From: Michael Andreen Date: Thu, 24 Jul 2008 12:00:08 +0000 (+0200) Subject: Private threads, handle access. X-Git-Url: https://ruin.nu/git/?p=ndwebbie.git;a=commitdiff_plain;h=c4b993d742eff701dfe3784bfaedf81f9e4cd34d Private threads, handle access. --- diff --git a/lib/NDWeb/Controller/Forum.pm b/lib/NDWeb/Controller/Forum.pm index c7e8b4d..f33319a 100644 --- a/lib/NDWeb/Controller/Forum.pm +++ b/lib/NDWeb/Controller/Forum.pm @@ -218,6 +218,11 @@ sub thread : Local { $c->stash(template => 'access_denied.tt2'); return; } + my $query = $dbh->prepare(q{SELECT uid,username FROM users u + JOIN forum_priv_access fta USING (uid) WHERE fta.ftid = $1}); + $query->execute($thread); + $c->stash(access => $query->fetchall_arrayref({}) ); + $c->forward('findUsers') if $c->stash->{thread}->{moderate}; $c->forward('findPosts'); $c->forward('markThreadAsRead') if $c->user_exists; } @@ -385,6 +390,69 @@ sub setSticky : Local { $c->res->redirect($c->uri_for('thread',$thread)); } +sub postthreadaccess : Local { + my ( $self, $c, $thread) = @_; + my $dbh = $c->model; + + $c->forward('findThread'); + $dbh->begin_work; + unless ($c->stash->{thread}->{moderate}){ + $c->acl_access_denied('test',$c->action,'No moderator access to board.') + } + if ($c->req->param('access')){ + $c->req->parameters->{access} = [$c->req->parameters->{access}] + unless ref $c->req->parameters->{access} eq 'ARRAY'; + my $query = $dbh->prepare(q{DELETE From forum_priv_access + WHERE ftid = $1 AND uid = ANY ($2)}); + $query->execute($thread,$c->req->parameters->{access}); + $dbh->do(q{INSERT INTO forum_posts (ftid,uid,message) + VALUES((SELECT ftid FROM users WHERE uid = $1),$1,$2) + }, undef, $c->user->id + ,"Removed access on thread $thread for : @{$c->req->parameters->{access}}"); + } + if ($c->req->param('uid')){ + $c->forward('addaccess'); + } + $dbh->commit; + $c->res->redirect($c->uri_for('thread',$thread)); +} + +sub removeownthreadaccess : Local { + my ( $self, $c, $thread) = @_; + my $dbh = $c->model; + $dbh->do(q{DELETE FROM forum_priv_access WHERE uid = $1 AND ftid = $2} + ,undef,$c->user->id,$thread); + $c->res->redirect($c->uri_for('allUnread')); +} + +sub addaccess : Private { + my ( $self, $c, $thread) = @_; + my $dbh = $c->model; + + $c->req->parameters->{uid} = [$c->req->parameters->{uid}] + unless ref $c->req->parameters->{uid} eq 'ARRAY'; + my $query = $dbh->prepare(q{INSERT INTO forum_priv_access (ftid,uid) + (SELECT $1,uid FROM users u WHERE uid = ANY ($2) AND NOT uid + IN (SELECT uid FROM forum_priv_access WHERE ftid = $1))}); + $query->execute($thread,$c->req->parameters->{uid}); + $dbh->do(q{INSERT INTO forum_posts (ftid,uid,message) + VALUES((SELECT ftid FROM users WHERE uid = $1),$1,$2) + }, undef, $c->user->id + ,"Gave access on thread $thread to : @{$c->req->parameters->{uid}}"); +} + +sub findUsers : Private { + my ( $self, $c ) = @_; + my $dbh = $c->model; + + my $query = $dbh->prepare(q{SELECT uid,username FROM users + WHERE uid > 0 AND uid IN (SELECT uid FROM groupmembers) + ORDER BY LOWER(username)}); + $query->execute; + + $c->stash(users => $query->fetchall_arrayref({}) ); +} + sub findThread : Private { my ( $self, $c, $thread ) = @_; my $dbh = $c->model; diff --git a/root/src/forum/thread.tt2 b/root/src/forum/thread.tt2 index 2e06831..bd3a1be 100644 --- a/root/src/forum/thread.tt2 +++ b/root/src/forum/thread.tt2 @@ -26,3 +26,36 @@ [% END %] + +[% IF access.size > 0 %] +[% hasaccess = 0 %] +

The following ppl have access to this thread: [% FOR a IN access %] + [% IF a.uid == UID; hasaccess = 1; END %] +[% a.username %] + [% END %]

+ [% IF hasaccess %] +

Remove your access

+ [% END %] +[% END %] + +[% IF thread.moderate %] +
+
Change thread access + + + + + + +
AddRemove
+ +
+[% END %]