Add missing permission checks
This commit is contained in:
parent
d09ee2788d
commit
5652efc47e
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||||
|
|
||||||
class Blog extends CI_Controller
|
class Blog extends MY_Controller
|
||||||
{
|
{
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
|
@ -13,7 +13,7 @@ class Blog extends CI_Controller
|
||||||
|
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) redirect(base_url('login'));
|
$this->neededPermission('blog.view');
|
||||||
$posts = $this->BlogModel->getPostList(false);
|
$posts = $this->BlogModel->getPostList(false);
|
||||||
$this->load->view('admin/sidebar', ['title' => 'Alle Blog-Posts']);
|
$this->load->view('admin/sidebar', ['title' => 'Alle Blog-Posts']);
|
||||||
$this->load->view('admin/blog_posts', ['posts' => $posts]);
|
$this->load->view('admin/blog_posts', ['posts' => $posts]);
|
||||||
|
@ -21,9 +21,7 @@ class Blog extends CI_Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
public function tags() {
|
public function tags() {
|
||||||
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) {
|
$this->neededPermission('blog.view');
|
||||||
redirect(base_url('login'));
|
|
||||||
}
|
|
||||||
|
|
||||||
$tags = $this->BlogModel->getAllTags();
|
$tags = $this->BlogModel->getAllTags();
|
||||||
$tags = $this->BlogModel->mergeTagInfo($tags);
|
$tags = $this->BlogModel->mergeTagInfo($tags);
|
||||||
|
@ -296,9 +294,10 @@ class Blog extends CI_Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
$categories = $this->BlogModel->getCategories();
|
$categories = $this->BlogModel->getCategories();
|
||||||
$this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/medium-editor.min.css', 'lib/default.min.css', 'lib/medium-editor-insert-plugin.min.css']]);
|
$this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/bootstrap-tagsinput.css', 'lib/bootstrap-tagsinput-typeahead.css']]);
|
||||||
$this->load->view('admin/blog_edit', ['categories' => $categories, 'postID' => $postID, 'contents' => $contents, 'translations' => $translations, 'postLanguage' => $lang]);
|
$this->load->view('admin/blog_edit', ['categories' => $categories, 'postID' => $postID, 'contents' => $contents, 'translations' => $translations, 'postLanguage' => $lang]);
|
||||||
$this->load->view('admin/footer', ['additionalScripts' => ['lib/medium-editor.min.js', 'lib/handlebars.runtime-v4.0.10.js', 'lib/jquery-sortable.min.js', 'lib/jquery.ui.widget.js', 'lib/jquery.iframe-transport.js', 'lib/jquery.fileupload.js', 'lib/medium-editor-insert-plugin.min.js', 'lib/autolist.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]);
|
$this->load->view('admin/footer', ['additionalScripts' => ['lib/typeahead.bundle.min.js', 'lib/bootstrap-tagsinput.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function history($postID = NULL)
|
public function history($postID = NULL)
|
||||||
|
@ -363,7 +362,91 @@ class Blog extends CI_Controller
|
||||||
header("Content-Type: application/json");
|
header("Content-Type: application/json");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
echo json_encode($this->BlogModel->getAllTags());
|
$result = array_map(function($value) {
|
||||||
|
return $value['display_name'];
|
||||||
|
}, $this->BlogModel->getAllTags());
|
||||||
|
echo json_encode($result);
|
||||||
|
// echo json_encode($this->BlogModel->getAllTags());
|
||||||
header("Content-Type: application/json");
|
header("Content-Type: application/json");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function updatePreview() {
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
if(!$this->hasPermission('blog.create')) {
|
||||||
|
echo json_encode(['success' => false, 'message' => 'Du hast nicht genügend Rechte, um die Vorschau anzusehen.']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!isset($_POST['postTitle']) || !isset($_POST['postDesc']) || !isset($_POST['postContent'])) {
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!isset($_POST['previewID'])) {
|
||||||
|
$previewID = substr(md5(uniqid() . date(time())), 0, 16);
|
||||||
|
} else {
|
||||||
|
$previewID = $_POST['previewID'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$_SESSION['preview_' . $previewID] = [
|
||||||
|
'title' => $_POST['postTitle'],
|
||||||
|
'desc' => $_POST['postDesc'],
|
||||||
|
'content' => $_POST['postContent'],
|
||||||
|
];
|
||||||
|
|
||||||
|
echo json_encode(['success' => true, 'previewID' => $previewID, 'session' => $_SESSION['preview_' . $previewID]]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public function getTemplates() {
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
|
||||||
|
if(!$this->hasPermission('blog.create')) {
|
||||||
|
echo json_encode([]);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$templates = [
|
||||||
|
new Template('Verweis auf anderen Post', 'Verlinkungs-Karte für weiteren Blog-Post', 'post_reference'),
|
||||||
|
];
|
||||||
|
|
||||||
|
foreach ($templates as $template) {
|
||||||
|
$template->content = $this->load->view('admin/blog/templates/' . $template->content, '', true);
|
||||||
|
}
|
||||||
|
|
||||||
|
echo json_encode($templates);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function preview() {
|
||||||
|
$this->neededPermission('blog.create');
|
||||||
|
|
||||||
|
$previewID = $_GET['id'];
|
||||||
|
|
||||||
|
if(!isset($_SESSION['preview_' . $previewID])) {
|
||||||
|
redirect('admin/blog');
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->load->view('header', ['active' => 'blog', 'title' => 'Vorschau', 'additionalStyles' => ['posts_list.css', 'blog.css']]);
|
||||||
|
$this->load->view('blog/first', ['categoryPosts' => [], 'categories' => $this->BlogModel->getCategories()]);
|
||||||
|
$this->load->view('admin/blog_post_preview', $_SESSION['preview_' . $previewID]);
|
||||||
|
$this->load->view('footer', ['additionalScripts' => ['lib/prism.js', 'blog.js']]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Template {
|
||||||
|
public $title;
|
||||||
|
public $desc;
|
||||||
|
public $content;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Template constructor.
|
||||||
|
* @param $title
|
||||||
|
* @param $desc
|
||||||
|
* @param $content
|
||||||
|
*/
|
||||||
|
public function __construct($title, $desc, $content)
|
||||||
|
{
|
||||||
|
$this->title = $title;
|
||||||
|
$this->desc = $desc;
|
||||||
|
$this->content = $content;
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||||
|
|
||||||
class Calendar extends CI_Controller {
|
class Calendar extends MY_Controller {
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
parent::__construct();
|
parent::__construct();
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||||
|
|
||||||
class Contact extends CI_Controller
|
class Contact extends MY_Controller
|
||||||
{
|
{
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
|
|
|
@ -52,7 +52,9 @@ class Users extends MY_Controller
|
||||||
'viewDetails',
|
'viewDetails',
|
||||||
'changeRank',
|
'changeRank',
|
||||||
'editPermissions',
|
'editPermissions',
|
||||||
|
'editOwnRankMembers',
|
||||||
'ban',
|
'ban',
|
||||||
|
'warn',
|
||||||
'deletePost',
|
'deletePost',
|
||||||
],
|
],
|
||||||
'reports' => [
|
'reports' => [
|
||||||
|
@ -68,6 +70,7 @@ class Users extends MY_Controller
|
||||||
],
|
],
|
||||||
'dashboard' => [
|
'dashboard' => [
|
||||||
'view',
|
'view',
|
||||||
|
'detailView',
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue
Block a user