentarray)) {
$alertstr = get_string('viewsaddedaccesschanged', 'collection');
foreach ($differentarray as $viewid) {
......@@ -106,12 +114,14 @@ if (!empty($direction)) {
$alertstr .= " " . json_encode($changedview->get('title')) . ",";
}
$alertstr = substr($alertstr, 0, -1) . '.';
$alertstr .= ($hassecreturl) ? ' ' . get_string('viewaddedsecreturl', 'collection') : '';
$message = get_string('viewsaddedtocollection1', 'collection', 1) . ' ' . $alertstr;
$messagestatus = 'warning';
}
else {
$message = get_string('viewsaddedtocollection1', 'collection', 1);
$messagestatus = 'ok';
$alertstr = ($hassecreturl) ? get_string('viewaddedsecreturl', 'collection') : '';
$message = get_string('viewsaddedtocollection1', 'collection', 1) . ' ' . $alertstr;
$messagestatus = ($hassecreturl) ? 'warning' : 'ok';
}
}
}
......
......@@ -39,6 +39,8 @@ if ($accesschanged = $SESSION->get('pageaccesschanged')) {
}
$alertstr = substr($alertstr, 0, -1) . '.';
$alertstr = get_string('viewsaddedtocollection1', 'collection', $SESSION->get('pagesadded')) . ' ' . $alertstr;
$hassecreturl = $SESSION->get('hassecreturl');
$alertstr .= ($hassecreturl) ? get_string('viewaddedsecreturl', 'collection') : '';
$inlinejs = <<<EOF
jQuery(function($) {
var message = $('<div id="changestatusline" class="alert alert-dismissible alert-warning" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><p>$alertstr</p></div>');
......@@ -47,6 +49,7 @@ jQuery(function($) {
EOF;
$SESSION->set('pageaccesschanged', false);
$SESSION->set('pagesadded', false);
$SESSION->set('hassecreturl', false);
}
$owner = $collection->get('owner');
$groupid = $collection->get('group');
......@@ -236,22 +239,34 @@ function addviews_submit(Pieform $form, $values) {
}
}
$count = $collection->add_views($values);
// Check if the collection has a secret url token for any of the existing views
$hassecreturl = false;
if (!empty(array_merge($differentarray, $viewids))) {
if (count_records_sql("SELECT token FROM {view_access} WHERE view IN (" . join(',', array_merge($differentarray, $viewids)) . ") AND (token IS NOT NULL AND token !='')")) {
$hassecreturl = true;
}
}
if ($collectiondifferent) {
$differentarray = array_merge($differentarray, $viewids);
}
if ($different) {
$SESSION->set('pageaccesschanged', $differentarray);
$SESSION->set('pagesadded', $count);
$SESSION->set('hassecreturl', $hassecreturl);
}
else {
$SESSION->add_ok_msg(get_string('viewsaddedtocollection1', 'collection', $count));
if ($hassecreturl) {
$SESSION->add_error_msg(get_string('viewaddedsecreturl', 'collection'));
}
}
redirect('/collection/views.php?id='.$collection->get('id'));
redirect('/collection/views.php?id=' . $collection->get('id'));
}
function removeview_submit(Pieform $form, $values) {
global $SESSION, $collection;
$collection->remove_view((int)$values['view']);
$SESSION->add_ok_msg(get_string('viewremovedsuccessfully','collection'));
redirect('/collection/views.php?id='.$collection->get('id'));
redirect('/collection/views.php?id=' . $collection->get('id'));
}
......@@ -97,6 +97,7 @@ $string['viewsaddedtocollection1different'] = array(
'%s pages added to collection. The shared access has changed for all pages in the collection.',
);
$string['viewsaddedaccesschanged'] = 'Access permissions have changed for the following pages:';
$string['viewaddedsecreturl'] = 'Available publically via secret URL';
$string['viewcollection'] = 'View collection details';
$string['viewcount'] = 'Pages';
$string['viewremovedsuccessfully'] = 'Page removed successfully.';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment