Code for: Permission to set article "active"
Posted: Wed Aug 30, 2006 2:38 pm
Hi
I needed the ability to have a user a (in group A) who can create a new article. After that the article need to be corrected (spelling) and a big boss (bb) should then (again afterwards) give his ok. Only then (after ok from big boss) the article can be set active ("active" tag under "options"). (Checkout this post of mine: http://forum.cmsmadesimple.org/index.php?topic=6432 )
This creates somekind of workflow.
What the following code does:
Editor A in group 1: has the permission to create a new page. He can create - and might be able to change pages. But after a) creating and/or b) changing a page, (since he does not have the permission to set an article active) the article, which he has worked on is being deactivated.
Big boss in group 2: has a new permission: Activate and Deactivate Articles. So, the big boss (and all other members from group 2 can change activation of an article (switch on/ off)
Only people from group 2 can activate articles after creation/change. The "active" checkbox is still shown for all users - but only people who have the permission can actually change the setting!
The code changes refer to version 1.0 beta 6!
So here is the code and the how-to:
0. BACKUP files and database before you go ahead!
1. open /admin/editcontent.php
2. search for
if ($error === FALSE)
3. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate
3b. save and upload /admin/editcontent.php
4. open /admin/addcontent.php
5. search for
if ($error === FALSE)
6. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate
6b. save and upload /admin/addcontent.php
7. run this SQL command on your CMSmadesimple database:
INSERT INTO `cms_permissions` VALUES (963, 'Activate Deactivate Article', 'Activate and Deactivate Articles', NULL, NULL);
NEXT FILE NOW!
open /admin/listcontent.php
Attention: we start in the end of the file and work our way to the beginning so that linennumbers match vor listcontent.php from version 1.0 beta 6!
search (1023-1033)
// check if we're activating a page
if (isset($_GET["setactive"]))
{
setactive($_GET["setactive"]);
}
// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
setactive($_GET["setinactive"], false);
}
replace with
if (isset($_GET["setactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setactive"]);
}
else {
}
//end security check
}
// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setinactive"], false);
}
else {
}
//end security check
}
search (948-949)
ob_start();
if (check_permission($userid, 'Modify Page Structure'))
replace with
ob_start();
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
//end security check
search for (940-943)
if (check_permission($userid, 'Modify Page Structure'))
{
$headoflist .= " \n";
}
replace with
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
$headoflist .= " \n";
}
//end security check
search for (l 927-930)
if (check_permission($userid, 'Modify Page Structure'))
{
$headoflist .= "".lang('active')."\n";
}
replace with
//start security check
$headoflist .= "".lang('active')."\n";
//end security check
search for (line 781)
$thelist .= 'Id().'" />';
replace with
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
$thelist .= 'Id().'" />';
}
//end security check
search (line 684-709)
if (check_permission($userid, 'Modify Page Structure'))
{
if ($display == 'edit' || $display == 'structure')
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
}
else
{
$thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
}
}
else
{
$thelist .= " \n";
}
}
replace with
//start added security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
if ($display == 'edit' || $display == 'structure')
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
}
else
{
$thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
}
}
else
{
$thelist .= " \n";
}
}
else
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:$image_set_false)."\n";
}
else
{
$thelist .= "$image_set_true\n";
}
}
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"if(confirm('".lang("confirmdefault")."')) xajax_content_setdefault(".$one->Id().");return false;\">".$image_set_true."")."\n";
}
else
{
$thelist .= " ";
}
}
else
{
if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
{
$thelist .= "".($one->DefaultContent()?$image_true:$image_set_true)."\n";
}
else
{
$thelist .= " ";
}
}
//end added security check
search for (line 145-154)
function content_setinactive($contentid)
{
$objResponse = new xajaxResponse();
setactive($contentid, false);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
replace complete (!) function with
function content_setinactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
$objResponse = new xajaxResponse();
setactive($contentid, false);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
}
//end security check
}
search for (line 134-143)
function content_setactive($contentid)
{
$objResponse = new xajaxResponse();
setactive($contentid);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
replace with complete (!) function with:
function content_setactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){ //user has no permission to change
$objResponse = new xajaxResponse();
setactive($contentid);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
// nothing happens since user has no permission to change
}
//end security check
}
search for (line 80-82)
#Modify the object inline
$value->SetActive(true);
$value->Save();
replace with
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
//user has no permission to change
#Modify the object inline
$value->SetActive(true);
$value->Save();
}
else {
// nothing happens since user has no permission to change
}
//end security check
save and upload
go to permissions and add the permission to acvtivate/deactivate pages to a group
I hope i did not miss any of my changes in the file.
Any comments?
Olaf
I needed the ability to have a user a (in group A) who can create a new article. After that the article need to be corrected (spelling) and a big boss (bb) should then (again afterwards) give his ok. Only then (after ok from big boss) the article can be set active ("active" tag under "options"). (Checkout this post of mine: http://forum.cmsmadesimple.org/index.php?topic=6432 )
This creates somekind of workflow.
What the following code does:
Editor A in group 1: has the permission to create a new page. He can create - and might be able to change pages. But after a) creating and/or b) changing a page, (since he does not have the permission to set an article active) the article, which he has worked on is being deactivated.
Big boss in group 2: has a new permission: Activate and Deactivate Articles. So, the big boss (and all other members from group 2 can change activation of an article (switch on/ off)
Only people from group 2 can activate articles after creation/change. The "active" checkbox is still shown for all users - but only people who have the permission can actually change the setting!
The code changes refer to version 1.0 beta 6!
So here is the code and the how-to:
0. BACKUP files and database before you go ahead!
1. open /admin/editcontent.php
2. search for
if ($error === FALSE)
3. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate
3b. save and upload /admin/editcontent.php
4. open /admin/addcontent.php
5. search for
if ($error === FALSE)
6. insert before
//start check activate
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
// no changes if the user has permission to change this value
// $contentobj->SetActive(true);
}
else {
// if user has no permission but submits a new / changes page the page is being disabled
$contentobj->SetActive(false);
}
//end check activate
6b. save and upload /admin/addcontent.php
7. run this SQL command on your CMSmadesimple database:
INSERT INTO `cms_permissions` VALUES (963, 'Activate Deactivate Article', 'Activate and Deactivate Articles', NULL, NULL);
NEXT FILE NOW!
open /admin/listcontent.php
Attention: we start in the end of the file and work our way to the beginning so that linennumbers match vor listcontent.php from version 1.0 beta 6!
search (1023-1033)
// check if we're activating a page
if (isset($_GET["setactive"]))
{
setactive($_GET["setactive"]);
}
// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
setactive($_GET["setinactive"], false);
}
replace with
if (isset($_GET["setactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setactive"]);
}
else {
}
//end security check
}
// perhaps we're deactivating a page instead?
if (isset($_GET["setinactive"]))
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
setactive($_GET["setinactive"], false);
}
else {
}
//end security check
}
search (948-949)
ob_start();
if (check_permission($userid, 'Modify Page Structure'))
replace with
ob_start();
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
//end security check
search for (940-943)
if (check_permission($userid, 'Modify Page Structure'))
{
$headoflist .= " \n";
}
replace with
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
$headoflist .= " \n";
}
//end security check
search for (l 927-930)
if (check_permission($userid, 'Modify Page Structure'))
{
$headoflist .= "".lang('active')."\n";
}
replace with
//start security check
$headoflist .= "".lang('active')."\n";
//end security check
search for (line 781)
$thelist .= 'Id().'" />';
replace with
//start security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
$thelist .= 'Id().'" />';
}
//end security check
search (line 684-709)
if (check_permission($userid, 'Modify Page Structure'))
{
if ($display == 'edit' || $display == 'structure')
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
}
else
{
$thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
}
}
else
{
$thelist .= " \n";
}
}
replace with
//start added security check
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
if ($display == 'edit' || $display == 'structure')
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"xajax_content_setinactive(".$one->Id().");return false;\">".$image_set_false."")."\n";
}
else
{
$thelist .= "Id()."\" onclick=\"xajax_content_setactive(".$one->Id().");return false;\">".$image_set_true."\n";
}
}
else
{
$thelist .= " \n";
}
}
else
{
if($one->Active())
{
$thelist .= "".($one->DefaultContent()?$image_true:$image_set_false)."\n";
}
else
{
$thelist .= "$image_set_true\n";
}
}
if (check_permission($userid, 'Modify Page Structure') && check_permission($userid, 'Activate Deactivate Article'))
{
if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
{
$thelist .= "".($one->DefaultContent()?$image_true:"Id()."\" onclick=\"if(confirm('".lang("confirmdefault")."')) xajax_content_setdefault(".$one->Id().");return false;\">".$image_set_true."")."\n";
}
else
{
$thelist .= " ";
}
}
else
{
if ($one->IsDefaultPossible() && ($display == 'edit' || $display == 'structure'))
{
$thelist .= "".($one->DefaultContent()?$image_true:$image_set_true)."\n";
}
else
{
$thelist .= " ";
}
}
//end added security check
search for (line 145-154)
function content_setinactive($contentid)
{
$objResponse = new xajaxResponse();
setactive($contentid, false);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
replace complete (!) function with
function content_setinactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
$objResponse = new xajaxResponse();
setactive($contentid, false);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
}
//end security check
}
search for (line 134-143)
function content_setactive($contentid)
{
$objResponse = new xajaxResponse();
setactive($contentid);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
replace with complete (!) function with:
function content_setactive($contentid)
{
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){ //user has no permission to change
$objResponse = new xajaxResponse();
setactive($contentid);
$objResponse->addAssign("contentlist", "innerHTML", display_content_list());
$objResponse->addScript("new Effect.Highlight('tr_$contentid', { duration: 2.0 });");
return $objResponse->getXML();
}
else {
// nothing happens since user has no permission to change
}
//end security check
}
search for (line 80-82)
#Modify the object inline
$value->SetActive(true);
$value->Save();
replace with
//start security check
$userid = get_userid();
$activate_article_permission = check_permission($userid, 'Activate Deactivate Article');
if ($activate_article_permission){
//user has no permission to change
#Modify the object inline
$value->SetActive(true);
$value->Save();
}
else {
// nothing happens since user has no permission to change
}
//end security check
save and upload
go to permissions and add the permission to acvtivate/deactivate pages to a group
I hope i did not miss any of my changes in the file.
Any comments?
Olaf
.
?