Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_modules / articles [ view in CVS ]
| Date | Directory [filter] | File(s) [view] | Author [filter] |
| 01 Aug 2002 01:38:52 | postnuke_modules/articles | pnadmin.php,1.25,1.26 pnuserapi.php,1.30,1.31 | Mike |
| more of this permission stuff later... | |||
Update of /home/cvsroot/postnuke_modules/articles
In directory ns7.hostnuke.net:/tmp/cvs-serv8678
Modified Files:
pnadmin.php pnuserapi.php
Log Message:
more of this permission stuff later...
Index: pnadmin.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnadmin.php,v
retrieving revision 1.25
retrieving revision 1.26
diff -C2 -d -r1.25 -r1.26
*** pnadmin.php 31 Jul 2002 02:14:21 -0000 1.25
--- pnadmin.php 1 Aug 2002 01:38:50 -0000 1.26
***************
*** 29,34 ****
function articles_admin_main()
{
! // Security check
! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) {
$msg = pnML('Not authorized to access #(1) module administration',
'Articles');
--- 29,35 ----
function articles_admin_main()
{
! // Security check : the user must at least be able to edit an item or class
! if (!pnSecAuthAction(0, 'articles::classification', '::', ACCESS_EDIT) ||
! !pnSecAuthAction(0, 'articles::item', '::', ACCESS_EDIT)) {
$msg = pnML('Not authorized to access #(1) module administration',
'Articles');
***************
*** 53,58 ****
}
// Security check
! if (!pnSecAuthAction(0, 'articles::item', '::', ACCESS_ADD)) {
$output->Text('Not authorised to carry out that operation');
return $output->GetOutput();
--- 54,71 ----
}
+ // Load user API to obtain item information function
+ if (!pnModAPILoad('articles', 'user')) {
+ $msg = pnML('Unable to load #(1) user API',
+ 'Articles');
+ pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+ new SystemException($msg));
+ return;
+ }
+
// Security check
! $input = array();
! $input['ptid'] = $ptid;
! $input['access'] = ACCESS_ADD;
! if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
$output->Text('Not authorised to carry out that operation');
return $output->GetOutput();
***************
*** 305,309 ****
}
! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) {
$msg = pnML('Not authorized to view #(1) items',
'Articles');
--- 318,322 ----
}
! if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_EDIT)) {
$msg = pnML('Not authorized to view #(1) items',
'Articles');
***************
*** 339,344 ****
$item['title'] = $article['title'];
$item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']);
!
! if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_EDIT)) {
$item['editurl'] = pnModURL('articles',
'admin',
--- 352,361 ----
$item['title'] = $article['title'];
$item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']);
!
! // Security check
! $input = array();
! $input['article'] = $article;
! $input['access'] = ACCESS_EDIT;
! if (pnModAPIFunc('articles','user','checksecurity',$input)) {
$item['editurl'] = pnModURL('articles',
'admin',
***************
*** 350,354 ****
$item['edittitle'] = _EDIT;
! if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_DELETE)) {
$item['deleteurl'] = pnModURL('articles',
'admin',
--- 367,372 ----
$item['edittitle'] = _EDIT;
! $input['access'] = ACCESS_DELETE;
! if (pnModAPIFunc('articles','user','checksecurity',$input)) {
$item['deleteurl'] = pnModURL('articles',
'admin',
***************
*** 473,478 ****
}
*/
// Security check
! if (!pnSecAuthAction(0, 'articles::Item', "$article[title]::$aid", ACCESS_EDIT)) {
$msg = pnML('Not authorized to modify #(1) item #(2)',
'Article', pnVarPrepForDisplay($aid));
--- 491,509 ----
}
*/
+
+ // Load user API to obtain item information function
+ if (!pnModAPILoad('articles', 'user')) {
+ $msg = pnML('Unable to load #(1) user API',
+ 'Articles');
+ pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+ new SystemException($msg));
+ return;
+ }
+
// Security check
! $input = array();
! $input['article'] = $article;
! $input['access'] = ACCESS_EDIT;
! if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
$msg = pnML('Not authorized to modify #(1) item #(2)',
'Article', pnVarPrepForDisplay($aid));
***************
*** 566,578 ****
$labels['update'] = pnVarPrepForDisplay(_ARTICLESUPDATE);
- // Load user API to obtain item information function
- if (!pnModAPILoad('articles', 'user')) {
- $msg = pnML('Unable to load #(1) user API',
- 'Articles');
- pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
- new SystemException($msg));
- return;
- }
-
$pubtypes = pnModAPIFunc('articles','user','getpubtypes');
$item['pubtype'] = $pubtypes[$ptid]['descr'];
--- 597,600 ----
***************
*** 612,618 ****
'confirmation');
// Security check
! if (!pnSecAuthAction(0, 'articles::Item', "::$aid", ACCESS_DELETE)) {
! pnSessionSetVar('errormsg', _NOAUTH);
pnRedirect(pnModURL('articles', 'admin', 'view'));
return false;
--- 634,652 ----
'confirmation');
+ // Load user API to obtain item information function
+ if (!pnModAPILoad('articles', 'user')) {
+ $msg = pnML('Unable to load #(1) user API',
+ 'Articles');
+ pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION',
+ new SystemException($msg));
+ return;
+ }
+
// Security check
! $input = array();
! $input['aid'] = $aid;
! $input['access'] = ACCESS_DELETE;
! if (!pnModAPIFunc('articles','user','checksecurity',$input)) {
! pnSessionSetVar('errormsg', _NOTAUTHORISED);
pnRedirect(pnModURL('articles', 'admin', 'view'));
return false;
***************
*** 680,685 ****
function articles_admin_modifyconfig()
{
// Security check
! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_ADMIN)) {
$msg = pnML('Not authorized to change #(1) module configuration',
'Articles');
--- 714,725 ----
function articles_admin_modifyconfig()
{
+ // Get parameters
+ $ptid = pnVarCleanFromInput('ptid');
+ if (!isset($ptid)) {
+ $ptid = '';
+ }
+
// Security check
! if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_ADMIN)) {
$msg = pnML('Not authorized to change #(1) module configuration',
'Articles');
***************
*** 687,696 ****
new SystemException($msg));
return;
- }
-
- // Get parameters
- $ptid = pnVarCleanFromInput('ptid');
- if (!isset($ptid)) {
- $ptid = '';
}
--- 727,730 ----
Index: pnuserapi.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnuserapi.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** pnuserapi.php 1 Aug 2002 01:06:18 -0000 1.30
--- pnuserapi.php 1 Aug 2002 01:38:50 -0000 1.31
***************
*** 786,793 ****
if (is_array($articlecids) && count($articlecids) > 0) {
$article['cids'] = array_keys($articlecids);
- } else {
- $article['cids'] = array();
}
! }
if (!isset($cids)) {
--- 786,794 ----
if (is_array($articlecids) && count($articlecids) > 0) {
$article['cids'] = array_keys($articlecids);
}
! }
! if (!isset($article['cids'])) {
! $article['cids'] = array();
! }
if (!isset($cids)) {
View Statistics - Next Notice - Previous Notice
| Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |