Add separate page for secret url management

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Add separate page for secret url management
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
b4cf6ab1 · Richard Mansfield · 40d14781 · b4cf6ab1 · b4cf6ab1 · b4cf6ab1
Commit b4cf6ab1 authored Dec 08, 2010 by Richard Mansfield
--- a/htdocs/lang/en.utf8/help/forms/editaccess.secreturl.html
+++ b/htdocs/lang/en.utf8/help/forms/editaccess.secreturl.html
--- a/htdocs/lang/en.utf8/view.php
+++ b/htdocs/lang/en.utf8/view.php
@@ -96,8 +96,16 @@ $string['groups'] = 'Groups';
 $string['users'] = 'Users';
 $string['tutors'] = 'tutors';
 $string['everyoneingroup'] = 'Everyone in Group';
+
+// secret url
 $string['token'] = 'Secret URL';
-$string['showfullurl'] = 'Show full URL';
+$string['editsecreturlaccess'] = 'Edit secret URL access';
+$string['newsecreturl'] = 'New Secret URL';
+$string['reallydeletesecreturl'] = 'Are you sure you want to delete this url?';
+$string['secreturldeleted'] = 'Your secret URL was deleted.';
+$string['secreturlupdated'] = 'Secret URL updated';
+$string['generatesecreturl'] = 'Generate a new secret URL for %s';
+$string['secreturls'] = 'Secret URLs';

 // view user
 $string['inviteusertojoingroup'] = 'Invite this user to join a group';

--- a/htdocs/lib/collection.php
+++ b/htdocs/lib/collection.php
@@ -317,8 +317,24 @@ class Collection {
        }

        $viewids = get_column('collection_view', 'view', 'collection', $this->id);
+
+        // Set the most permissive access records on all views
        View::combine_access($viewids, true);

+        // Copy the whole view config from the first view to all the others
+        if (count($viewids)) {
+            $firstview = new View($viewids[0]);
+            $viewconfig = array(
+                'startdate'       => $firstview->get('startdate'),
+                'stopdate'        => $firstview->get('stopdate'),
+                'template'        => $firstview->get('template'),
+                'allowcomments'   => $firstview->get('allowcomments'),
+                'approvecomments' => (int) ($firstview->get('allowcomments') && $firstview->get('approvecomments')),
+                'accesslist'      => $firstview->get_access(),
+            );
+            View::update_view_access($viewconfig, $viewids);
+        }
+
        db_commit();

        return $count;

--- a/htdocs/lib/pieforms/pieform/elements/image.php
+++ b/htdocs/lib/pieforms/pieform/elements/image.php
@@ -38,6 +38,9 @@ function pieform_element_image(Pieform $form, $element) {/*{{{*/
    if (!isset($element['value'])) {
        $element['value'] = true;
    }
+    if (isset($element['confirm'])) {
+        $element['onclick'] = 'return confirm(' . json_encode($element['confirm']) . ');';
+    }
    return '<input type="image" src="' . Pieform::hsc($element['src']) . '"'
        . $form->element_attributes($element)
        . ' value="' . Pieform::hsc($form->get_value($element)) . '">';

--- a/htdocs/lib/view.php
+++ b/htdocs/lib/view.php
@@ -721,6 +721,7 @@ class View {
        delete_records_select('view_access', $select, array($this->id));

        // View access
+        $accessdata_added = array();
        if ($accessdata) {
            /*
             * There should be a cleaner way to do this
@@ -733,7 +734,6 @@ class View {
             * - If view allows comments, access record comment permissions, don't apply, so reset them.
             * @todo: merge overlapping date ranges.
             */
-            $accessdata_added = array();
            $time = time();
            foreach ($accessdata as $item) {

@@ -818,17 +818,15 @@ class View {
    }

    /**
-     * Synchronise access records across a set of views
+     * Apply all the access rules among a set of views to every view in
+     * the set.
     */
-    public static function combine_access($viewids, $synctokens = false) {
+    public static function combine_access($viewids) {
        if (empty($viewids)) {
            return;
        }

        $select = 'view IN (' . join(',', array_map('intval', $viewids)) . ') AND visible = 1';
-        if (!$synctokens) { // Leave secret URL records alone
-            $select .= ' AND token IS NULL';
-        }

        if (!$access = get_records_select_array('view_access', $select)) {
            return;
@@ -876,10 +874,26 @@ class View {
            return;
        }

+        $firstviewaccess = get_records_select_array(
+            'view_access',
+            'view = ? AND visible = 1 AND token IS NULL',
+            array($this->id)
+        );
+
        db_begin();
-        delete_records_select('view_access', 'view IN (' . join(',', $toupdate) . ') AND visible = 1');
-        $toupdate[] = $this->id;
-        View::combine_access($toupdate);
+        delete_records_select(
+            'view_access',
+            'view IN (' . join(',', $toupdate) . ') AND visible = 1 AND token IS NULL'
+        );
+
+        if ($firstviewaccess) {
+            foreach ($toupdate as $id) {
+                foreach ($firstviewaccess as &$a) {
+                    $a->view = $id;
+                    insert_record('view_access', $a);
+                }
+            }
+        }
        db_commit();
    }


--- a/htdocs/theme/raw/static/style/style.css
+++ b/htdocs/theme/raw/static/style/style.css
@@ -1674,11 +1674,10 @@ table.attachments td {
 .accesslists .cv-listitem {
  width: 100%;
 }
-.accesslists .cv-name {
-  width: 75%;
-}
-.accesslists .secreturl {
-  width: 25%;
+/* Secret url */
+.secreturls .buttons form,
+.secreturls .buttons form div {
+  display: inline;
 }

 /* View access */

--- a/htdocs/theme/raw/templates/view/share.tpl
+++ b/htdocs/theme/raw/templates/view/share.tpl
@@ -8,7 +8,7 @@
      <th colspan=2>{str tag=accesslist section=view}</th>
      <th>
        <span class="fl">{str tag=Views section=view} &amp; {str tag=collections section=collection}</span>
-        <span class="secreturl fr">{str tag=token section=view}</span>
+        <span class="fr">{str tag=secreturls section=view}</span>
      </th>
    </tr>
  </thead>
@@ -36,9 +36,7 @@
            <a href="{$WWWROOT}group/view.php?id={$accessgroup.id}">{$accessgroup.name}</a>{if $accessgroup.role} ({$accessgroup.roledisplay}){/if}
          {elseif $accessgroup.accesstype == 'user'}
            <a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name|escape}</a>
-          {elseif $accessgroup.accesstype == 'secreturl'}
-            {str tag="token" section="view"} <a href="" title="{str tag=showfullurl section=view}" class="secreturl">{$accessgroup.token|str_shorten_text:9:true}</a>
-            {/if}
+          {/if}
          {if $accessgroup.startdate}
            {if $accessgroup.stopdate}
              {$accessgroup.startdate|strtotime|format_date:'strfdaymonthyearshort'}&rarr;{$accessgroup.stopdate|strtotime|format_date:'strfdaymonthyearshort'}
@@ -48,9 +46,6 @@
          {elseif $accessgroup.stopdate}
            {str tag=before} {$accessgroup.stopdate|strtotime|format_date:'strfdaymonthyearshort'}
          {/if}
-          {if $accessgroup.accesstype == 'secreturl'}
-            <div class="expandurl hidden">{$WWWROOT}view/view.php?t={$accessgroup.token}</div>
-          {/if}
          </div>
        {/foreach}
        {if $view.template}<div>{str tag=thisviewmaybecopied section=view}</div>{/if}
@@ -61,27 +56,23 @@
        {if $accesslist.views}
          {foreach from=$accesslist.views item=view name=v}
          <div class="cv-listitem">
-            <div class="fl cv-name">
-              <a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.name|str_shorten_text:60:true}</a>
+            <div class="fr">
+              {count($view.secreturls)} &nbsp; <a class="btn-access" title="{str tag=editsecreturlaccess section=view}" href="{$WWWROOT}view/urls.php?id={$view.id}"></a>
            </div>
-            <div class="fl secreturl">
-            {foreach from=$view.secreturls item=url}
-              <div><a href="">{$url.token|str_shorten_text:9:true}</a></div>
-            {/foreach}
+            <div>
+              <a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.name|str_shorten_text:60:true}</a>
            </div>
          </div>
          {/foreach}
        {/if}
        {if $accesslist.collections}
          {foreach from=$accesslist.collections item=collection name=c}
-          <div class="cv-listitem">
-            <div class="fl cv-name">
-              <a href="{$WWWROOT}view/view.php?id={$collection.viewid}">{$collection.name|str_shorten_text:60:true}</a>
+          <div class="cb cv-listitem">
+            <div class="fr">
+              {count($collection.secreturls)} &nbsp; <a class="btn-access" title="{str tag=editsecreturlaccess section=view}" href="{$WWWROOT}view/urls.php?id={$collection.viewid}"></a>
            </div>
-            <div class="fl secreturl">
-            {foreach from=$collection.secreturls item=url}
-              <div><a href="">{$url.token|str_shorten_text:9:true}</a></div>
-            {/foreach}
+            <div>
+              <a href="{$WWWROOT}view/view.php?id={$collection.viewid}">{$collection.name|str_shorten_text:60:true}</a>
            </div>
          </div>
          {/foreach}

--- a/htdocs/theme/raw/templates/view/urls.tpl
+++ b/htdocs/theme/raw/templates/view/urls.tpl
+{include file="header.tpl"}
+
+{if $editurls}
+<table class="secreturls">
+  <tbody>
+  {foreach from=$editurls item=item name=urls}
+    <tr class="{cycle values='r0,r1' advance=false}">
+      <td><strong>{$item.url}</strong></td>
+      <td class="buttons">
+        <a id="edit-{$item.id}" class="url-open-editform nojs-hidden-inline" title="{str tag=edit}" href="">
+          <img src="{theme_url filename="images/edit.gif"}">
+        </a>
+        {$item.deleteform|safe}
+      </td>
+    </tr>
+    <tr class="{cycle} url-editform js-hidden" id="edit-{$item.id}-form">
+      <td colspan=2>{$item.editform|safe}</td>
+    </tr>
+  {/foreach}
+  </tbody>
+</table>
+{/if}
+
+{$newform|safe}
+
+{include file="footer.tpl"}
--- a/htdocs/view/share.php
+++ b/htdocs/view/share.php
@@ -33,20 +33,7 @@ define('MENUITEM', 'myportfolio/share');

 $accesslists = View::get_accesslists($USER->get('id'));

-$js = <<<EOF
-addLoadEvent(function () {
-    forEach(getElementsByTagAndClassName('a', 'secreturl', null), function (elem) {
-        connect(elem, 'onclick', function(e) {
-            e.stop();
-            var displayelem = getFirstElementByTagAndClassName(null, 'expandurl', getFirstParentByTagAndClassName(elem, null, 'accesslistitem'));
-            toggleElementClass('hidden', displayelem);
-        });
-    });
-});
-EOF;
-
 $smarty = smarty();
 $smarty->assign('PAGEHEADING', TITLE);
-$smarty->assign('INLINEJAVASCRIPT', $js);
 $smarty->assign('accesslists', $accesslists);
 $smarty->display('view/share.tpl');
--- a/htdocs/view/urls.php
+++ b/htdocs/view/urls.php
+<?php
+/**
+ * Mahara: Electronic portfolio, weblog, resume builder and social networking
+ * Copyright (C) 2006-2009 Catalyst IT Ltd and others; see:
+ *                         http://wiki.mahara.org/Contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    mahara
+ * @subpackage core
+ * @author     Catalyst IT Ltd
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
+ * @copyright  (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
+ *
+ */
+
+define('INTERNAL', 1);
+define('SECTION_PLUGINTYPE', 'core');
+define('SECTION_PLUGINNAME', 'view');
+define('SECTION_PAGE', 'urls');
+
+require(dirname(dirname(__FILE__)) . '/init.php');
+require_once('pieforms/pieform.php');
+require_once('pieforms/pieform/elements/calendar.php');
+require_once(get_config('libroot') . 'view.php');
+require_once(get_config('libroot') . 'collection.php');
+
+$view = new View(param_integer('id'));
+$collection = $view->get_collection();
+$title = $collection ? $collection->get('name') : $view->get('title');
+
+define('TITLE', get_string('secreturls', 'view') . ': ' . $title);
+
+$group = $view->get('group');
+$institution = $view->get('institution');
+if ($group || $institution) {
+    View::set_nav($group, $institution);
+}
+else {
+    define('MENUITEM', 'myportfolio/share');
+}
+
+if (!$USER->can_edit_view($view)) {
+    throw new AccessDeniedException();
+}
+
+$newform = array(
+    'name'     => 'newurl',
+    'elements' => array(
+        'submit' => array(
+            'title'       => get_string('newsecreturl', 'view'),
+            'description' => get_string('generatesecreturl', 'view', hsc($title)),
+            'type'        => 'submit',
+            'value'       => get_string('add'),
+        ),
+    ),
+);
+
+$editurls = array();
+
+$allowcomments = $view->get('allowcomments');
+
+$records = get_records_select_array(
+    'view_access',
+    'view = ? AND visible = 1 AND NOT token IS NULL',
+    array($view->get('id')),
+    'token'
+);
+
+if (!$records) {
+    $records = array();
+}
+
+$tokens = array();
+
+for ($i = 0; $i < count($records); $i++) {
+    $r =& $records[$i];
+    $tokens[$r->token] = $r->token;
+    $elements = array(
+        'token'     => array(
+            'type'         => 'hidden',
+            'value'        => $r->token,
+        ),
+        'startdate' => array(
+            'type'         => 'calendar',
+            'title'        => get_string('From') . ':',
+            'defaultvalue' => !empty($r->startdate) ? strtotime($r->startdate) : null,
+            'caloptions'   => array(
+                'showsTime'      => true,
+                'ifFormat'       => get_string('strftimedatetimeshort'),
+            ),
+        ),
+        'stopdate'  => array(
+            'type'         => 'calendar',
+            'title'        => get_string('To') . ':',
+            'defaultvalue' => !empty($r->stopdate) ? strtotime($r->stopdate) : null,
+            'caloptions'   => array(
+                'showsTime'      => true,
+                'ifFormat'       => get_string('strftimedatetimeshort'),
+            ),
+        ),
+    );
+    if (!$allowcomments) {
+        $elements['allowcomments'] = array(
+            'type'         => 'checkbox',
+            'title'        => get_string('allowcomments', 'artefact.comment'),
+            'defaultvalue' => $r->allowcomments,
+        );
+        $elements['approvecomments'] = array(
+            'type'         => 'checkbox',
+            'title'        => get_string('moderatecomments', 'artefact.comment'),
+            'defaultvalue' => $r->approvecomments,
+        );
+    }
+    $elements['submit'] = array(
+        'type'  => 'submit',
+        'value' => get_string('save'),
+    );
+    $editurls[$i] = array(
+        'id'         => $i,
+        'url'        => get_config('wwwroot') . 'view/view.php?t=' . $r->token,
+        'editform'   => pieform(array(
+            'name'             => 'editurl_' . $i,
+            'successcallback'  => 'editurl_submit',
+            'validatecallback' => 'editurl_validate',
+            'jsform'           => true,
+            'elements'         => $elements,
+        )),
+        'deleteform' => pieform(array(
+            'name'             => 'deleteurl_' . $i,
+            'successcallback'  => 'deleteurl_submit',
+            'renderer'         => 'oneline',
+            'elements'         => array(
+                'token'  => array(
+                    'type'         => 'hidden',
+                    'value'        => $r->token,
+                ),
+                'submit' => array(
+                    'type'         => 'image',
+                    'src'          => $THEME->get_url('images/icon_close.gif'),
+                    'elementtitle' => get_string('delete'),
+                    'confirm'      => get_string('reallydeletesecreturl', 'view'),
+                ),
+            ),
+        )),
+    );
+}
+
+function editurl_validate(Pieform $form, $values) {
+    if (empty($values['startdate'])) {
+        $values['startdate'] = null;
+    }
+    if (empty($values['stopdate'])) {
+        $values['stopdate'] = null;
+    }
+    if ($values['stopdate'] && time() > $values['stopdate']) {
+        $form->set_error('stopdate', get_string('stopdatecannotbeinpast', 'view'));
+    }
+    if ($values['startdate'] && $values['stopdate'] && $values['startdate'] > $values['stopdate']) {
+        $form->set_error('startdate', get_string('startdatemustbebeforestopdate', 'view'));
+    }
+}
+
+function editurl_submit(Pieform $form, $values) {
+    global $tokens, $view, $collection, $SESSION;
+
+    $viewid = $view->get('id');
+
+    if ($collection) {
+        $viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
+    }
+    else {
+        $viewids = array($viewid);
+    }
+
+    $access = (object) array(
+        'token'           => $values['token'],
+        'startdate'       => db_format_timestamp($values['startdate']),
+        'stopdate'        => db_format_timestamp($values['stopdate']),
+    );
+    if (!$view->get('allowcomments')) {
+        if ($access->allowcomments = (int) $values['allowcomments']) {
+            $access->approvecomments = (int) $values['approvecomments'];
+        }
+    }
+
+    $whereobject = (object) array('token' => $values['token']);
+
+    if (isset($tokens[$values['token']])) {
+        foreach ($viewids as $id) {
+            $access->view = $id;
+            $whereobject->view = $id;
+            update_record('view_access', $access, $whereobject);
+        }
+        $message = get_string('secreturlupdated', 'view');
+        $form->reply(PIEFORM_OK, $message);
+    }
+
+    $form->reply(PIEFORM_ERR, get_string('formerror'));
+}
+
+function deleteurl_submit(Pieform $form, $values) {
+    global $tokens, $view, $collection, $SESSION;
+
+    $viewid = $view->get('id');
+
+    if ($collection) {
+        $viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
+    }
+    else {
+        $viewids = array($viewid);
+    }
+
+    if (isset($tokens[$values['token']])) {
+        $select = 'token = ? AND view IN (' . join(',', $viewids) . ')';
+        delete_records_select('view_access', $select, array($values['token']));
+        $SESSION->add_ok_msg(get_string('secreturldeleted', 'view'));
+    }
+
+    redirect('/view/urls.php?id=' . $viewid);
+}
+
+function newurl_submit(Pieform $form, $values) {
+    global $view, $collection;
+
+    $viewid = $view->get('id');
+
+    if ($collection) {
+        $viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
+    }
+    else {
+        $viewids = array($viewid);
+    }
+
+    $access = View::new_token($viewids[0]);
+    for ($i = 1; $i < count($viewids); $i++) {
+        $access->view = $viewids[$i];
+        insert_record('view_access', $access);
+    }
+
+    redirect('/view/urls.php?id=' . $viewid);
+}
+
+$newform = pieform($newform);
+
+$js = <<<EOF
+\$j(function() {
+    \$j('.url-open-editform').click(function(e) {
+        e.preventDefault();
+        \$j('#' + this.id + '-form').toggleClass('js-hidden');
+    });
+});
+EOF;
+
+$smarty = smarty(
+    array('jquery'),
+    array(),
+    array(),
+    array('sidebars' => false)
+);
+$smarty->assign('PAGEHEADING', TITLE);
+$smarty->assign('INLINEJAVASCRIPT', $js);
+$smarty->assign('editurls', $editurls);
+$smarty->assign('newform', $newform);
+$smarty->display('view/urls.tpl');