aboutsummaryrefslogtreecommitdiff
path: root/mod/pages
diff options
context:
space:
mode:
Diffstat (limited to 'mod/pages')
-rw-r--r--mod/pages/actions/pages/delete.php5
-rw-r--r--mod/pages/actions/pages/edit.php14
-rw-r--r--mod/pages/lib/pages.php6
-rw-r--r--mod/pages/pages/pages/history.php7
-rw-r--r--mod/pages/pages/pages/view.php4
-rw-r--r--mod/pages/views/default/forms/pages/edit.php15
-rw-r--r--mod/pages/views/default/object/page_top.php3
7 files changed, 43 insertions, 11 deletions
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..7a314a280 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
$guid = get_input('guid');
$page = get_entity($guid);
-if ($page) {
- if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+ // only allow owners and admin to delete
+ if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$container = get_entity($page->container_guid);
// Bring all child elements forward
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..a32e4a4ba 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -47,7 +47,19 @@ if ($page_guid) {
}
if (sizeof($input) > 0) {
+ // don't change access if not an owner/admin
+ $user = elgg_get_logged_in_user_entity();
+ $can_change_access = true;
+
+ if ($user && $page) {
+ $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+ }
+
foreach ($input as $name => $value) {
+ if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+ continue;
+ }
+
$page->$name = $value;
}
}
@@ -74,6 +86,6 @@ if ($page->save()) {
forward($page->getURL());
} else {
- register_error(elgg_echo('pages:error:no_save'));
+ register_error(elgg_echo('pages:error:notsaved'));
forward(REFERER);
}
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 5c5323d6f..3f27118a6 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -81,6 +81,10 @@ function pages_register_navigation_tree($container) {
'limit' => 0,
));
+ if (!$top_pages) {
+ return;
+ }
+
foreach ($top_pages as $page) {
elgg_register_menu_item('pages_nav', array(
'name' => $page->getGUID(),
@@ -111,4 +115,4 @@ function pages_register_navigation_tree($container) {
}
}
}
-}
+} \ No newline at end of file
diff --git a/mod/pages/pages/pages/history.php b/mod/pages/pages/pages/history.php
index a63b37a7a..872596179 100644
--- a/mod/pages/pages/pages/history.php
+++ b/mod/pages/pages/pages/history.php
@@ -30,7 +30,12 @@ elgg_push_breadcrumb(elgg_echo('pages:history'));
$title = $page->title . ": " . elgg_echo('pages:history');
-$content = list_annotations($page_guid, 'page', 20, false);
+$content = elgg_list_annotations(array(
+ 'guid' => $page_guid,
+ 'annotation_name' => 'page',
+ 'limit' => 20,
+ 'order_by' => "n_table.time_created desc"
+));
$body = elgg_view_layout('content', array(
'filter' => '',
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 5dfb76b55..6b9d03f49 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -8,6 +8,7 @@
$page_guid = get_input('guid');
$page = get_entity($page_guid);
if (!$page) {
+ register_error(elgg_echo('noaccess'));
forward();
}
@@ -32,7 +33,8 @@ elgg_push_breadcrumb($title);
$content = elgg_view_entity($page, array('full_view' => true));
$content .= elgg_view_comments($page);
-if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+// can add subpage if can edit this page and write to container (such as a group)
+if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) {
$url = "pages/add/$page->guid";
elgg_register_menu_item('title', array(
'name' => 'subpage',
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 20737a121..9469f5eb9 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -6,7 +6,18 @@
*/
$variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+ $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
foreach ($variables as $name => $type) {
+ // don't show read / write access inputs for non-owners or admin when editing
+ if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+ continue;
+ }
?>
<div>
<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -14,8 +25,8 @@ foreach ($variables as $name => $type) {
if ($type != 'longtext') {
echo '<br />';
}
- ?>
- <?php echo elgg_view("input/$type", array(
+
+ echo elgg_view("input/$type", array(
'name' => $name,
'value' => $vars[$name],
));
diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php
index e78289f28..945a22eed 100644
--- a/mod/pages/views/default/object/page_top.php
+++ b/mod/pages/views/default/object/page_top.php
@@ -45,7 +45,6 @@ $editor_link = elgg_view('output/url', array(
$date = elgg_view_friendly_time($annotation->time_created);
$editor_text = elgg_echo('pages:strapline', array($date, $editor_link));
-$tags = elgg_view('output/tags', array('tags' => $page->tags));
$categories = elgg_view('output/categories', $vars);
$comments_count = $page->countComments();
@@ -82,7 +81,6 @@ if ($full) {
'entity' => $page,
'metadata' => $metadata,
'subtitle' => $subtitle,
- 'tags' => $tags,
);
$params = $params + $vars;
$summary = elgg_view('object/elements/summary', $params);
@@ -104,7 +102,6 @@ if ($full) {
'entity' => $page,
'metadata' => $metadata,
'subtitle' => $subtitle,
- 'tags' => $tags,
'content' => $excerpt,
);
$params = $params + $vars;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 10:31:48 +0000