[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 59ac822fcc8787e56825f5edcc43c37d88aeb40a
Stefan Hornburg
racke at rt.icdevgroup.org
Sun May 3 10:43:42 UTC 2009
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Interchange wellwell catalog".
The branch, master has been updated
via 59ac822fcc8787e56825f5edcc43c37d88aeb40a (commit)
from a6194eac1c0aefbe350deeefa7b04474307d9993 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 59ac822fcc8787e56825f5edcc43c37d88aeb40a
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date: Sun May 3 12:43:19 2009 +0200
check permissions before writing content to database
-----------------------------------------------------------------------
Summary of changes and diff:
plugins/content/code/form_content_edit_save.sub | 32 ++++++++++++++++++++--
1 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/plugins/content/code/form_content_edit_save.sub b/plugins/content/code/form_content_edit_save.sub
index 6e16f1d..385559f 100644
--- a/plugins/content/code/form_content_edit_save.sub
+++ b/plugins/content/code/form_content_edit_save.sub
@@ -3,6 +3,8 @@ sub {
# create new content
my (%content, $code);
+ $Tag->perl({tables => 'content'});
+
for (qw/title body uri/) {
$content{$_} = $CGI->{$_};
}
@@ -10,12 +12,36 @@ sub {
$content{type} = 'page';
# store timestamp
- unless ($CGI->{code}) {
+ if ($CGI->{code}) {
+ my @edit_perms;
+
+ $content{uid} = $Db{content}->field($CGI->{code}, 'uid');
+
+ unless ($content{uid}) {
+ return;
+ }
+
+ @edit_perms = 'edit_content';
+
+ if ($content->{uid} == $Session->{username}) {
+ push (@edit_perms, 'create_own_content');
+ }
+
+ unless ($Tag->acl('check', @edit_perms)) {
+ $Tag->error({name => 'content',
+ set => 'No permission to edit content'});
+ return {page => 'content/recent'};
+ }
+ }
+ else {
+ unless ($Tag->acl('check', 'create_content')) {
+ $Tag->error({name => 'content',
+ set => 'No permission to create content'});
+ return {page => 'content/recent'};
+ }
$content{created} = $Tag->time({format => '%s'});
}
- $Tag->perl({tables => 'content'});
-
$code = $Db{content}->set_slice($CGI->{code}, %content);
return {code => $code, page => 'content/recent'};
hooks/post-receive
--
Interchange wellwell catalog
More information about the wellwell-devel
mailing list