Hacking s9y into a multi-user, centrally controlled tool
Warning: I did these changes under my own source control tree so I could roll back changes and keep track of things. Don't do this unless you either know exactly what this means and does, or if you actively want to break your own installation of s9y. I've included svn diffs of my changes to s9y version 1.0 in order to make this work.
Once I got my own authentication to create the session for s9y to allow authors in for posting and editing, I next had to make s9y do two things different from its normal behavior for base-level authors:
- Keep authors from editing their information that gets managed by my own admin tool.
- Allow authors to only edit their own entries
First off, authors only have the ability to edit their info using the tool I wrote, since it also updates their central user record, as well as the Phorum user record. Luckily, s9y makes this practically as easy as pushing a button. Just a couple of quick permission changes in s9y/include/tpl/config_personal.inc.php:
Index: config_personal.inc.php
===================================================================
--- config_personal.inc.php (revision 115)
+++ config_personal.inc.php (working copy)
@@ -13,28 +13,28 @@
'description' => USERCONF_USERNAME_DESC,
'type' => 'string',
'default' => 'johndoe',
- 'permission' => 'personalConfiguration'),
+ 'permission' => 'adminUsersMaintainOthers'),
array('var' => 'password',
'title' => USERCONF_PASSWORD,
'description' => USERCONF_PASSWORD_DESC,
'type' => 'protected',
'default' => '',
- 'permission' => 'personalConfiguration'),
+ 'permission' => 'adminUsersMaintainOthers'),
array('var' => 'check_password',
'title' => USERCONF_CHECK_PASSWORD,
'description' => USERCONF_CHECK_PASSWORD_DESC,
'type' => 'protected',
'default' => '',
- 'permission' => 'personalConfiguration'),
+ 'permission' => 'adminUsersMaintainOthers'),
array('var' => 'realname',
'title' => USERCONF_REALNAME,
'description' => USERCONF_REALNAME_DESC,
'type' => 'string',
'default' => 'John Doe',
- 'permission' => 'personalConfiguration'),
+ 'permission' => 'adminUsersMaintainOthers'),
array('var' => 'userlevel',
'title' => USERCONF_USERLEVEL,
@@ -57,7 +57,7 @@
'description' => USERCONF_EMAIL_DESC,
'type' => 'string',
'default' => 'john@example.com',
- 'permission' => 'personalConfiguration'),
+ 'permission' => 'adminUsersMaintainOthers'),
array('var' => 'lang',
'title' => INSTALL_LANG,
This way, admins can still go in and fix things without much fuss if something manages to somehow fall out of sync with the central record for some reason.
Next, authors shouldn't have the ability to edit other authors' entries for this site. That means that s9y/include/admin/entries.inc.php has a few quick changes:
Index: entries.inc.php
===================================================================
--- entries.inc.php (revision 115)
+++ entries.inc.php (working copy)
@@ -59,7 +59,9 @@
$filter = array();
- if (!empty($serendipity['GET']['filter']['author'])) {
+ if (!serendipity_checkPermission('adminEntriesMaintainOthers')) {
+ $filter[] = "e.authorid = '" . serendipity_db_escape_string($serendipity['authorid']) . "'";
+ } else if (!empty($serendipity['GET']['filter']['author'])) {
$filter[] = "e.authorid = '" . serendipity_db_escape_string($serendipity['GET']['filter']['author']) . "'";
}
@@ -110,7 +112,10 @@
<tr>
<td valign="top" width="80"><?php echo AUTHOR ?></td>
<td valign="top">
- <select name="serendipity[filter][author]">
+<?php
+ if (serendipity_checkPermission('adminEntriesMaintainOthers')) {
+?>
+ <select name="serendipity[filter][author]">
<option value="">--</option>
<?php
$users = serendipity_fetchUsers();
@@ -119,7 +124,16 @@
echo '<option value="' . $user['authorid'] . '" ' . (isset($serendipity['GET']['filter']['author']) && $serendipity['GET']['filter']['author'] == $user['authorid'] ? 'selected="selected"' : '') . '>' . $user['realname'] . '</option>' . "\n";
}
}
-?> </select> <select name="serendipity[filter][isdraft]">
+?>
+ </select>
+<?php
+ } else {
+?>
+ <?php echo htmlentities($serendipity['user']); ?>
+ <?php
+ }
+?>
+ <select name="serendipity[filter][isdraft]">
<option value="all"><?php echo COMMENTS_FILTER_ALL; ?></option>
<option value="draft" <?php echo (isset($serendipity['GET']['filter']['isdraft']) && $serendipity['GET']['filter']['isdraft'] == 'draft' ? 'selected="selected"' : ''); ?>><?php echo DRAFT; ?></option>
<option value="publish" <?php echo (isset($serendipity['GET']['filter']['isdraft']) && $serendipity['GET']['filter']['isdraft'] == 'publish' ? 'selected="selected"' : ''); ?>><?php echo PUBLISH; ?></option>
Basically, this just looks at whether or not you have permission to edit others. If you don't, it automatically filters by your authorid and doesn't allow you to view any others. If you try to save an entry owned by someone else, and you do cannot adminEntriesMaintainOthers, you'll get an error anyway, but it looks a lot cleaner if you can't open them up for editing in the first place.
*edited for formatting fixes
Labels: sample code
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home