Archived
1
0

Add missing permission checks

This commit is contained in:
Marcel 2018-12-30 18:35:04 +01:00
parent d09ee2788d
commit 5652efc47e
4 changed files with 97 additions and 11 deletions

View File

@ -1,7 +1,7 @@
<?php <?php
defined('BASEPATH') OR exit('No direct script access allowed'); defined('BASEPATH') OR exit('No direct script access allowed');
class Blog extends CI_Controller class Blog extends MY_Controller
{ {
public function __construct() public function __construct()
@ -13,7 +13,7 @@ class Blog extends CI_Controller
public function index() public function index()
{ {
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) redirect(base_url('login')); $this->neededPermission('blog.view');
$posts = $this->BlogModel->getPostList(false); $posts = $this->BlogModel->getPostList(false);
$this->load->view('admin/sidebar', ['title' => 'Alle Blog-Posts']); $this->load->view('admin/sidebar', ['title' => 'Alle Blog-Posts']);
$this->load->view('admin/blog_posts', ['posts' => $posts]); $this->load->view('admin/blog_posts', ['posts' => $posts]);
@ -21,9 +21,7 @@ class Blog extends CI_Controller
} }
public function tags() { public function tags() {
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) { $this->neededPermission('blog.view');
redirect(base_url('login'));
}
$tags = $this->BlogModel->getAllTags(); $tags = $this->BlogModel->getAllTags();
$tags = $this->BlogModel->mergeTagInfo($tags); $tags = $this->BlogModel->mergeTagInfo($tags);
@ -296,9 +294,10 @@ class Blog extends CI_Controller
} }
$categories = $this->BlogModel->getCategories(); $categories = $this->BlogModel->getCategories();
$this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/medium-editor.min.css', 'lib/default.min.css', 'lib/medium-editor-insert-plugin.min.css']]); $this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/bootstrap-tagsinput.css', 'lib/bootstrap-tagsinput-typeahead.css']]);
$this->load->view('admin/blog_edit', ['categories' => $categories, 'postID' => $postID, 'contents' => $contents, 'translations' => $translations, 'postLanguage' => $lang]); $this->load->view('admin/blog_edit', ['categories' => $categories, 'postID' => $postID, 'contents' => $contents, 'translations' => $translations, 'postLanguage' => $lang]);
$this->load->view('admin/footer', ['additionalScripts' => ['lib/medium-editor.min.js', 'lib/handlebars.runtime-v4.0.10.js', 'lib/jquery-sortable.min.js', 'lib/jquery.ui.widget.js', 'lib/jquery.iframe-transport.js', 'lib/jquery.fileupload.js', 'lib/medium-editor-insert-plugin.min.js', 'lib/autolist.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]); $this->load->view('admin/footer', ['additionalScripts' => ['lib/typeahead.bundle.min.js', 'lib/bootstrap-tagsinput.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]);
} }
public function history($postID = NULL) public function history($postID = NULL)
@ -363,7 +362,91 @@ class Blog extends CI_Controller
header("Content-Type: application/json"); header("Content-Type: application/json");
exit; exit;
} }
echo json_encode($this->BlogModel->getAllTags()); $result = array_map(function($value) {
return $value['display_name'];
}, $this->BlogModel->getAllTags());
echo json_encode($result);
// echo json_encode($this->BlogModel->getAllTags());
header("Content-Type: application/json"); header("Content-Type: application/json");
} }
public function updatePreview() {
header('Content-Type: application/json');
if(!$this->hasPermission('blog.create')) {
echo json_encode(['success' => false, 'message' => 'Du hast nicht genügend Rechte, um die Vorschau anzusehen.']);
exit;
}
if(!isset($_POST['postTitle']) || !isset($_POST['postDesc']) || !isset($_POST['postContent'])) {
exit;
}
if(!isset($_POST['previewID'])) {
$previewID = substr(md5(uniqid() . date(time())), 0, 16);
} else {
$previewID = $_POST['previewID'];
}
$_SESSION['preview_' . $previewID] = [
'title' => $_POST['postTitle'],
'desc' => $_POST['postDesc'],
'content' => $_POST['postContent'],
];
echo json_encode(['success' => true, 'previewID' => $previewID, 'session' => $_SESSION['preview_' . $previewID]]);
}
public function getTemplates() {
header('Content-Type: application/json');
if(!$this->hasPermission('blog.create')) {
echo json_encode([]);
exit;
}
$templates = [
new Template('Verweis auf anderen Post', 'Verlinkungs-Karte für weiteren Blog-Post', 'post_reference'),
];
foreach ($templates as $template) {
$template->content = $this->load->view('admin/blog/templates/' . $template->content, '', true);
}
echo json_encode($templates);
}
public function preview() {
$this->neededPermission('blog.create');
$previewID = $_GET['id'];
if(!isset($_SESSION['preview_' . $previewID])) {
redirect('admin/blog');
}
$this->load->view('header', ['active' => 'blog', 'title' => 'Vorschau', 'additionalStyles' => ['posts_list.css', 'blog.css']]);
$this->load->view('blog/first', ['categoryPosts' => [], 'categories' => $this->BlogModel->getCategories()]);
$this->load->view('admin/blog_post_preview', $_SESSION['preview_' . $previewID]);
$this->load->view('footer', ['additionalScripts' => ['lib/prism.js', 'blog.js']]);
}
}
class Template {
public $title;
public $desc;
public $content;
/**
* Template constructor.
* @param $title
* @param $desc
* @param $content
*/
public function __construct($title, $desc, $content)
{
$this->title = $title;
$this->desc = $desc;
$this->content = $content;
}
} }

View File

@ -1,7 +1,7 @@
<?php <?php
defined('BASEPATH') OR exit('No direct script access allowed'); defined('BASEPATH') OR exit('No direct script access allowed');
class Calendar extends CI_Controller { class Calendar extends MY_Controller {
public function __construct() { public function __construct() {
parent::__construct(); parent::__construct();

View File

@ -1,7 +1,7 @@
<?php <?php
defined('BASEPATH') OR exit('No direct script access allowed'); defined('BASEPATH') OR exit('No direct script access allowed');
class Contact extends CI_Controller class Contact extends MY_Controller
{ {
public function __construct() public function __construct()

View File

@ -52,7 +52,9 @@ class Users extends MY_Controller
'viewDetails', 'viewDetails',
'changeRank', 'changeRank',
'editPermissions', 'editPermissions',
'editOwnRankMembers',
'ban', 'ban',
'warn',
'deletePost', 'deletePost',
], ],
'reports' => [ 'reports' => [
@ -68,6 +70,7 @@ class Users extends MY_Controller
], ],
'dashboard' => [ 'dashboard' => [
'view', 'view',
'detailView',
], ],
]; ];
} }