Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_modules / articles [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
01 Aug 2002 01:38:52postnuke_modules/articlespnadmin.php,1.25,1.26 pnuserapi.php,1.30,1.31Mike
 more of this permission stuff later...

Update of /home/cvsroot/postnuke_modules/articles
In directory ns7.hostnuke.net:/tmp/cvs-serv8678

Modified Files:
	pnadmin.php pnuserapi.php 
Log Message:
more of this permission stuff later...


Index: pnadmin.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnadmin.php,v
retrieving revision 1.25
retrieving revision 1.26
diff -C2 -d -r1.25 -r1.26
*** pnadmin.php	31 Jul 2002 02:14:21 -0000	1.25
--- pnadmin.php	1 Aug 2002 01:38:50 -0000	1.26
***************
*** 29,34 ****
  function articles_admin_main()
  {
!     // Security check
!     if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) {
          $msg = pnML('Not authorized to access #(1) module administration',
                      'Articles');
--- 29,35 ----
  function articles_admin_main()
  {
!     // Security check : the user must at least be able to edit an item or class
!     if (!pnSecAuthAction(0, 'articles::classification', '::', ACCESS_EDIT) ||
!         !pnSecAuthAction(0, 'articles::item', '::', ACCESS_EDIT)) {
          $msg = pnML('Not authorized to access #(1) module administration',
                      'Articles');
***************
*** 53,58 ****
      }
  
      // Security check
!     if (!pnSecAuthAction(0, 'articles::item', '::', ACCESS_ADD)) {
          $output->Text('Not authorised to carry out that operation');
          return $output->GetOutput();
--- 54,71 ----
      }
  
+     // Load user API to obtain item information function
+     if (!pnModAPILoad('articles', 'user')) {
+         $msg = pnML('Unable to load #(1) user API',
+                     'Articles');
+         pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+                        new SystemException($msg));
+         return;
+     }
+ 
      // Security check
!     $input = array();
!     $input['ptid'] = $ptid;
!     $input['access'] = ACCESS_ADD;
!     if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
          $output->Text('Not authorised to carry out that operation');
          return $output->GetOutput();
***************
*** 305,309 ****
      }
  
!     if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) {
          $msg = pnML('Not authorized to view #(1) items',
                      'Articles');
--- 318,322 ----
      }
  
!     if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_EDIT)) {
          $msg = pnML('Not authorized to view #(1) items',
                      'Articles');
***************
*** 339,344 ****
              $item['title'] = $article['title'];
              $item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']);
!     
!             if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_EDIT)) {
                  $item['editurl'] = pnModURL('articles',
                                              'admin',
--- 352,361 ----
              $item['title'] = $article['title'];
              $item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']);
! 
!             // Security check
!             $input = array();
!             $input['article'] = $article;
!             $input['access'] = ACCESS_EDIT;
!             if (pnModAPIFunc('articles','user','checksecurity',$input)) {
                  $item['editurl'] = pnModURL('articles',
                                              'admin',
***************
*** 350,354 ****
              $item['edittitle'] = _EDIT;
  
!             if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_DELETE)) {
                  $item['deleteurl'] = pnModURL('articles',
                                                'admin',
--- 367,372 ----
              $item['edittitle'] = _EDIT;
  
!             $input['access'] = ACCESS_DELETE;
!             if (pnModAPIFunc('articles','user','checksecurity',$input)) {
                  $item['deleteurl'] = pnModURL('articles',
                                                'admin',
***************
*** 473,478 ****
      }
  */
      // Security check
!     if (!pnSecAuthAction(0, 'articles::Item', "$article[title]::$aid", ACCESS_EDIT)) {
          $msg = pnML('Not authorized to modify #(1) item #(2)',
                      'Article', pnVarPrepForDisplay($aid));
--- 491,509 ----
      }
  */
+ 
+     // Load user API to obtain item information function
+     if (!pnModAPILoad('articles', 'user')) {
+         $msg = pnML('Unable to load #(1) user API',
+                     'Articles');
+         pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+                        new SystemException($msg));
+         return;
+     }
+ 
      // Security check
!     $input = array();
!     $input['article'] = $article;
!     $input['access'] = ACCESS_EDIT;
!     if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
          $msg = pnML('Not authorized to modify #(1) item #(2)',
                      'Article', pnVarPrepForDisplay($aid));
***************
*** 566,578 ****
      $labels['update'] = pnVarPrepForDisplay(_ARTICLESUPDATE);
  
-     // Load user API to obtain item information function
-     if (!pnModAPILoad('articles', 'user')) {
-         $msg = pnML('Unable to load #(1) user API',
-                     'Articles');
-         pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
-                        new SystemException($msg));
-         return;
-     }
- 
      $pubtypes = pnModAPIFunc('articles','user','getpubtypes');
      $item['pubtype'] = $pubtypes[$ptid]['descr'];
--- 597,600 ----
***************
*** 612,618 ****
                                                'confirmation');
  
      // Security check
!     if (!pnSecAuthAction(0, 'articles::Item', "::$aid", ACCESS_DELETE)) {
!         pnSessionSetVar('errormsg', _NOAUTH);
          pnRedirect(pnModURL('articles', 'admin', 'view'));
          return false;
--- 634,652 ----
                                                'confirmation');
  
+     // Load user API to obtain item information function
+     if (!pnModAPILoad('articles', 'user')) {
+         $msg = pnML('Unable to load #(1) user API',
+                     'Articles');
+         pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+                        new SystemException($msg));
+         return;
+     }
+ 
      // Security check
!     $input = array();
!     $input['aid'] = $aid;
!     $input['access'] = ACCESS_DELETE;
!     if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
!         pnSessionSetVar('errormsg', _NOTAUTHORISED);
          pnRedirect(pnModURL('articles', 'admin', 'view'));
          return false;
***************
*** 680,685 ****
  function articles_admin_modifyconfig()
  {
      // Security check
!     if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_ADMIN)) {
          $msg = pnML('Not authorized to change #(1) module configuration',
                      'Articles');
--- 714,725 ----
  function articles_admin_modifyconfig()
  {
+     // Get parameters
+     $ptid = pnVarCleanFromInput('ptid');
+     if (!isset($ptid)) {
+         $ptid = '';
+     }
+ 
      // Security check
!     if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_ADMIN)) {
          $msg = pnML('Not authorized to change #(1) module configuration',
                      'Articles');
***************
*** 687,696 ****
                         new SystemException($msg));
          return;
-     }
- 
-     // Get parameters
-     $ptid = pnVarCleanFromInput('ptid');
-     if (!isset($ptid)) {
-         $ptid = '';
      }
  
--- 727,730 ----

Index: pnuserapi.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnuserapi.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** pnuserapi.php	1 Aug 2002 01:06:18 -0000	1.30
--- pnuserapi.php	1 Aug 2002 01:38:50 -0000	1.31
***************
*** 786,793 ****
          if (is_array($articlecids) && count($articlecids) > 0) {
              $article['cids'] = array_keys($articlecids);
-         } else {
-             $article['cids'] = array();
          }
!     } 
  
      if (!isset($cids)) {
--- 786,794 ----
          if (is_array($articlecids) && count($articlecids) > 0) {
              $article['cids'] = array_keys($articlecids);
          }
!     }
!     if (!isset($article['cids'])) {
!         $article['cids'] = array();
!     }
  
      if (!isset($cids)) {


Directory filter : [ all ] / postnuke_modules / articles [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3