Add [cmd:permissions]
This commit is contained in:
@ -98,7 +98,10 @@ Response Handler::handle(const Request &r)
|
||||
|
||||
Permissions Handler::effectivePermissions(std::string page)
|
||||
{
|
||||
return this->database->createPermissionsDao()
|
||||
->find(page, this->userSession->user.login)
|
||||
.value_or(this->userSession->user.permissions);
|
||||
Permissions &userPerms = this->userSession->user.permissions;
|
||||
if(userPerms.isAdmin())
|
||||
{
|
||||
return userPerms;
|
||||
}
|
||||
return this->database->createPermissionsDao()->find(page, this->userSession->user.login).value_or(userPerms);
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ SOFTWARE.
|
||||
|
||||
#include "../parser.h"
|
||||
#include "../revisionrenderer.h"
|
||||
|
||||
bool HandlerPageEdit::canAccess([[maybe_unused]] std::string page)
|
||||
{
|
||||
return effectivePermissions(page).canEdit();
|
||||
@ -56,7 +57,8 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
{
|
||||
if(!effectivePermissions(from).canRead())
|
||||
{
|
||||
return this->errorResponse("Permission denied", "No access permissions, so you can't use this page as a template");
|
||||
return this->errorResponse("Permission denied",
|
||||
"No access permissions, so you can't use this page as a template");
|
||||
}
|
||||
body = revisiondao->getCurrentForPage(from)->content;
|
||||
}
|
||||
@ -77,6 +79,7 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
std::string visiblecmd = parser.extractCommand("visible", newContent);
|
||||
std::string rename = parser.extractCommand("rename", newContent);
|
||||
std::string customtitle = parser.extractCommand("pagetitle", newContent);
|
||||
std::vector<std::string> perms = parser.extractCommands("permissions", newContent);
|
||||
Page page;
|
||||
std::optional<Page> currentPage = pageDao.find(pagename);
|
||||
if(currentPage)
|
||||
@ -91,6 +94,33 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
}
|
||||
pagename = rename;
|
||||
}
|
||||
|
||||
for(const std::string &perm : perms)
|
||||
{
|
||||
auto splitted = utils::split(perm, '|');
|
||||
if(splitted.size() != 2)
|
||||
{
|
||||
return this->errorResponse("Invalid command", "permissions command is misformated");
|
||||
}
|
||||
auto permissionDao = this->database->createPermissionsDao();
|
||||
auto currentPermission = permissionDao->find(pagename, splitted[0]);
|
||||
|
||||
Permissions newPermissions = Permissions{splitted[1]};
|
||||
if(!currentPermission || newPermissions != currentPermission.value())
|
||||
{
|
||||
if(this->userSession->user.permissions.canSetPagePerms())
|
||||
{
|
||||
permissionDao->save(pagename, splitted[0], newPermissions);
|
||||
}
|
||||
else
|
||||
{
|
||||
this->database->rollbackTransaction();
|
||||
return errorResponse("Invalid permissions",
|
||||
"You don't have permission to change page permissions");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
page.current_revision = current_revision;
|
||||
page.listed = !(visiblecmd == "0");
|
||||
page.name = pagename;
|
||||
@ -130,7 +160,7 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
TemplatePage templatePage = this->templ->getPage("page_creation_preview");
|
||||
templatePage.setVar("actionurl", urlProvider->editPage(pagename));
|
||||
|
||||
RevisionRenderer revisionRenderer { *this->templ, *this->database, *this->urlProvider };
|
||||
RevisionRenderer revisionRenderer{*this->templ, *this->database, *this->urlProvider, *this->userSession};
|
||||
|
||||
templatePage.setVar("preview_content", revisionRenderer.renderContent(newContent));
|
||||
templatePage.setVar("content", newContent);
|
||||
|
||||
Reference in New Issue
Block a user