summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/blog/edcom.php2
-rw-r--r--lib/blog/index.php4
-rw-r--r--lib/conf/apps.php63
-rw-r--r--lib/file/delete.php2
-rw-r--r--lib/file/delfld.php2
-rw-r--r--lib/notes/delete.php2
-rw-r--r--lib/notes/edit.php2
-rw-r--r--lib/notes/move.php2
-rw-r--r--lib/notes/view.php2
-rw-r--r--lib/static/home.md4
10 files changed, 45 insertions, 40 deletions
diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php
index 2b96ff9..ca8fd7e 100644
--- a/lib/blog/edcom.php
+++ b/lib/blog/edcom.php
@@ -9,7 +9,7 @@ $com = mysql_fetch_assoc(sql(
"SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ".
"FROM blog_comments WHERE id = $comid"
));
-assert_error($com && $com['owner'] == $user['id'],
+assert_error($com && ($com['owner'] == $user['id'] || $user['priv'] >= $priv_mod),
"This comment does not exist, or you are not allowed to edit it.");
$com_text = $com['text'];
diff --git a/lib/blog/index.php b/lib/blog/index.php
index 08aa630..99c7bbe 100644
--- a/lib/blog/index.php
+++ b/lib/blog/index.php
@@ -39,7 +39,7 @@ function count_in($fat, $v, $d) {
}
$q =
- "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+ "SELECT blog_posts.id AS id, blog_posts.title AS title, DATE_fORMAT(blog_posts.date, '%Y-%m-%d') AS date, ".
"UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ".
"DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
"blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ', ') AS tags, ".
@@ -70,7 +70,7 @@ while ($pp = mysql_fetch_assoc($n)) {
count_in('date', str_replace('-', '_', $pp['month']), $pp['month']);
}
-$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_post = (($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0));
$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
diff --git a/lib/conf/apps.php b/lib/conf/apps.php
index 524da45..e0c1dfe 100644
--- a/lib/conf/apps.php
+++ b/lib/conf/apps.php
@@ -2,53 +2,58 @@
$homepage = "view-static-home";
+$priv_guest = 0;
+$priv_user = 1;
+$priv_auth = 2;
+$priv_mod = 3;
+$priv_admin = 4;
+
$apps = array(
"static" => array(
- "view" => 0,
+ "view" => $priv_guest,
),
// File upload application
"file" => array(
- "index" => 1,
- "delete" => 1,
- "editinfo" => 1,
- "upload" => 0,
- "folder" => 0,
- "newfld" => 1,
- "editfld" => 1,
- "delfld" => 1,
+ "index" => $priv_guest,
+ "delete" => $priv_user,
+ "editinfo" => $priv_user,
+ "upload" => $priv_user,
+ "folder" => $priv_guest,
+ "newfld" => $priv_user,
+ "editfld" => $priv_user,
+ "delfld" => $priv_user,
),
// Account application
"account" => array(
- "new" => 0,
- "list" => 0,
+ "new" => $priv_guest,
+ "list" => $priv_guest,
),
// Notebook application
"notes" => array(
- //"index" => 0,
- "user" => 0,
- "view" => 0,
- "new" => 1,
- "edit" => 1,
- "delete" => 1,
- "move" => 1,
- "source" => 0,
+ "user" => $priv_guest,
+ "view" => $priv_guest,
+ "new" => $priv_user,
+ "edit" => $priv_user,
+ "delete" => $priv_user,
+ "move" => $priv_user,
+ "source" => $priv_guest,
),
// Blogging application
"blog" => array(
- "index" => 0,
- "view" => 0,
- "drafts" => 2,
- "publish" => 2,
- "post" => 2,
- "edit" => 2,
- "delete" => 2,
- "comment" => 1,
- "edcom" => 1,
- "delcom" => 2,
+ "index" => $priv_guest,
+ "view" => $priv_guest,
+ "drafts" => $priv_auth,
+ "publish" => $priv_auth,
+ "post" => $priv_auth,
+ "edit" => $priv_auth,
+ "delete" => $priv_auth,
+ "comment" => $priv_user,
+ "edcom" => $priv_user,
+ "delcom" => $priv_mod,
),
diff --git a/lib/file/delete.php b/lib/file/delete.php
index 1a65058..296b560 100644
--- a/lib/file/delete.php
+++ b/lib/file/delete.php
@@ -9,7 +9,7 @@ $id = intval($args[2]);
$info = mysql_fetch_assoc(sql("SELECT * FROM files WHERE id = $id"));
-if ($info["owner"] == $user["id"]) {
+if ($info["owner"] == $user["id"] || $user['priv'] >= $priv_admin) {
token_validate("Do you really want to delete this file ?", "file");
if (has_mini($info["extension"])) unlink($savedir . $id . "-min." . $info["extension"]);
unlink($savedir . $id . "." . $info["extension"]);
diff --git a/lib/file/delfld.php b/lib/file/delfld.php
index c1cacf0..9a2bf1f 100644
--- a/lib/file/delfld.php
+++ b/lib/file/delfld.php
@@ -7,7 +7,7 @@ $fld = mysql_fetch_assoc(sql(
"SELECT id, name, comment, public, owner ".
"FROM folders WHERE id = $fldid"
));
-assert_error($fld && $fld['owner'] == $user['id'],
+assert_error($fld && ($fld['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This folder does not exist, or you are not allowed to edit it.");
token_validate("Do you really want to delete this folder ?", "folder-file-$fldid");
diff --git a/lib/notes/delete.php b/lib/notes/delete.php
index e8ef31e..43dbf44 100644
--- a/lib/notes/delete.php
+++ b/lib/notes/delete.php
@@ -4,7 +4,7 @@ assert_redir(count($args) >= 3, 'notes');
$noteid = intval($args[2]);
$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid"));
-assert_error($note && $note['owner'] == $user['id'],
+assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to delete it.");
token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid");
diff --git a/lib/notes/edit.php b/lib/notes/edit.php
index 17f1573..ec479b0 100644
--- a/lib/notes/edit.php
+++ b/lib/notes/edit.php
@@ -11,7 +11,7 @@ $note = mysql_fetch_assoc(sql(
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
));
-assert_error($note && $note['owner'] == $user['id'],
+assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to edit it.");
$note_title = $note['title'];
diff --git a/lib/notes/move.php b/lib/notes/move.php
index c3439d7..d51b4ad 100644
--- a/lib/notes/move.php
+++ b/lib/notes/move.php
@@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql(
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
));
-assert_error($note && $note['owner'] == $user['id'],
+assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to move it.");
if (count($args) == 4) {
diff --git a/lib/notes/view.php b/lib/notes/view.php
index f81b6d7..a6a014c 100644
--- a/lib/notes/view.php
+++ b/lib/notes/view.php
@@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql(
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
));
-assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
+assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to see it.");
$can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']);
diff --git a/lib/static/home.md b/lib/static/home.md
index ef6f589..e291e72 100644
--- a/lib/static/home.md
+++ b/lib/static/home.md
@@ -16,7 +16,7 @@ Cursus
: Conservatoire (dans ma jeunesse)
Contact
-: `alex [chez] adnab.me`, `alex.auvolat [chez] ens.fr`
+: `alex [chez] adnab.me`, ou bien `alex.auvolat [chez] ens.fr`
Intérêts en informatique
: Systèmes d'exploitations originaux
@@ -26,7 +26,7 @@ Intérêts en informatique
Intérêts en dehors de l'informatique
: Musique
: Japonais
-: Cuisine
+: Faire à manger
: Philosophie, philosophie des sciences, philosophie politique
Compétences remarquables