Prevent not logged in users from submitting feedback on, or reporting, public Views.

This also makes sure that users accessing the View by a token can only submit feedback. This should prevent a lot of spam.

Prevent not logged in users from submitting feedback on, or reporting, public Views.
This also makes sure that users accessing the View by a token can only submit feedback. This should prevent a lot of spam.
b4990ea6 · Nigel McNie · b74da627 · b4990ea6 · b4990ea6 · b4990ea6
Commit b4990ea6 authored May 28, 2009 by Nigel McNie
--- a/htdocs/js/feedbacklist.js
+++ b/htdocs/js/feedbacklist.js
@@ -67,37 +67,45 @@ function objectionSuccess() {
 }

 addLoadEvent(function () {
-    hideElement('add_feedback_form');
-    if ($('add_feedback_link')) {
-        connect('add_feedback_link', 'onclick', function(e) {
+    if ($('add_feedback_form')) {
+        hideElement('add_feedback_form');
+        if ($('add_feedback_link')) {
+            connect('add_feedback_link', 'onclick', function(e) {
+                e.stop();
+                if ($('objection_form')) {
+                    hideElement('objection_form');
+                }
+                $('add_feedback_form').reset();
+                showElement('add_feedback_form');
+                return false;
+            });
+        }
+        connect('cancel_add_feedback_form_submit', 'onclick', function (e) {
            e.stop();
-            hideElement('objection_form');
-            $('add_feedback_form').reset();
-            showElement('add_feedback_form');
+            hideElement('add_feedback_form');
            return false;
        });
    }
-    connect('cancel_add_feedback_form_submit', 'onclick', function (e) {
-        e.stop();
-        hideElement('add_feedback_form');
-        return false;
-    });

-    hideElement('objection_form');
-    if ($('objection_link')) {
-        connect('objection_link', 'onclick', function(e) {
+    if ($('objection_form')) {
+        hideElement('objection_form');
+        if ($('objection_link')) {
+            connect('objection_link', 'onclick', function(e) {
+                e.stop();
+                if ($('add_feedback_form')) {
+                    hideElement('add_feedback_form');
+                }
+                $('objection_form').reset();
+                showElement('objection_form');
+                return false;
+            });
+        }
+        connect('cancel_objection_form_submit', 'onclick', function (e) {
            e.stop();
-            hideElement('add_feedback_form');
-            $('objection_form').reset();
-            showElement('objection_form');
+            hideElement('objection_form');
            return false;
        });
    }
-    connect('cancel_objection_form_submit', 'onclick', function (e) {
-        e.stop();
-        hideElement('objection_form');
-        return false;
-    });

    if ($('toggle_watchlist_link')) {
        connect('toggle_watchlist_link', 'onclick', function (e) {

--- a/htdocs/theme/default/templates/view/view.tpl
+++ b/htdocs/theme/default/templates/view/view.tpl
@@ -33,8 +33,8 @@
 	<div id="viewmenu">
        {include file="view/viewmenu.tpl"}
        </div>
-        <div>{$addfeedbackform}</div>
-        <div>{$objectionform}</div>
+        {if $addfeedbackform}<div>{$addfeedbackform}</div>{/if}
+        {if $objectionform}<div>{$objectionform}</div>{/if}
 </div>
 {include file="columnfullend.tpl"}


--- a/htdocs/view/view.php
+++ b/htdocs/view/view.php
@@ -130,14 +130,20 @@ else if ($group) {
    $smarty->assign('ownerlink', 'group/view.php?id=' . $group);
 }

+$anonfeedback = !$USER->is_logged_in() && ($viewtoken || $viewid == get_view_from_token(get_cookie('viewaccess:'.$viewid)));
+
 $smarty->assign('ownername', $view->formatted_owner());
 $smarty->assign('streditviewbutton', ($new) ? get_string('backtocreatemyview', 'view') : get_string('editmyview', 'view'));
 $smarty->assign('viewdescription', $view->get('description'));
 $smarty->assign('viewcontent', $view->build_columns());
 $smarty->assign('releaseform', $releaseform);
-$smarty->assign('anonfeedback', !$USER->is_logged_in() && ($viewtoken || $viewid == get_view_from_token(get_cookie('viewaccess:'.$viewid))));
-$smarty->assign('addfeedbackform', pieform(add_feedback_form($allowattachments)));
-$smarty->assign('objectionform', pieform(objection_form()));
+$smarty->assign('anonfeedback', $anonfeedback);
+if ($USER->is_logged_in() || $anonfeedback) {
+    $smarty->assign('addfeedbackform', pieform(add_feedback_form($allowattachments)));
+}
+if ($USER->is_logged_in()) {
+    $smarty->assign('objectionform', pieform(objection_form()));
+}
 $smarty->assign('viewbeingwatched', $viewbeingwatched);

 $smarty->display('view/view.tpl');