# HG changeset patch # User Dan # Date 1213635264 14400 # Node ID cd46e29ae6996f77c4ce16549ea6db78715a4d6d # Parent c51809bdf6af684c92ff48e33f86c15dc013041c Started work on planet system. From this point onward, enano-1.1 rev 571 or later required. diff -r c51809bdf6af -r cd46e29ae699 plugins/Nuggie.php --- a/plugins/Nuggie.php Sat Jun 14 22:01:05 2008 -0400 +++ b/plugins/Nuggie.php Mon Jun 16 12:54:24 2008 -0400 @@ -59,6 +59,11 @@ $paths->create_namespace('Blog', 'Blog:'); $paths->create_namespace('Planet', 'Planet:'); + $paths->create_namespace('BlogPost', 'Blog_post:'); + + // Register namespace processors + $paths->register_namespace_processor('BlogPost', 'nuggie_blogpost_uri_handler'); + $paths->register_namespace_processor('Planet', 'nuggie_planet_uri_handler'); // Create custom permissions for Nuggie @@ -75,14 +80,17 @@ // Extend the core permission set - $session->acl_extend_scope('read', 'Blog|Planet', $paths); - $session->acl_extend_scope('edit_comments', 'Blog', $paths); - $session->acl_extend_scope('post_comments', 'Blog', $paths); - $session->acl_extend_scope('mod_comments', 'Blog', $paths); + $session->acl_extend_scope('read', 'Blog|Planet|BlogPost', $paths); + $session->acl_extend_scope('edit_comments', 'BlogPost', $paths); + $session->acl_extend_scope('post_comments', 'BlogPost', $paths); + $session->acl_extend_scope('mod_comments', 'BlogPost', $paths); } $plugins->attachHook('page_type_string_set', 'nuggie_set_page_string();'); +require( ENANO_ROOT . '/plugins/nuggie/planet.php' ); +require( ENANO_ROOT . '/plugins/nuggie/postbit.php' ); + function nuggie_set_page_string() { global $db, $session, $paths, $template, $plugins; // Common objects @@ -112,8 +120,7 @@ if ( $processor->namespace == 'Blog' ) { - require( ENANO_ROOT . '/plugins/nuggie/postbit.php' ); - $result = nuggie_blog_uri_handler($processor->page_id); + $result = nuggie_blog_uri_handler($processor); if ( $result === '_err_access_denied' ) { $processor->err_access_denied(); @@ -122,12 +129,7 @@ } else if ( $processor->namespace == 'Planet' ) { - $result = nuggie_planet_uri_handler($processor->page_id); - if ( $result === '_err_access_denied' ) - { - $processor->err_access_denied(); - return true; - } + // revision 7: never called anymore } } diff -r c51809bdf6af -r cd46e29ae699 plugins/nuggie/planet.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/nuggie/planet.php Mon Jun 16 12:54:24 2008 -0400 @@ -0,0 +1,68 @@ +page_id; + + // + // VALIDATION + // + + // Fetch ACLs + $perms = $session->fetch_page_acl($planet_id, 'Planet'); + + // Obtain planet info + $q = $db->sql_query('SELECT p.planet_id, p.planet_name, p.planet_subtitle, p.planet_creator, p.planet_public, p.planet_visible, m.mapping_type, m.mapping_value ' . "\n" + . ' FROM ' . table_prefix . "planets AS p\n" + . " LEFT JOIN " . table_prefix . "planets_mapping AS m\n" + . " ON ( p.planet_id = m.planet_id )\n" + . " WHERE p.planet_name = '" . $db->escape(sanitize_page_id($planet_id)) . "';"); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + // planet not found, fall out + return false; + } + + // fetch first row, then seek back to the first result to allow mapping fetching later + $planet_data = $db->fetchrow(); + $db->sql_data_seek(0); + + // check author and publicity + if ( $planet_data['planet_creator'] != $session->user_id && !$planet_data['planet_public'] ) + { + return $page->err_access_denied(); + } + + // ACL check + if ( !$perms->get_permissions('read') ) + { + return $page->err_access_denied(); + } + + // fetch mappings to prepare to select the actual blog data + echo 'WiP'; +} + +?> diff -r c51809bdf6af -r cd46e29ae699 plugins/nuggie/postbit.php --- a/plugins/nuggie/postbit.php Sat Jun 14 22:01:05 2008 -0400 +++ b/plugins/nuggie/postbit.php Mon Jun 16 12:54:24 2008 -0400 @@ -216,9 +216,12 @@ } } -function nuggie_blog_uri_handler($uri) +function nuggie_blog_uri_handler($page) { global $db, $session, $paths, $template, $plugins; // Common objects + + $uri = $page->page_id; + $template->add_header(''); if ( strstr($uri, '/') ) { @@ -256,20 +259,15 @@ $ptc = $db->escape($post_title_clean); $uname = $db->escape(dirtify_page_id($poster)); - $q = $db->sql_query("SELECT p.post_id, p.post_title, p.post_title_clean, p.post_author, p.post_timestamp, p.post_text, b.blog_name,\n" - . " b.blog_subtitle, b.blog_type, b.allowed_users, u.username, u.user_level, COUNT(c.comment_id) AS num_comments\n" + $q = $db->sql_query("SELECT p.post_id\n" . " FROM " . table_prefix . "blog_posts AS p\n" - . " LEFT JOIN " . table_prefix . "blogs AS b\n" - . " ON ( b.user_id = p.post_author )\n" . " LEFT JOIN " . table_prefix . "users AS u\n" . " ON ( u.user_id = p.post_author )\n" - . " LEFT JOIN " . table_prefix . "comments AS c\n" - . " ON ( ( c.page_id = '{$particlecomp}' AND c.namespace = 'Blog' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" . " WHERE p.post_timestamp >= $time_min AND p.post_timestamp <= $time_max\n" . " AND p.post_title_clean = '$ptc' AND u.username = '$uname'\n" . " GROUP BY p.post_id;"); if ( !$q ) - $db->_die('Nuggie post handler selecting main post data'); + $db->_die('Nuggie post handler doing name- and date-based lookup'); if ( $db->numrows() < 1 ) return false; @@ -282,59 +280,29 @@ $row = $db->fetchrow(); - // - // Determine permissions - // - - // The way we're doing this is first fetching permissions for the blog, and then merging them - // with permissions specific to the post. This way the admin can set custom permissions for the - // entire blog, and they'll be inherited unless individual posts have overriding permissions. - $perms_blog = $session->fetch_page_acl($row['username'], 'Blog'); - $perms = $session->fetch_page_acl("{$row['post_timestamp']}_{$row['post_id']}", 'Blog'); - $perms->perms = $session->acl_merge($perms->perms, $perms_blog->perms); - unset($perms_blog); - - if ( $row['blog_type'] == 'private' ) - { - $allowed_users = unserialize($row['allowed_users']); - if ( !in_array($session->username, $allowed_users) && !$perms->get_permissions('nuggie_see_non_public') && $row['username'] != $session->username ) - { - return '_err_access_denied'; - } - } - - $acl_type = ( $row['post_author'] == $session->user_id ) ? 'nuggie_edit_own' : 'nuggie_edit_other'; - - if ( !$perms->get_permissions('read') ) - return '_err_access_denied'; + $realpost = new PageProcessor($row['post_id'], 'BlogPost'); - // We're validated - display post - $postbit = new NuggiePostbit(); - $postbit->post_id = intval($row['post_id']); - $postbit->post_title = $row['post_title']; - $postbit->post_text = $row['post_text']; - $postbit->post_author = $row['username']; - $postbit->post_timestamp = intval($row['post_timestamp']); - $postbit->auth_edit = $perms->get_permissions($acl_type); - $postbit->num_comments = intval($row['num_comments']); - - $page_name = htmlspecialchars($row['post_title']) . ' « ' . htmlspecialchars($row['blog_name']); - if ( method_exists($template, 'assign_vars') ) + // huge hack + // the goal here is to fool the page metadata system into thinking that comments are enabled. + $paths->cpage['comments_on'] = 1; + if ( !isset($paths->pages[$paths->nslist['BlogPost'] . $row['post_id']]) ) { - $template->assign_vars(array( - 'PAGE_NAME' => $page_name - )); + $paths->pages[$paths->nslist['BlogPost'] . $row['post_id']] = array( + 'urlname' => $paths->nslist['BlogPost'] . $row['post_id'], + 'urlname_nons' => $row['post_id'], + 'name' => 'determined at runtime', + 'comments_on' => 1, + 'special' => 0, + 'wiki_mode' => 0, + 'protected' => 1, + 'delvotes' => 0 + ); } - else - { - $template->tpl_strings['PAGE_NAME'] = $page_name; - } - - $template->header(); - echo '< ' . htmlspecialchars($row['blog_name']) . ''; - echo $postbit->render_post(); - display_page_footers(); - $template->footer(); + $realpost->page_exists = true; + // end huge hack + + $template->init_vars($realpost); + $realpost->send(); return true; } @@ -344,6 +312,97 @@ } } +function nuggie_blogpost_uri_handler($page) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + if ( !preg_match('/^[0-9]+$/', $page->page_id) ) + { + return $page->err_page_not_existent(); + } + + // using page_id is SAFE. It's checked with a regex above. + $q = $db->sql_query("SELECT p.post_id, p.post_title, p.post_title_clean, p.post_author, p.post_timestamp, p.post_text, b.blog_name,\n" + . " b.blog_subtitle, b.blog_type, b.allowed_users, u.username, u.user_level, COUNT(c.comment_id) AS num_comments\n" + . " FROM " . table_prefix . "blog_posts AS p\n" + . " LEFT JOIN " . table_prefix . "blogs AS b\n" + . " ON ( b.user_id = p.post_author )\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = p.post_author )\n" + . " LEFT JOIN " . table_prefix . "comments AS c\n" + . " ON ( ( c.page_id = '{$page->page_id}' AND c.namespace = 'BlogPost' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" + . " WHERE p.post_id = {$page->page_id}\n" + . " GROUP BY p.post_id;"); + if ( !$q ) + $db->_die('Nuggie post handler selecting main post data'); + + if ( $db->numrows() < 1 ) + return false; + + $row = $db->fetchrow(); + + // + // Determine permissions + // + + // The way we're doing this is first fetching permissions for the blog, and then merging them + // with permissions specific to the post. This way the admin can set custom permissions for the + // entire blog, and they'll be inherited unless individual posts have overriding permissions. + $perms_blog = $session->fetch_page_acl($row['username'], 'Blog'); + $perms = $session->fetch_page_acl("{$row['post_timestamp']}_{$row['post_id']}", 'Blog'); + $perms->perms = $session->acl_merge($perms->perms, $perms_blog->perms); + unset($perms_blog); + + if ( $row['blog_type'] == 'private' ) + { + $allowed_users = unserialize($row['allowed_users']); + if ( !in_array($session->username, $allowed_users) && !$perms->get_permissions('nuggie_see_non_public') && $row['username'] != $session->username ) + { + return $page->err_access_denied(); + } + } + + $acl_type = ( $row['post_author'] == $session->user_id ) ? 'nuggie_edit_own' : 'nuggie_edit_other'; + + if ( !$perms->get_permissions('read') ) + return $page->err_access_denied(); + + // enable comments + $paths->cpage['comments_on'] = 1; + // disable editing + $session->acl_merge_with_current(array( + 'edit_page' => AUTH_DENY + )); + + // We're validated - display post + $postbit = new NuggiePostbit(); + $postbit->post_id = intval($row['post_id']); + $postbit->post_title = $row['post_title']; + $postbit->post_text = $row['post_text']; + $postbit->post_author = $row['username']; + $postbit->post_timestamp = intval($row['post_timestamp']); + $postbit->auth_edit = $perms->get_permissions($acl_type); + $postbit->num_comments = intval($row['num_comments']); + + $page_name = htmlspecialchars($row['post_title']) . ' « ' . htmlspecialchars($row['blog_name']); + if ( method_exists($template, 'assign_vars') ) + { + $template->assign_vars(array( + 'PAGE_NAME' => $page_name + )); + } + else + { + $template->tpl_strings['PAGE_NAME'] = $page_name; + } + + $template->header(); + echo '< ' . htmlspecialchars($row['blog_name']) . ''; + echo $postbit->render_post(); + display_page_footers(); + $template->footer(); +} + function nuggie_blog_index($username) { global $db, $session, $paths, $template, $plugins; // Common objects @@ -394,7 +453,7 @@ . " LEFT JOIN " . table_prefix . "users AS u\n" . " ON ( u.user_id = p.post_author )\n" . " LEFT JOIN " . table_prefix . "comments AS c\n" - . " ON ( ( c.page_id REGEXP CONCAT('([0-9]+)/([0-9]+)/([0-9]+)/', p.post_title_clean) AND c.namespace = 'Blog' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" + . " ON ( ( c.page_id = CAST(p.post_id AS char) AND c.namespace = 'BlogPost' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" . " WHERE p.post_author = $user_id AND p.post_published = 1\n" . " GROUP BY p.post_id\n" . " ORDER BY p.post_timestamp DESC;"); diff -r c51809bdf6af -r cd46e29ae699 plugins/nuggie/schema.sql --- a/plugins/nuggie/schema.sql Sat Jun 14 22:01:05 2008 -0400 +++ b/plugins/nuggie/schema.sql Mon Jun 16 12:54:24 2008 -0400 @@ -39,3 +39,11 @@ PRIMARY KEY ( post_id ) ) ENGINE = MyISAM CHARACTER SET utf8 COLLATE utf8_bin; +CREATE TABLE {{TABLE_PREFIX}}planets_mapping( + mapping_id int(15) NOT NULL auto_increment, + planet_id smallint(6) NOT NULL, + mapping_type smallint(3) NOT NULL DEFAULT 1, + mapping_value text NOT NULL, + PRIMARY KEY ( mapping_id ) +) ENGINE = MyISAM CHARACTER SET utf8 COLLATE utf8_bin; +