madeon (madeon) wrote in changelog,
entry is in top1000 rating
madeon
madeon
changelog

[livejournal] r21077: LJSUP-11121: administrator view for sche...

Committer: sbelyaev
LJSUP-11121: administrator view for scheduled entries
U   trunk/cgi-bin/Apache/LiveJournal.pm
U   trunk/cgi-bin/LJ/DelayedEntry.pm
U   trunk/htdocs/manage/scheduled_posts.bml
U   trunk/htdocs/preview/entry.bml
Modified: trunk/cgi-bin/Apache/LiveJournal.pm
===================================================================
--- trunk/cgi-bin/Apache/LiveJournal.pm	2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/cgi-bin/Apache/LiveJournal.pm	2012-02-02 14:45:26 UTC (rev 21077)
@@ -879,6 +879,7 @@
             my $bml_file = "$ENV{LJHOME}/htdocs/preview/entry.bml";
             LJ::Request->uri($new_uri);
             LJ::Request->notes( 'delayed_id' => $delayed_id);
+            LJ::Request->notes( 'usejournal' => $user );
             return $bml_handler->($bml_file);
         } elsif ($uuri =~ m#^/pics#) {
             $mode = "ljphotoalbums";

Modified: trunk/cgi-bin/LJ/DelayedEntry.pm
===================================================================
--- trunk/cgi-bin/LJ/DelayedEntry.pm	2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/cgi-bin/LJ/DelayedEntry.pm	2012-02-02 14:45:26 UTC (rev 21077)
@@ -6,6 +6,10 @@
 use LJ::User;
 use Storable;
 
+use constant {
+    VIEW_ALL => 2,
+};
+
 #common methodss
 
 sub create_from_url {
@@ -51,7 +55,7 @@
     my $posttime    = __get_datetime($req);
     my $data_ser    = __serialize($req);
     my $delayedid   = LJ::alloc_user_counter( $journal, 
-                                             'Y',
+                                              'Y',
                                               undef);
     my $security    = "public";
     my $uselogsec   = 0;
@@ -287,6 +291,9 @@
 
 sub timezone {
     my $remote = LJ::get_remote();
+    if (!$remote) {
+        return 0;
+    }
     return $remote->prop("timezone");
 }
 
@@ -580,7 +587,6 @@
     return 0;
 }
 
-
 sub update_tags {
     my ($self, $tags) = @_;
     $self->props->{taglist} = $tags;
@@ -608,9 +614,9 @@
 
 sub load_data {
     my ($class, $dbcr, $opts) = @_;
-    __assert($opts->{journalid}, "no journal id");
+    __assert($opts->{journalid},  "no journal id");
     __assert($opts->{delayed_id}, "no delayed id");
-    __assert($opts->{posterid}, "no poster id");
+    __assert($opts->{posterid},   "no poster id");
 
     my $journalid = $opts->{journalid};
     my $delayedid = $opts->{delayed_id};
@@ -620,12 +626,12 @@
                                             "WHERE journalid=$journalid AND " .
                                             "delayedid = $delayedid" );
 
-    my $self = bless {}, $class; 
-    $self->{journal} = LJ::want_user($opts->{journalid});
-    $self->{data} = __deserialize($data_ser);
-    $self->{poster} = LJ::want_user($opts->{posterid});
+    my $self = bless {}, $class;
     $self->{delayed_id} = $delayedid;
-    $self->{posttime} = __get_datetime($self->{data});
+    $self->{journal}    = LJ::want_user($opts->{journalid});
+    $self->{poster}     = LJ::want_user($opts->{posterid});
+    $self->{data}       = __deserialize($data_ser);
+    $self->{posttime}   = __get_datetime($self->{data});
 
     return $self;
 }
@@ -646,7 +652,9 @@
     my $delayed_visibility = $options->{'delayed_visibility'} || 0;
 
     my $sql_poster = '';
-    if ( !$delayed_visibility && !__delayed_entry_can_see( $journal, $user ) ) {
+    my $can_see = __delayed_entry_can_see( $journal, $user );
+
+    if ( !$delayed_visibility && !$can_see ) {
         $sql_poster = 'AND posterid = ' . $user->userid . " "; 
     }
 
@@ -679,6 +687,13 @@
     $self->{taglist}            = __extract_tag_list( \$self->prop("taglist") );
     $self->{default_dateformat} = $options->{'dateformat'} || 'S2';
 
+    if (!$can_see && ($delayed_visibility != VIEW_ALL)) {
+        if ($self->security ne "public") {
+            $self->data->{'subject'} = "*private content: subject*";
+            $self->data->{'event'}   = "*private content: event*";
+        }
+    }
+
     __assert( $self->{poster},  "no poster" );
     __assert( $self->{journal}, "no journal" );
     return $self;
@@ -784,7 +799,9 @@
     my $userid        = $opts->{'userid'};
     my $only_my       = $opts->{'only_my'};
     my $sticky_on_top = $opts->{'sticky_on_top'};
-    
+
+    my $delayed_visibility = $opts->{'delayed_visibility'} || 0;
+
     my $dbcr = LJ::get_cluster_def_reader($journal) 
         or die "get cluster for journal failed";
 
@@ -798,10 +815,12 @@
 
     return [] unless $u;
     $userid = $u->userid;
-   
+
     my $sql_poster = ''; 
     if ( !__delayed_entry_can_see( $journal, $u ) || $only_my ) {
-        $sql_poster = 'AND posterid = ' . $u->userid . " ";
+        if (!$delayed_visibility || $only_my) {
+            $sql_poster = 'AND posterid = ' . $u->userid . " ";
+        }
     }
 
     my $sql_limit = '';
@@ -810,10 +829,10 @@
     }
 
     my $sticky_sql = $sticky_on_top ? 'is_sticky ASC, ' : '';
+    my $journalid = $journal->userid;
 
-    my $journalid = $journal->userid;
     return $dbcr->selectcol_arrayref("SELECT delayedid " .
-                                     "FROM delayedlog2 WHERE journalid=$journalid  $sql_poster".
+                                     "FROM delayedlog2 WHERE journalid=$journalid $sql_poster".
                                      "ORDER BY $sticky_sql revptime DESC $sql_limit");
 }
 

Modified: trunk/htdocs/manage/scheduled_posts.bml
===================================================================
--- trunk/htdocs/manage/scheduled_posts.bml	2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/htdocs/manage/scheduled_posts.bml	2012-02-02 14:45:26 UTC (rev 21077)
@@ -19,7 +19,6 @@
                     js/scanner.js
                     js/photobucket_jw.js
                     ));
-
     if (!LJ::is_enabled("delayed_entries")) {
           return LJ::error_list("This feature is disabled.");
     }
@@ -38,6 +37,14 @@
         return BML::redirect("$LJ::SITEROOT/agecheck/?s=1");
     }
 
+    my $is_admin = LJ::check_priv($remote, "canview", "scheduled");
+    my $can_viewall = LJ::check_priv($remote, "canview", "*");
+
+    my $visibility = $is_admin;
+    if ($can_viewall && $GET{'viewall'} == 1) {
+        $visibility = LJ::DelayedEntry::VIEW_ALL;
+    }
+
     my $usejournal_u = LJ::load_user ($usejournal || $remote->user);
 
     my $entry_chooser = sub {
@@ -95,7 +102,9 @@
         my @ordered;
 
         foreach my $ditem (@$delayed_entries) {
-            my $entry = LJ::DelayedEntry->get_entry_by_id($u, $ditem);
+            my $entry = LJ::DelayedEntry->get_entry_by_id( $u,
+                                                           $ditem,
+                                                           { 'delayed_visibility' => $visibility } );
 
             push @ordered, {
                             'alldatepart'        => $entry->alldatepart ,
@@ -114,7 +123,8 @@
     my $delayed_entries = LJ::DelayedEntry->get_entries_by_journal($usejournal_u,
                                                                    { 'skip'    => $skip,
                                                                      'show'    => $items_per_page + 1,
-                                                                     'only_my' => $only_me_checked, });
+                                                                     'only_my' => $only_me_checked,
+                                                                     'delayed_visibility' => $visibility });
 
     my $have_next_page =  scalar @$delayed_entries > $items_per_page;
     if ($have_next_page) {

Modified: trunk/htdocs/preview/entry.bml
===================================================================
--- trunk/htdocs/preview/entry.bml	2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/htdocs/preview/entry.bml	2012-02-02 14:45:26 UTC (rev 21077)
@@ -20,12 +20,12 @@
     ## http://download.microsoft.com/download/6/6/B/66B06981-67F0-4151-B71D-848BEF65F3C7/Developing%20Securely%20with%20Cross%20Site%20Scripting%20Filter%20%20-%20IE8%20Developer%20Series%20Information%20Page.pdf
     LJ::Request->header_out("X-XSS-Protection" => 0);
     
+    my $usejournal = $POST{'usejournal'} || LJ::Request->notes('usejournal');
 
-
     ### Figure out poster/journal
     my ($u, $up);
-    if ($POST{'usejournal'}) {
-        $u = LJ::load_user($POST{'usejournal'});
+    if ($usejournal) {
+        $u = LJ::load_user($usejournal);
         $up = $POST{'user'} ? LJ::load_user($POST{'user'}) : $remote;
     } elsif ($POST{'user'}) {
         $u = LJ::load_user($POST{'user'});
@@ -41,15 +41,12 @@
     my ($ditemid, $anum, $itemid);
     my %req = ( 'usejournal' => $POST{'usejournal'}, );
 
-    my $delayed_obj; 
     if (!$delayed_id) {
         LJ::entry_form_decode(\%req, \%POST);
     } else {
-        $delayed_obj
-            = LJ::DelayedEntry->get_entry_by_id($u, $delayed_id);
-
+        my $delayed_obj = LJ::DelayedEntry->get_entry_by_id($u, $delayed_id);
         if (!$delayed_obj) {
-            return "unknown error";
+            return "no such scheduled entry $delayed_id for user "  . $u->user;
         }
 
         %req = %{$delayed_obj->data};

Tags: bml, livejournal, madeon, pm, sbelyaev
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments