Private threads, handle access.

[ndwebbie.git] / lib / NDWeb / Controller / Forum.pm

diff --git a/lib/NDWeb/Controller/Forum.pm b/lib/NDWeb/Controller/Forum.pm
index c7e8b4d7bc2464db758e8f7f99e96c74b8102f39..f33319aabb6379e4cfff2f5ed62a807f19366d00 100644 (file)
--- a/lib/NDWeb/Controller/Forum.pm
+++ b/lib/NDWeb/Controller/Forum.pm
@@ -218,6 +218,11 @@ sub thread : Local {
                $c->stash(template => 'access_denied.tt2');
                return;
        }
+       my $query = $dbh->prepare(q{SELECT uid,username FROM users u
+               JOIN forum_priv_access fta USING (uid) WHERE fta.ftid = $1});
+       $query->execute($thread);
+       $c->stash(access => $query->fetchall_arrayref({}) );
+       $c->forward('findUsers') if $c->stash->{thread}->{moderate};
        $c->forward('findPosts');
        $c->forward('markThreadAsRead') if $c->user_exists;
 }
@@ -385,6 +390,69 @@ sub setSticky : Local {
        $c->res->redirect($c->uri_for('thread',$thread));
 }
 
+sub postthreadaccess : Local {
+       my ( $self, $c, $thread) = @_;
+       my $dbh = $c->model;
+
+       $c->forward('findThread');
+       $dbh->begin_work;
+       unless ($c->stash->{thread}->{moderate}){
+               $c->acl_access_denied('test',$c->action,'No moderator access to board.')
+       }
+       if ($c->req->param('access')){
+               $c->req->parameters->{access} = [$c->req->parameters->{access}]
+                       unless ref $c->req->parameters->{access} eq 'ARRAY';
+               my $query = $dbh->prepare(q{DELETE From forum_priv_access
+                       WHERE ftid = $1 AND uid = ANY ($2)});
+               $query->execute($thread,$c->req->parameters->{access});
+               $dbh->do(q{INSERT INTO forum_posts (ftid,uid,message)
+                       VALUES((SELECT ftid FROM users WHERE uid = $1),$1,$2)
+                       }, undef, $c->user->id
+                       ,"Removed access on thread $thread for : @{$c->req->parameters->{access}}");
+       }
+       if ($c->req->param('uid')){
+               $c->forward('addaccess');
+       }
+       $dbh->commit;
+       $c->res->redirect($c->uri_for('thread',$thread));
+}
+
+sub removeownthreadaccess : Local {
+       my ( $self, $c, $thread) = @_;
+       my $dbh = $c->model;
+       $dbh->do(q{DELETE FROM forum_priv_access WHERE uid = $1 AND ftid = $2}
+               ,undef,$c->user->id,$thread);
+       $c->res->redirect($c->uri_for('allUnread'));
+}
+
+sub addaccess : Private {
+       my ( $self, $c, $thread) = @_;
+       my $dbh = $c->model;
+
+       $c->req->parameters->{uid} = [$c->req->parameters->{uid}]
+               unless ref $c->req->parameters->{uid} eq 'ARRAY';
+       my $query = $dbh->prepare(q{INSERT INTO forum_priv_access (ftid,uid)
+               (SELECT $1,uid FROM users u WHERE uid = ANY ($2) AND NOT uid
+                       IN (SELECT uid FROM forum_priv_access WHERE ftid = $1))});
+       $query->execute($thread,$c->req->parameters->{uid});
+       $dbh->do(q{INSERT INTO forum_posts (ftid,uid,message)
+               VALUES((SELECT ftid FROM users WHERE uid = $1),$1,$2)
+               }, undef, $c->user->id
+               ,"Gave access on thread $thread to : @{$c->req->parameters->{uid}}");
+}
+
+sub findUsers : Private {
+       my ( $self, $c ) = @_;
+       my $dbh = $c->model;
+
+       my $query = $dbh->prepare(q{SELECT uid,username FROM users
+               WHERE uid > 0 AND uid IN (SELECT uid FROM groupmembers)
+               ORDER BY LOWER(username)});
+       $query->execute;
+
+       $c->stash(users => $query->fetchall_arrayref({}) );
+}
+
 sub findThread : Private {
        my ( $self, $c, $thread ) = @_;
        my $dbh = $c->model;