Code for: Permission to set article "active"

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Locked
olaf_noehring

Code for: Permission to set article "active"

Post by olaf_noehring »

Hi

I needed the ability to have a user a (in group A) who can create a new article. After that the article need to be corrected (spelling) and a big boss (bb) should then (again afterwards) give his ok. Only then (after ok from big boss) the article can be set active ("active" tag under "options"). (Checkout this post of mine: http://forum.cmsmadesimple.org/index.php?topic=6432 )
This creates somekind of workflow.

What the following code does:
Editor A in group 1: has the permission to create a new page. He can create - and might be able to change pages. But after a) creating and/or b) changing a page, (since he does not have the permission to set an article active) the article, which he has worked on is being deactivated.

Big boss in group 2: has a new permission: Activate and Deactivate Articles. So, the big boss (and all other members from group 2 can change activation of an article (switch on/ off)

Only people from group 2 can activate articles after creation/change. The "active" checkbox is still shown for all users - but only people who have the permission can actually change the setting!

The code changes refer to version 1.0 beta 6!

So here is the code and the how-to:
0. BACKUP files and database before you go ahead!

1. open /admin/editcontent.php

2. search for
if ($error === FALSE)

3. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate

3b. save and upload /admin/editcontent.php
4. open /admin/addcontent.php

5. search for
if ($error === FALSE)

6. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate

6b. save and upload /admin/addcontent.php
7. run this SQL command on your CMSmadesimple database:
INSERT INTO `cms_permissions` VALUES (963, 'Activate Deactivate Article', 'Activate and Deactivate Articles', NULL, NULL);



NEXT FILE NOW!

open /admin/listcontent.php
Attention: we start in the end of the file and work our way to the beginning so that linennumbers match vor listcontent.php from version 1.0 beta 6!

search (1023-1033)

// check if we're activating a page
if (isset($_GET["setactive"]))
{
setactive($_GET["setactive"]);
}

// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
setactive($_GET["setinactive"], false);
}

replace with

if (isset($_GET["setactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setactive"]);
}
else {
}
//end security check
}

// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setinactive"], false);
}
else {
}
//end security check
}





search (948-949)

ob_start();
if (check_permission($userid, 'Modify Page Structure'))

replace with

ob_start();
//start security check
if (check_permission($userid, 'Modify Page Structure')  && check_permission($userid, 'Activate Deactivate Article'))         
//end security check




search for (940-943)

if (check_permission($userid, 'Modify Page Structure'))
{
   $headoflist .= " \n";
}    

replace with
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
   $headoflist .= " \n";
}
//end security check

search for (l 927-930)

if (check_permission($userid, 'Modify Page Structure'))
    {
   $headoflist .= "".lang('active')."\n";
    }
   
replace with

//start security check
$headoflist .= "".lang('active')."\n";       
//end security check

search for (line 781)

$thelist .= 'Id().'" />';

replace with

//start security check
      if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))       
      {               
              $thelist .= 'Id().'" />';
}   
//end security check

search (line 684-709)

        if (check_permission($userid, 'Modify Page Structure'))
        {
            if ($display == 'edit' || $display == 'structure')
            {
                if($one->Active())
                {
                    $thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
                }
                else
                {
                    $thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
                }
            }
            else
            {
                $thelist .= " \n";
            }
        }
       
replace with

//start added security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))       
        {
            if ($display == 'edit' || $display == 'structure')
            {
                if($one->Active())
                {
                    $thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
                }
                else
                {
                    $thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
                }
            }
            else
            {
                $thelist .= " \n";
            }
        }
         else
        {
                if($one->Active())
                {
                    $thelist .= "".($one->DefaultContent()?$image_true:$image_set_false)."\n";
                }
                else
                {
                    $thelist .= "$image_set_true\n";
                }
        }
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))       
{       
       
        if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
        {
            $thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"if(confirm('".lang("confirmdefault")."')) xajax_content_setdefault(".$one->Id().");return false;\">".$image_set_true."")."\n";
        }
        else
        {
            $thelist .= " ";
        }   
}
else
{
            if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
        {
            $thelist .= "".($one->DefaultContent()?$image_true:$image_set_true)."\n";
        }
        else
        {
            $thelist .= " ";
        }   
}       
//end added security check


search for (line 145-154)

function content_setinactive($contentid)
{
$objResponse = new xajaxResponse();

setactive($contentid, false);

$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}

replace complete (!) function with

function content_setinactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
$objResponse = new xajaxResponse();

setactive($contentid, false);

$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
}
//end security check
}


search for (line 134-143)

function content_setactive($contentid)
{
$objResponse = new xajaxResponse();

setactive($contentid);

$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}


replace with complete (!) function with:

function content_setactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){ //user has no permission to change
$objResponse = new xajaxResponse();

setactive($contentid);

$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
// nothing happens since user has no permission to change
}
//end security check
}


search for (line 80-82)

#Modify the object inline
$value->SetActive(true);
$value->Save();

replace with

//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
//user has no permission to change
#Modify the object inline
$value->SetActive(true);
$value->Save();
}
else {
// nothing happens since user has no permission to change
}
//end security check


save and upload

go to permissions and add the permission to acvtivate/deactivate pages to a group
I hope i did not miss any of my changes in the file.
Any comments?
Olaf
Last edited by olaf_noehring on Fri Sep 01, 2006 5:43 am, edited 1 time in total.
Top
cyberman

Re: Code for: Permission to set article "active"

Post by cyberman »

Thx - would be a nice feature!
Top
olaf_noehring

Re: Code for: Permission to set article "active"

Post by olaf_noehring »

Hi

I have noticed that aloi changes in listcontent.php are needed.
I will post them later today / tomorrow and modify my initial posting.

Olaf
Top
olaf_noehring

Re: Code for: Permission to set article "active"

Post by olaf_noehring »

Hi,

i hope now the addition is complete. you need to change listcontent 8everything from "next file!" downwards as well since there activation and default page can be set. i took the freedom to remove checkboxes for deletion as well if the user has no permission to change page structure + activate/deactivate pages.
also: activation and default state are now shown always but can be changed only if activation/modify pages permission are set:

olaf
Top
cyberman

Re: Code for: Permission to set article "active"

Post by cyberman »

Can you post this as patch for core on CMSms Forge ?
Top
olaf_noehring

Re: Code for: Permission to set article "active"

Post by olaf_noehring »

Hi cyberman,

how do I do this?

Olaf
Top
cyberman

Re: Code for: Permission to set article "active"

Post by cyberman »

Go to

http://dev.cmsmadesimple.org/

create a login, go then to

http://dev.cmsmadesimple.org/tracker/?a ... unc=browse

and post your patch (complete or only diff file) with a description there  ;).
Top
olaf_noehring

Re: Code for: Permission to set article "active"

Post by olaf_noehring »

Hi

do you mean I should post the code from above? Well - I want to help, but please don't make it too hard to do so ;-)

Olaf
Top
cyberman

Re: Code for: Permission to set article "active"

Post by cyberman »

Please post a little description with an attachment (your patched editcontent.php / addcontent.php as zip file) there.

It's easy enough  :) ?
Top
olaf_noehring

Re: Code for: Permission to set article "active"

Post by olaf_noehring »

Hi

yes,
did so, ID 964. Thanks for your help.

Olaf
Top
Locked

Return to “Modules/Add-Ons”