Add missing permission checks
This commit is contained in:
parent
d09ee2788d
commit
5652efc47e
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||
|
||||
class Blog extends CI_Controller
|
||||
class Blog extends MY_Controller
|
||||
{
|
||||
|
||||
public function __construct()
|
||||
|
@ -13,7 +13,7 @@ class Blog extends CI_Controller
|
|||
|
||||
public function index()
|
||||
{
|
||||
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) redirect(base_url('login'));
|
||||
$this->neededPermission('blog.view');
|
||||
$posts = $this->BlogModel->getPostList(false);
|
||||
$this->load->view('admin/sidebar', ['title' => 'Alle Blog-Posts']);
|
||||
$this->load->view('admin/blog_posts', ['posts' => $posts]);
|
||||
|
@ -21,9 +21,7 @@ class Blog extends CI_Controller
|
|||
}
|
||||
|
||||
public function tags() {
|
||||
if (!isset($_SESSION['user']) || empty($_SESSION['user']) || $_SESSION['user']['rank'] < 6) {
|
||||
redirect(base_url('login'));
|
||||
}
|
||||
$this->neededPermission('blog.view');
|
||||
|
||||
$tags = $this->BlogModel->getAllTags();
|
||||
$tags = $this->BlogModel->mergeTagInfo($tags);
|
||||
|
@ -296,9 +294,10 @@ class Blog extends CI_Controller
|
|||
}
|
||||
|
||||
$categories = $this->BlogModel->getCategories();
|
||||
$this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/medium-editor.min.css', 'lib/default.min.css', 'lib/medium-editor-insert-plugin.min.css']]);
|
||||
$this->load->view('admin/sidebar', ['title' => 'Blog-Post erstellen', 'additionalStyles' => ['lib/bootstrap-tagsinput.css', 'lib/bootstrap-tagsinput-typeahead.css']]);
|
||||
$this->load->view('admin/blog_edit', ['categories' => $categories, 'postID' => $postID, 'contents' => $contents, 'translations' => $translations, 'postLanguage' => $lang]);
|
||||
$this->load->view('admin/footer', ['additionalScripts' => ['lib/medium-editor.min.js', 'lib/handlebars.runtime-v4.0.10.js', 'lib/jquery-sortable.min.js', 'lib/jquery.ui.widget.js', 'lib/jquery.iframe-transport.js', 'lib/jquery.fileupload.js', 'lib/medium-editor-insert-plugin.min.js', 'lib/autolist.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]);
|
||||
$this->load->view('admin/footer', ['additionalScripts' => ['lib/typeahead.bundle.min.js', 'lib/bootstrap-tagsinput.min.js', 'lib/highlight.pack.js', 'lib/quill.min.js', 'blog-edit.js']]);
|
||||
|
||||
}
|
||||
|
||||
public function history($postID = NULL)
|
||||
|
@ -363,7 +362,91 @@ class Blog extends CI_Controller
|
|||
header("Content-Type: application/json");
|
||||
exit;
|
||||
}
|
||||
echo json_encode($this->BlogModel->getAllTags());
|
||||
$result = array_map(function($value) {
|
||||
return $value['display_name'];
|
||||
}, $this->BlogModel->getAllTags());
|
||||
echo json_encode($result);
|
||||
// echo json_encode($this->BlogModel->getAllTags());
|
||||
header("Content-Type: application/json");
|
||||
}
|
||||
|
||||
public function updatePreview() {
|
||||
header('Content-Type: application/json');
|
||||
if(!$this->hasPermission('blog.create')) {
|
||||
echo json_encode(['success' => false, 'message' => 'Du hast nicht genügend Rechte, um die Vorschau anzusehen.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!isset($_POST['postTitle']) || !isset($_POST['postDesc']) || !isset($_POST['postContent'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!isset($_POST['previewID'])) {
|
||||
$previewID = substr(md5(uniqid() . date(time())), 0, 16);
|
||||
} else {
|
||||
$previewID = $_POST['previewID'];
|
||||
}
|
||||
|
||||
$_SESSION['preview_' . $previewID] = [
|
||||
'title' => $_POST['postTitle'],
|
||||
'desc' => $_POST['postDesc'],
|
||||
'content' => $_POST['postContent'],
|
||||
];
|
||||
|
||||
echo json_encode(['success' => true, 'previewID' => $previewID, 'session' => $_SESSION['preview_' . $previewID]]);
|
||||
}
|
||||
|
||||
|
||||
public function getTemplates() {
|
||||
header('Content-Type: application/json');
|
||||
|
||||
if(!$this->hasPermission('blog.create')) {
|
||||
echo json_encode([]);
|
||||
exit;
|
||||
}
|
||||
|
||||
$templates = [
|
||||
new Template('Verweis auf anderen Post', 'Verlinkungs-Karte für weiteren Blog-Post', 'post_reference'),
|
||||
];
|
||||
|
||||
foreach ($templates as $template) {
|
||||
$template->content = $this->load->view('admin/blog/templates/' . $template->content, '', true);
|
||||
}
|
||||
|
||||
echo json_encode($templates);
|
||||
}
|
||||
|
||||
public function preview() {
|
||||
$this->neededPermission('blog.create');
|
||||
|
||||
$previewID = $_GET['id'];
|
||||
|
||||
if(!isset($_SESSION['preview_' . $previewID])) {
|
||||
redirect('admin/blog');
|
||||
}
|
||||
|
||||
$this->load->view('header', ['active' => 'blog', 'title' => 'Vorschau', 'additionalStyles' => ['posts_list.css', 'blog.css']]);
|
||||
$this->load->view('blog/first', ['categoryPosts' => [], 'categories' => $this->BlogModel->getCategories()]);
|
||||
$this->load->view('admin/blog_post_preview', $_SESSION['preview_' . $previewID]);
|
||||
$this->load->view('footer', ['additionalScripts' => ['lib/prism.js', 'blog.js']]);
|
||||
}
|
||||
}
|
||||
|
||||
class Template {
|
||||
public $title;
|
||||
public $desc;
|
||||
public $content;
|
||||
|
||||
/**
|
||||
* Template constructor.
|
||||
* @param $title
|
||||
* @param $desc
|
||||
* @param $content
|
||||
*/
|
||||
public function __construct($title, $desc, $content)
|
||||
{
|
||||
$this->title = $title;
|
||||
$this->desc = $desc;
|
||||
$this->content = $content;
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||
|
||||
class Calendar extends CI_Controller {
|
||||
class Calendar extends MY_Controller {
|
||||
|
||||
public function __construct() {
|
||||
parent::__construct();
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
defined('BASEPATH') OR exit('No direct script access allowed');
|
||||
|
||||
class Contact extends CI_Controller
|
||||
class Contact extends MY_Controller
|
||||
{
|
||||
|
||||
public function __construct()
|
||||
|
|
|
@ -52,7 +52,9 @@ class Users extends MY_Controller
|
|||
'viewDetails',
|
||||
'changeRank',
|
||||
'editPermissions',
|
||||
'editOwnRankMembers',
|
||||
'ban',
|
||||
'warn',
|
||||
'deletePost',
|
||||
],
|
||||
'reports' => [
|
||||
|
@ -68,6 +70,7 @@ class Users extends MY_Controller
|
|||
],
|
||||
'dashboard' => [
|
||||
'view',
|
||||
'detailView',
|
||||
],
|
||||
];
|
||||
}
|
||||
|
|
Reference in New Issue
Block a user