Commit b4cf6ab1 authored by Richard Mansfield's avatar Richard Mansfield

Add separate page for secret url management

Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 40d14781
......@@ -96,8 +96,16 @@ $string['groups'] = 'Groups';
$string['users'] = 'Users';
$string['tutors'] = 'tutors';
$string['everyoneingroup'] = 'Everyone in Group';
// secret url
$string['token'] = 'Secret URL';
$string['showfullurl'] = 'Show full URL';
$string['editsecreturlaccess'] = 'Edit secret URL access';
$string['newsecreturl'] = 'New Secret URL';
$string['reallydeletesecreturl'] = 'Are you sure you want to delete this url?';
$string['secreturldeleted'] = 'Your secret URL was deleted.';
$string['secreturlupdated'] = 'Secret URL updated';
$string['generatesecreturl'] = 'Generate a new secret URL for %s';
$string['secreturls'] = 'Secret URLs';
// view user
$string['inviteusertojoingroup'] = 'Invite this user to join a group';
......
......@@ -317,8 +317,24 @@ class Collection {
}
$viewids = get_column('collection_view', 'view', 'collection', $this->id);
// Set the most permissive access records on all views
View::combine_access($viewids, true);
// Copy the whole view config from the first view to all the others
if (count($viewids)) {
$firstview = new View($viewids[0]);
$viewconfig = array(
'startdate' => $firstview->get('startdate'),
'stopdate' => $firstview->get('stopdate'),
'template' => $firstview->get('template'),
'allowcomments' => $firstview->get('allowcomments'),
'approvecomments' => (int) ($firstview->get('allowcomments') && $firstview->get('approvecomments')),
'accesslist' => $firstview->get_access(),
);
View::update_view_access($viewconfig, $viewids);
}
db_commit();
return $count;
......
......@@ -38,6 +38,9 @@ function pieform_element_image(Pieform $form, $element) {/*{{{*/
if (!isset($element['value'])) {
$element['value'] = true;
}
if (isset($element['confirm'])) {
$element['onclick'] = 'return confirm(' . json_encode($element['confirm']) . ');';
}
return '<input type="image" src="' . Pieform::hsc($element['src']) . '"'
. $form->element_attributes($element)
. ' value="' . Pieform::hsc($form->get_value($element)) . '">';
......
......@@ -721,6 +721,7 @@ class View {
delete_records_select('view_access', $select, array($this->id));
// View access
$accessdata_added = array();
if ($accessdata) {
/*
* There should be a cleaner way to do this
......@@ -733,7 +734,6 @@ class View {
* - If view allows comments, access record comment permissions, don't apply, so reset them.
* @todo: merge overlapping date ranges.
*/
$accessdata_added = array();
$time = time();
foreach ($accessdata as $item) {
......@@ -818,17 +818,15 @@ class View {
}
/**
* Synchronise access records across a set of views
* Apply all the access rules among a set of views to every view in
* the set.
*/
public static function combine_access($viewids, $synctokens = false) {
public static function combine_access($viewids) {
if (empty($viewids)) {
return;
}
$select = 'view IN (' . join(',', array_map('intval', $viewids)) . ') AND visible = 1';
if (!$synctokens) { // Leave secret URL records alone
$select .= ' AND token IS NULL';
}
if (!$access = get_records_select_array('view_access', $select)) {
return;
......@@ -876,10 +874,26 @@ class View {
return;
}
$firstviewaccess = get_records_select_array(
'view_access',
'view = ? AND visible = 1 AND token IS NULL',
array($this->id)
);
db_begin();
delete_records_select('view_access', 'view IN (' . join(',', $toupdate) . ') AND visible = 1');
$toupdate[] = $this->id;
View::combine_access($toupdate);
delete_records_select(
'view_access',
'view IN (' . join(',', $toupdate) . ') AND visible = 1 AND token IS NULL'
);
if ($firstviewaccess) {
foreach ($toupdate as $id) {
foreach ($firstviewaccess as &$a) {
$a->view = $id;
insert_record('view_access', $a);
}
}
}
db_commit();
}
......
......@@ -1674,11 +1674,10 @@ table.attachments td {
.accesslists .cv-listitem {
width: 100%;
}
.accesslists .cv-name {
width: 75%;
}
.accesslists .secreturl {
width: 25%;
/* Secret url */
.secreturls .buttons form,
.secreturls .buttons form div {
display: inline;
}
/* View access */
......
......@@ -8,7 +8,7 @@
<th colspan=2>{str tag=accesslist section=view}</th>
<th>
<span class="fl">{str tag=Views section=view} &amp; {str tag=collections section=collection}</span>
<span class="secreturl fr">{str tag=token section=view}</span>
<span class="fr">{str tag=secreturls section=view}</span>
</th>
</tr>
</thead>
......@@ -36,9 +36,7 @@
<a href="{$WWWROOT}group/view.php?id={$accessgroup.id}">{$accessgroup.name}</a>{if $accessgroup.role} ({$accessgroup.roledisplay}){/if}
{elseif $accessgroup.accesstype == 'user'}
<a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name|escape}</a>
{elseif $accessgroup.accesstype == 'secreturl'}
{str tag="token" section="view"} <a href="" title="{str tag=showfullurl section=view}" class="secreturl">{$accessgroup.token|str_shorten_text:9:true}</a>
{/if}
{/if}
{if $accessgroup.startdate}
{if $accessgroup.stopdate}
{$accessgroup.startdate|strtotime|format_date:'strfdaymonthyearshort'}&rarr;{$accessgroup.stopdate|strtotime|format_date:'strfdaymonthyearshort'}
......@@ -48,9 +46,6 @@
{elseif $accessgroup.stopdate}
{str tag=before} {$accessgroup.stopdate|strtotime|format_date:'strfdaymonthyearshort'}
{/if}
{if $accessgroup.accesstype == 'secreturl'}
<div class="expandurl hidden">{$WWWROOT}view/view.php?t={$accessgroup.token}</div>
{/if}
</div>
{/foreach}
{if $view.template}<div>{str tag=thisviewmaybecopied section=view}</div>{/if}
......@@ -61,27 +56,23 @@
{if $accesslist.views}
{foreach from=$accesslist.views item=view name=v}
<div class="cv-listitem">
<div class="fl cv-name">
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.name|str_shorten_text:60:true}</a>
<div class="fr">
{count($view.secreturls)} &nbsp; <a class="btn-access" title="{str tag=editsecreturlaccess section=view}" href="{$WWWROOT}view/urls.php?id={$view.id}"></a>
</div>
<div class="fl secreturl">
{foreach from=$view.secreturls item=url}
<div><a href="">{$url.token|str_shorten_text:9:true}</a></div>
{/foreach}
<div>
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.name|str_shorten_text:60:true}</a>
</div>
</div>
{/foreach}
{/if}
{if $accesslist.collections}
{foreach from=$accesslist.collections item=collection name=c}
<div class="cv-listitem">
<div class="fl cv-name">
<a href="{$WWWROOT}view/view.php?id={$collection.viewid}">{$collection.name|str_shorten_text:60:true}</a>
<div class="cb cv-listitem">
<div class="fr">
{count($collection.secreturls)} &nbsp; <a class="btn-access" title="{str tag=editsecreturlaccess section=view}" href="{$WWWROOT}view/urls.php?id={$collection.viewid}"></a>
</div>
<div class="fl secreturl">
{foreach from=$collection.secreturls item=url}
<div><a href="">{$url.token|str_shorten_text:9:true}</a></div>
{/foreach}
<div>
<a href="{$WWWROOT}view/view.php?id={$collection.viewid}">{$collection.name|str_shorten_text:60:true}</a>
</div>
</div>
{/foreach}
......
{include file="header.tpl"}
{if $editurls}
<table class="secreturls">
<tbody>
{foreach from=$editurls item=item name=urls}
<tr class="{cycle values='r0,r1' advance=false}">
<td><strong>{$item.url}</strong></td>
<td class="buttons">
<a id="edit-{$item.id}" class="url-open-editform nojs-hidden-inline" title="{str tag=edit}" href="">
<img src="{theme_url filename="images/edit.gif"}">
</a>
{$item.deleteform|safe}
</td>
</tr>
<tr class="{cycle} url-editform js-hidden" id="edit-{$item.id}-form">
<td colspan=2>{$item.editform|safe}</td>
</tr>
{/foreach}
</tbody>
</table>
{/if}
{$newform|safe}
{include file="footer.tpl"}
......@@ -33,20 +33,7 @@ define('MENUITEM', 'myportfolio/share');
$accesslists = View::get_accesslists($USER->get('id'));
$js = <<<EOF
addLoadEvent(function () {
forEach(getElementsByTagAndClassName('a', 'secreturl', null), function (elem) {
connect(elem, 'onclick', function(e) {
e.stop();
var displayelem = getFirstElementByTagAndClassName(null, 'expandurl', getFirstParentByTagAndClassName(elem, null, 'accesslistitem'));
toggleElementClass('hidden', displayelem);
});
});
});
EOF;
$smarty = smarty();
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('accesslists', $accesslists);
$smarty->display('view/share.tpl');
<?php
/**
* Mahara: Electronic portfolio, weblog, resume builder and social networking
* Copyright (C) 2006-2009 Catalyst IT Ltd and others; see:
* http://wiki.mahara.org/Contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'view');
define('SECTION_PAGE', 'urls');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('pieforms/pieform/elements/calendar.php');
require_once(get_config('libroot') . 'view.php');
require_once(get_config('libroot') . 'collection.php');
$view = new View(param_integer('id'));
$collection = $view->get_collection();
$title = $collection ? $collection->get('name') : $view->get('title');
define('TITLE', get_string('secreturls', 'view') . ': ' . $title);
$group = $view->get('group');
$institution = $view->get('institution');
if ($group || $institution) {
View::set_nav($group, $institution);
}
else {
define('MENUITEM', 'myportfolio/share');
}
if (!$USER->can_edit_view($view)) {
throw new AccessDeniedException();
}
$newform = array(
'name' => 'newurl',
'elements' => array(
'submit' => array(
'title' => get_string('newsecreturl', 'view'),
'description' => get_string('generatesecreturl', 'view', hsc($title)),
'type' => 'submit',
'value' => get_string('add'),
),
),
);
$editurls = array();
$allowcomments = $view->get('allowcomments');
$records = get_records_select_array(
'view_access',
'view = ? AND visible = 1 AND NOT token IS NULL',
array($view->get('id')),
'token'
);
if (!$records) {
$records = array();
}
$tokens = array();
for ($i = 0; $i < count($records); $i++) {
$r =& $records[$i];
$tokens[$r->token] = $r->token;
$elements = array(
'token' => array(
'type' => 'hidden',
'value' => $r->token,
),
'startdate' => array(
'type' => 'calendar',
'title' => get_string('From') . ':',
'defaultvalue' => !empty($r->startdate) ? strtotime($r->startdate) : null,
'caloptions' => array(
'showsTime' => true,
'ifFormat' => get_string('strftimedatetimeshort'),
),
),
'stopdate' => array(
'type' => 'calendar',
'title' => get_string('To') . ':',
'defaultvalue' => !empty($r->stopdate) ? strtotime($r->stopdate) : null,
'caloptions' => array(
'showsTime' => true,
'ifFormat' => get_string('strftimedatetimeshort'),
),
),
);
if (!$allowcomments) {
$elements['allowcomments'] = array(
'type' => 'checkbox',
'title' => get_string('allowcomments', 'artefact.comment'),
'defaultvalue' => $r->allowcomments,
);
$elements['approvecomments'] = array(
'type' => 'checkbox',
'title' => get_string('moderatecomments', 'artefact.comment'),
'defaultvalue' => $r->approvecomments,
);
}
$elements['submit'] = array(
'type' => 'submit',
'value' => get_string('save'),
);
$editurls[$i] = array(
'id' => $i,
'url' => get_config('wwwroot') . 'view/view.php?t=' . $r->token,
'editform' => pieform(array(
'name' => 'editurl_' . $i,
'successcallback' => 'editurl_submit',
'validatecallback' => 'editurl_validate',
'jsform' => true,
'elements' => $elements,
)),
'deleteform' => pieform(array(
'name' => 'deleteurl_' . $i,
'successcallback' => 'deleteurl_submit',
'renderer' => 'oneline',
'elements' => array(
'token' => array(
'type' => 'hidden',
'value' => $r->token,
),
'submit' => array(
'type' => 'image',
'src' => $THEME->get_url('images/icon_close.gif'),
'elementtitle' => get_string('delete'),
'confirm' => get_string('reallydeletesecreturl', 'view'),
),
),
)),
);
}
function editurl_validate(Pieform $form, $values) {
if (empty($values['startdate'])) {
$values['startdate'] = null;
}
if (empty($values['stopdate'])) {
$values['stopdate'] = null;
}
if ($values['stopdate'] && time() > $values['stopdate']) {
$form->set_error('stopdate', get_string('stopdatecannotbeinpast', 'view'));
}
if ($values['startdate'] && $values['stopdate'] && $values['startdate'] > $values['stopdate']) {
$form->set_error('startdate', get_string('startdatemustbebeforestopdate', 'view'));
}
}
function editurl_submit(Pieform $form, $values) {
global $tokens, $view, $collection, $SESSION;
$viewid = $view->get('id');
if ($collection) {
$viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
}
else {
$viewids = array($viewid);
}
$access = (object) array(
'token' => $values['token'],
'startdate' => db_format_timestamp($values['startdate']),
'stopdate' => db_format_timestamp($values['stopdate']),
);
if (!$view->get('allowcomments')) {
if ($access->allowcomments = (int) $values['allowcomments']) {
$access->approvecomments = (int) $values['approvecomments'];
}
}
$whereobject = (object) array('token' => $values['token']);
if (isset($tokens[$values['token']])) {
foreach ($viewids as $id) {
$access->view = $id;
$whereobject->view = $id;
update_record('view_access', $access, $whereobject);
}
$message = get_string('secreturlupdated', 'view');
$form->reply(PIEFORM_OK, $message);
}
$form->reply(PIEFORM_ERR, get_string('formerror'));
}
function deleteurl_submit(Pieform $form, $values) {
global $tokens, $view, $collection, $SESSION;
$viewid = $view->get('id');
if ($collection) {
$viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
}
else {
$viewids = array($viewid);
}
if (isset($tokens[$values['token']])) {
$select = 'token = ? AND view IN (' . join(',', $viewids) . ')';
delete_records_select('view_access', $select, array($values['token']));
$SESSION->add_ok_msg(get_string('secreturldeleted', 'view'));
}
redirect('/view/urls.php?id=' . $viewid);
}
function newurl_submit(Pieform $form, $values) {
global $view, $collection;
$viewid = $view->get('id');
if ($collection) {
$viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
}
else {
$viewids = array($viewid);
}
$access = View::new_token($viewids[0]);
for ($i = 1; $i < count($viewids); $i++) {
$access->view = $viewids[$i];
insert_record('view_access', $access);
}
redirect('/view/urls.php?id=' . $viewid);
}
$newform = pieform($newform);
$js = <<<EOF
\$j(function() {
\$j('.url-open-editform').click(function(e) {
e.preventDefault();
\$j('#' + this.id + '-form').toggleClass('js-hidden');
});
});
EOF;
$smarty = smarty(
array('jquery'),
array(),
array(),
array('sidebars' => false)
);
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('editurls', $editurls);
$smarty->assign('newform', $newform);
$smarty->display('view/urls.tpl');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment