From 77048675abf5fad43e8b5371c35e1c86b3be59c2 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Jan 2014 19:08:03 +0100 Subject: Privilege changes --- lib/blog/edcom.php | 2 +- lib/blog/index.php | 4 ++-- lib/conf/apps.php | 63 ++++++++++++++++++++++++++++------------------------ lib/file/delete.php | 2 +- lib/file/delfld.php | 2 +- lib/notes/delete.php | 2 +- lib/notes/edit.php | 2 +- lib/notes/move.php | 2 +- lib/notes/view.php | 2 +- lib/static/home.md | 4 ++-- tpl/blog/index.php | 7 ++++-- 11 files changed, 50 insertions(+), 42 deletions(-) diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php index 2b96ff9..ca8fd7e 100644 --- a/lib/blog/edcom.php +++ b/lib/blog/edcom.php @@ -9,7 +9,7 @@ $com = mysql_fetch_assoc(sql( "SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ". "FROM blog_comments WHERE id = $comid" )); -assert_error($com && $com['owner'] == $user['id'], +assert_error($com && ($com['owner'] == $user['id'] || $user['priv'] >= $priv_mod), "This comment does not exist, or you are not allowed to edit it."); $com_text = $com['text']; diff --git a/lib/blog/index.php b/lib/blog/index.php index 08aa630..99c7bbe 100644 --- a/lib/blog/index.php +++ b/lib/blog/index.php @@ -39,7 +39,7 @@ function count_in($fat, $v, $d) { } $q = - "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ". + "SELECT blog_posts.id AS id, blog_posts.title AS title, DATE_fORMAT(blog_posts.date, '%Y-%m-%d') AS date, ". "UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ". "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ". "blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ', ') AS tags, ". @@ -70,7 +70,7 @@ while ($pp = mysql_fetch_assoc($n)) { count_in('date', str_replace('-', '_', $pp['month']), $pp['month']); } -$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0); +$can_post = (($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0)); $can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0); $can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0); diff --git a/lib/conf/apps.php b/lib/conf/apps.php index 524da45..e0c1dfe 100644 --- a/lib/conf/apps.php +++ b/lib/conf/apps.php @@ -2,53 +2,58 @@ $homepage = "view-static-home"; +$priv_guest = 0; +$priv_user = 1; +$priv_auth = 2; +$priv_mod = 3; +$priv_admin = 4; + $apps = array( "static" => array( - "view" => 0, + "view" => $priv_guest, ), // File upload application "file" => array( - "index" => 1, - "delete" => 1, - "editinfo" => 1, - "upload" => 0, - "folder" => 0, - "newfld" => 1, - "editfld" => 1, - "delfld" => 1, + "index" => $priv_guest, + "delete" => $priv_user, + "editinfo" => $priv_user, + "upload" => $priv_user, + "folder" => $priv_guest, + "newfld" => $priv_user, + "editfld" => $priv_user, + "delfld" => $priv_user, ), // Account application "account" => array( - "new" => 0, - "list" => 0, + "new" => $priv_guest, + "list" => $priv_guest, ), // Notebook application "notes" => array( - //"index" => 0, - "user" => 0, - "view" => 0, - "new" => 1, - "edit" => 1, - "delete" => 1, - "move" => 1, - "source" => 0, + "user" => $priv_guest, + "view" => $priv_guest, + "new" => $priv_user, + "edit" => $priv_user, + "delete" => $priv_user, + "move" => $priv_user, + "source" => $priv_guest, ), // Blogging application "blog" => array( - "index" => 0, - "view" => 0, - "drafts" => 2, - "publish" => 2, - "post" => 2, - "edit" => 2, - "delete" => 2, - "comment" => 1, - "edcom" => 1, - "delcom" => 2, + "index" => $priv_guest, + "view" => $priv_guest, + "drafts" => $priv_auth, + "publish" => $priv_auth, + "post" => $priv_auth, + "edit" => $priv_auth, + "delete" => $priv_auth, + "comment" => $priv_user, + "edcom" => $priv_user, + "delcom" => $priv_mod, ), diff --git a/lib/file/delete.php b/lib/file/delete.php index 1a65058..296b560 100644 --- a/lib/file/delete.php +++ b/lib/file/delete.php @@ -9,7 +9,7 @@ $id = intval($args[2]); $info = mysql_fetch_assoc(sql("SELECT * FROM files WHERE id = $id")); -if ($info["owner"] == $user["id"]) { +if ($info["owner"] == $user["id"] || $user['priv'] >= $priv_admin) { token_validate("Do you really want to delete this file ?", "file"); if (has_mini($info["extension"])) unlink($savedir . $id . "-min." . $info["extension"]); unlink($savedir . $id . "." . $info["extension"]); diff --git a/lib/file/delfld.php b/lib/file/delfld.php index c1cacf0..9a2bf1f 100644 --- a/lib/file/delfld.php +++ b/lib/file/delfld.php @@ -7,7 +7,7 @@ $fld = mysql_fetch_assoc(sql( "SELECT id, name, comment, public, owner ". "FROM folders WHERE id = $fldid" )); -assert_error($fld && $fld['owner'] == $user['id'], +assert_error($fld && ($fld['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This folder does not exist, or you are not allowed to edit it."); token_validate("Do you really want to delete this folder ?", "folder-file-$fldid"); diff --git a/lib/notes/delete.php b/lib/notes/delete.php index e8ef31e..43dbf44 100644 --- a/lib/notes/delete.php +++ b/lib/notes/delete.php @@ -4,7 +4,7 @@ assert_redir(count($args) >= 3, 'notes'); $noteid = intval($args[2]); $note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid")); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to delete it."); token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid"); diff --git a/lib/notes/edit.php b/lib/notes/edit.php index 17f1573..ec479b0 100644 --- a/lib/notes/edit.php +++ b/lib/notes/edit.php @@ -11,7 +11,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to edit it."); $note_title = $note['title']; diff --git a/lib/notes/move.php b/lib/notes/move.php index c3439d7..d51b4ad 100644 --- a/lib/notes/move.php +++ b/lib/notes/move.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to move it."); if (count($args) == 4) { diff --git a/lib/notes/view.php b/lib/notes/view.php index f81b6d7..a6a014c 100644 --- a/lib/notes/view.php +++ b/lib/notes/view.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), +assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to see it."); $can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']); diff --git a/lib/static/home.md b/lib/static/home.md index ef6f589..e291e72 100644 --- a/lib/static/home.md +++ b/lib/static/home.md @@ -16,7 +16,7 @@ Cursus : Conservatoire (dans ma jeunesse) Contact -: `alex [chez] adnab.me`, `alex.auvolat [chez] ens.fr` +: `alex [chez] adnab.me`, ou bien `alex.auvolat [chez] ens.fr` Intérêts en informatique : Systèmes d'exploitations originaux @@ -26,7 +26,7 @@ Intérêts en informatique Intérêts en dehors de l'informatique : Musique : Japonais -: Cuisine +: Faire à manger : Philosophie, philosophie des sciences, philosophie politique Compétences remarquables diff --git a/tpl/blog/index.php b/tpl/blog/index.php index b70a80a..b2d6f93 100644 --- a/tpl/blog/index.php +++ b/tpl/blog/index.php @@ -14,7 +14,7 @@ echo ''; if(count($posts) == 0) { echo "
Aucun article trouvé.
"; } else { - echo ''; + echo '
TagsDateAuteur
'; foreach ($posts as $post) { echo ''; + if ($post['tags'] != ''){ + echo '
' . $post['tags'] . ''; + } + echo ''; echo ''; echo ''; echo ''; -- cgit v1.2.3
DateAuteur
' . $post['title'] . '
'; $k = array(); @@ -24,7 +24,10 @@ if(count($posts) == 0) { $k[] = 'supprimer'; echo implode(' | ', $k); echo '
'; - echo '
' . $post['tags'] . '' . $post['date'] . '' . $post['owner'] . '