2009-11-08 09:18:22 +09:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* StatusNet, the distributed open-source microblogging tool
|
|
|
|
*
|
|
|
|
* Superclass for admin panel actions
|
|
|
|
*
|
|
|
|
* PHP version 5
|
|
|
|
*
|
|
|
|
* LICENCE: This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
* @category UI
|
|
|
|
* @package StatusNet
|
|
|
|
* @author Evan Prodromou <evan@status.net>
|
|
|
|
* @copyright 2009 StatusNet, Inc.
|
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
|
|
* @link http://status.net/
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (!defined('STATUSNET')) {
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* superclass for admin panel actions
|
|
|
|
*
|
|
|
|
* Common code for all admin panel actions.
|
|
|
|
*
|
|
|
|
* @category UI
|
|
|
|
* @package StatusNet
|
|
|
|
* @author Evan Prodromou <evan@status.net>
|
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
|
|
* @link http://status.net/
|
|
|
|
*
|
|
|
|
* @todo Find some commonalities with SettingsAction and combine
|
|
|
|
*/
|
|
|
|
class AdminPanelAction extends Action
|
|
|
|
{
|
|
|
|
var $success = true;
|
|
|
|
var $msg = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Prepare for the action
|
|
|
|
*
|
|
|
|
* We check to see that the user is logged in, has
|
|
|
|
* authenticated in this session, and has the right
|
|
|
|
* to configure the site.
|
|
|
|
*
|
|
|
|
* @param array $args Array of arguments from Web driver
|
|
|
|
*
|
|
|
|
* @return boolean success flag
|
|
|
|
*/
|
|
|
|
function prepare($args)
|
|
|
|
{
|
|
|
|
parent::prepare($args);
|
|
|
|
|
|
|
|
// User must be logged in.
|
|
|
|
|
|
|
|
if (!common_logged_in()) {
|
2010-04-11 05:50:15 +09:00
|
|
|
// TRANS: Client error message thrown when trying to access the admin panel while not logged in.
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->clientError(_('Not logged in.'));
|
2010-01-08 18:00:29 +09:00
|
|
|
return false;
|
2009-11-08 09:18:22 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
$user = common_current_user();
|
|
|
|
|
2009-11-08 13:16:34 +09:00
|
|
|
// ...because they're logged in
|
|
|
|
|
|
|
|
assert(!empty($user));
|
|
|
|
|
2009-11-08 09:18:22 +09:00
|
|
|
// It must be a "real" login, not saved cookie login
|
|
|
|
|
|
|
|
if (!common_is_real_login()) {
|
|
|
|
// Cookie theft is too easy; we require automatic
|
|
|
|
// logins to re-authenticate before admining the site
|
|
|
|
common_set_returnto($this->selfUrl());
|
|
|
|
if (Event::handle('RedirectToLogin', array($this, $user))) {
|
|
|
|
common_redirect(common_local_url('login'), 303);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// User must have the right to change admin settings
|
|
|
|
|
|
|
|
if (!$user->hasRight(Right::CONFIGURESITE)) {
|
2010-04-11 05:50:15 +09:00
|
|
|
// TRANS: Client error message thrown when a user tries to change admin settings but has no access rights.
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->clientError(_('You cannot make changes to this site.'));
|
2010-01-08 18:00:29 +09:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// This panel must be enabled
|
|
|
|
|
|
|
|
$name = $this->trimmed('action');
|
|
|
|
|
|
|
|
$name = mb_substr($name, 0, -10);
|
|
|
|
|
2010-02-07 00:32:50 +09:00
|
|
|
if (!self::canAdmin($name)) {
|
2010-04-11 05:50:15 +09:00
|
|
|
// TRANS: Client error message throw when a certain panel's settings cannot be changed.
|
2010-01-08 18:00:29 +09:00
|
|
|
$this->clientError(_('Changes to that panel are not allowed.'), 403);
|
|
|
|
return false;
|
2009-11-08 09:18:22 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* handle the action
|
|
|
|
*
|
|
|
|
* Check session token and try to save the settings if this is a
|
|
|
|
* POST. Otherwise, show the form.
|
|
|
|
*
|
|
|
|
* @param array $args unused.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function handle($args)
|
|
|
|
{
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
|
|
$this->checkSessionToken();
|
|
|
|
try {
|
|
|
|
$this->saveSettings();
|
|
|
|
|
2009-11-08 13:16:34 +09:00
|
|
|
// Reload settings
|
|
|
|
|
|
|
|
Config::loadSettings();
|
|
|
|
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->success = true;
|
2010-03-03 06:01:18 +09:00
|
|
|
// TRANS: Message after successful saving of administrative settings.
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->msg = _('Settings saved.');
|
|
|
|
} catch (Exception $e) {
|
|
|
|
$this->success = false;
|
|
|
|
$this->msg = $e->getMessage();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$this->showPage();
|
|
|
|
}
|
|
|
|
|
2009-11-10 03:40:37 +09:00
|
|
|
/**
|
|
|
|
* Show tabset for this page
|
|
|
|
*
|
|
|
|
* Uses the AdminPanelNav widget
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
* @see AdminPanelNav
|
|
|
|
*/
|
|
|
|
function showLocalNav()
|
|
|
|
{
|
|
|
|
$nav = new AdminPanelNav($this);
|
|
|
|
$nav->show();
|
|
|
|
}
|
|
|
|
|
2009-11-08 09:18:22 +09:00
|
|
|
/**
|
|
|
|
* Show the content section of the page
|
|
|
|
*
|
|
|
|
* Here, we show the admin panel's form.
|
|
|
|
*
|
|
|
|
* @return void.
|
|
|
|
*/
|
|
|
|
function showContent()
|
|
|
|
{
|
|
|
|
$this->showForm();
|
|
|
|
}
|
|
|
|
|
2010-03-04 05:18:20 +09:00
|
|
|
/**
|
|
|
|
* Show content block. Overrided just to add a special class
|
2010-03-04 07:32:14 +09:00
|
|
|
* to the content div to allow styling.
|
2010-03-04 05:18:20 +09:00
|
|
|
*
|
|
|
|
* @return nothing
|
|
|
|
*/
|
|
|
|
function showContentBlock()
|
|
|
|
{
|
|
|
|
$this->elementStart('div', array('id' => 'content', 'class' => 'admin'));
|
|
|
|
$this->showPageTitle();
|
|
|
|
$this->showPageNoticeBlock();
|
|
|
|
$this->elementStart('div', array('id' => 'content_inner'));
|
|
|
|
// show the actual content (forms, lists, whatever)
|
|
|
|
$this->showContent();
|
|
|
|
$this->elementEnd('div');
|
|
|
|
$this->elementEnd('div');
|
|
|
|
}
|
|
|
|
|
2009-11-08 09:18:22 +09:00
|
|
|
/**
|
|
|
|
* show human-readable instructions for the page, or
|
|
|
|
* a success/failure on save.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function showPageNotice()
|
|
|
|
{
|
|
|
|
if ($this->msg) {
|
|
|
|
$this->element('div', ($this->success) ? 'success' : 'error',
|
|
|
|
$this->msg);
|
|
|
|
} else {
|
|
|
|
$inst = $this->getInstructions();
|
|
|
|
$output = common_markup_to_html($inst);
|
|
|
|
|
|
|
|
$this->elementStart('div', 'instructions');
|
|
|
|
$this->raw($output);
|
|
|
|
$this->elementEnd('div');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the admin panel form
|
|
|
|
*
|
|
|
|
* Sub-classes should overload this.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function showForm()
|
|
|
|
{
|
2010-04-11 05:50:15 +09:00
|
|
|
// TRANS: Client error message.
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->clientError(_('showForm() not implemented.'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Instructions for using this form.
|
|
|
|
*
|
|
|
|
* String with instructions for using the form.
|
|
|
|
*
|
|
|
|
* Subclasses should overload this.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function getInstructions()
|
|
|
|
{
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Save settings from the form
|
|
|
|
*
|
|
|
|
* Validate and save the settings from the user.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function saveSettings()
|
|
|
|
{
|
2010-03-03 06:01:18 +09:00
|
|
|
// TRANS: Client error message
|
2009-11-08 09:18:22 +09:00
|
|
|
$this->clientError(_('saveSettings() not implemented.'));
|
|
|
|
return;
|
|
|
|
}
|
2010-01-08 18:00:29 +09:00
|
|
|
|
2009-11-19 11:25:36 +09:00
|
|
|
/**
|
|
|
|
* Delete a design setting
|
|
|
|
*
|
|
|
|
* // XXX: Maybe this should go in Design? --Z
|
|
|
|
*
|
|
|
|
* @return mixed $result false if something didn't work
|
|
|
|
*/
|
|
|
|
function deleteSetting($section, $setting)
|
|
|
|
{
|
|
|
|
$config = new Config();
|
|
|
|
|
|
|
|
$config->section = $section;
|
|
|
|
$config->setting = $setting;
|
|
|
|
|
|
|
|
if ($config->find(true)) {
|
|
|
|
$result = $config->delete();
|
|
|
|
if (!$result) {
|
|
|
|
common_log_db_error($config, 'DELETE', __FILE__);
|
2010-04-11 05:50:15 +09:00
|
|
|
// TRANS: Client error message thrown if design settings could not be deleted in
|
|
|
|
// TRANS: the admin panel Design.
|
2009-11-19 11:25:36 +09:00
|
|
|
$this->clientError(_("Unable to delete design setting."));
|
|
|
|
return null;
|
|
|
|
}
|
2010-04-22 00:16:42 +09:00
|
|
|
return $result;
|
2009-11-19 11:25:36 +09:00
|
|
|
}
|
|
|
|
|
2010-04-22 00:16:42 +09:00
|
|
|
return null;
|
2009-11-19 11:25:36 +09:00
|
|
|
}
|
2010-02-07 00:32:50 +09:00
|
|
|
|
|
|
|
function canAdmin($name)
|
|
|
|
{
|
|
|
|
$isOK = false;
|
|
|
|
|
|
|
|
if (Event::handle('AdminPanelCheck', array($name, &$isOK))) {
|
|
|
|
$isOK = in_array($name, common_config('admin', 'panels'));
|
|
|
|
}
|
|
|
|
|
|
|
|
return $isOK;
|
|
|
|
}
|
2009-11-08 09:18:22 +09:00
|
|
|
}
|