[livejournal] r21077: LJSUP-11121: administrator view for sche...
Committer: sbelyaev
LJSUP-11121: administrator view for scheduled entriesU trunk/cgi-bin/Apache/LiveJournal.pm U trunk/cgi-bin/LJ/DelayedEntry.pm U trunk/htdocs/manage/scheduled_posts.bml U trunk/htdocs/preview/entry.bml
Modified: trunk/cgi-bin/Apache/LiveJournal.pm
===================================================================
--- trunk/cgi-bin/Apache/LiveJournal.pm 2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/cgi-bin/Apache/LiveJournal.pm 2012-02-02 14:45:26 UTC (rev 21077)
@@ -879,6 +879,7 @@
my $bml_file = "$ENV{LJHOME}/htdocs/preview/entry.bml";
LJ::Request->uri($new_uri);
LJ::Request->notes( 'delayed_id' => $delayed_id);
+ LJ::Request->notes( 'usejournal' => $user );
return $bml_handler->($bml_file);
} elsif ($uuri =~ m#^/pics#) {
$mode = "ljphotoalbums";
Modified: trunk/cgi-bin/LJ/DelayedEntry.pm
===================================================================
--- trunk/cgi-bin/LJ/DelayedEntry.pm 2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/cgi-bin/LJ/DelayedEntry.pm 2012-02-02 14:45:26 UTC (rev 21077)
@@ -6,6 +6,10 @@
use LJ::User;
use Storable;
+use constant {
+ VIEW_ALL => 2,
+};
+
#common methodss
sub create_from_url {
@@ -51,7 +55,7 @@
my $posttime = __get_datetime($req);
my $data_ser = __serialize($req);
my $delayedid = LJ::alloc_user_counter( $journal,
- 'Y',
+ 'Y',
undef);
my $security = "public";
my $uselogsec = 0;
@@ -287,6 +291,9 @@
sub timezone {
my $remote = LJ::get_remote();
+ if (!$remote) {
+ return 0;
+ }
return $remote->prop("timezone");
}
@@ -580,7 +587,6 @@
return 0;
}
-
sub update_tags {
my ($self, $tags) = @_;
$self->props->{taglist} = $tags;
@@ -608,9 +614,9 @@
sub load_data {
my ($class, $dbcr, $opts) = @_;
- __assert($opts->{journalid}, "no journal id");
+ __assert($opts->{journalid}, "no journal id");
__assert($opts->{delayed_id}, "no delayed id");
- __assert($opts->{posterid}, "no poster id");
+ __assert($opts->{posterid}, "no poster id");
my $journalid = $opts->{journalid};
my $delayedid = $opts->{delayed_id};
@@ -620,12 +626,12 @@
"WHERE journalid=$journalid AND " .
"delayedid = $delayedid" );
- my $self = bless {}, $class;
- $self->{journal} = LJ::want_user($opts->{journalid});
- $self->{data} = __deserialize($data_ser);
- $self->{poster} = LJ::want_user($opts->{posterid});
+ my $self = bless {}, $class;
$self->{delayed_id} = $delayedid;
- $self->{posttime} = __get_datetime($self->{data});
+ $self->{journal} = LJ::want_user($opts->{journalid});
+ $self->{poster} = LJ::want_user($opts->{posterid});
+ $self->{data} = __deserialize($data_ser);
+ $self->{posttime} = __get_datetime($self->{data});
return $self;
}
@@ -646,7 +652,9 @@
my $delayed_visibility = $options->{'delayed_visibility'} || 0;
my $sql_poster = '';
- if ( !$delayed_visibility && !__delayed_entry_can_see( $journal, $user ) ) {
+ my $can_see = __delayed_entry_can_see( $journal, $user );
+
+ if ( !$delayed_visibility && !$can_see ) {
$sql_poster = 'AND posterid = ' . $user->userid . " ";
}
@@ -679,6 +687,13 @@
$self->{taglist} = __extract_tag_list( \$self->prop("taglist") );
$self->{default_dateformat} = $options->{'dateformat'} || 'S2';
+ if (!$can_see && ($delayed_visibility != VIEW_ALL)) {
+ if ($self->security ne "public") {
+ $self->data->{'subject'} = "*private content: subject*";
+ $self->data->{'event'} = "*private content: event*";
+ }
+ }
+
__assert( $self->{poster}, "no poster" );
__assert( $self->{journal}, "no journal" );
return $self;
@@ -784,7 +799,9 @@
my $userid = $opts->{'userid'};
my $only_my = $opts->{'only_my'};
my $sticky_on_top = $opts->{'sticky_on_top'};
-
+
+ my $delayed_visibility = $opts->{'delayed_visibility'} || 0;
+
my $dbcr = LJ::get_cluster_def_reader($journal)
or die "get cluster for journal failed";
@@ -798,10 +815,12 @@
return [] unless $u;
$userid = $u->userid;
-
+
my $sql_poster = '';
if ( !__delayed_entry_can_see( $journal, $u ) || $only_my ) {
- $sql_poster = 'AND posterid = ' . $u->userid . " ";
+ if (!$delayed_visibility || $only_my) {
+ $sql_poster = 'AND posterid = ' . $u->userid . " ";
+ }
}
my $sql_limit = '';
@@ -810,10 +829,10 @@
}
my $sticky_sql = $sticky_on_top ? 'is_sticky ASC, ' : '';
+ my $journalid = $journal->userid;
- my $journalid = $journal->userid;
return $dbcr->selectcol_arrayref("SELECT delayedid " .
- "FROM delayedlog2 WHERE journalid=$journalid $sql_poster".
+ "FROM delayedlog2 WHERE journalid=$journalid $sql_poster".
"ORDER BY $sticky_sql revptime DESC $sql_limit");
}
Modified: trunk/htdocs/manage/scheduled_posts.bml
===================================================================
--- trunk/htdocs/manage/scheduled_posts.bml 2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/htdocs/manage/scheduled_posts.bml 2012-02-02 14:45:26 UTC (rev 21077)
@@ -19,7 +19,6 @@
js/scanner.js
js/photobucket_jw.js
));
-
if (!LJ::is_enabled("delayed_entries")) {
return LJ::error_list("This feature is disabled.");
}
@@ -38,6 +37,14 @@
return BML::redirect("$LJ::SITEROOT/agecheck/?s=1");
}
+ my $is_admin = LJ::check_priv($remote, "canview", "scheduled");
+ my $can_viewall = LJ::check_priv($remote, "canview", "*");
+
+ my $visibility = $is_admin;
+ if ($can_viewall && $GET{'viewall'} == 1) {
+ $visibility = LJ::DelayedEntry::VIEW_ALL;
+ }
+
my $usejournal_u = LJ::load_user ($usejournal || $remote->user);
my $entry_chooser = sub {
@@ -95,7 +102,9 @@
my @ordered;
foreach my $ditem (@$delayed_entries) {
- my $entry = LJ::DelayedEntry->get_entry_by_id($u, $ditem);
+ my $entry = LJ::DelayedEntry->get_entry_by_id( $u,
+ $ditem,
+ { 'delayed_visibility' => $visibility } );
push @ordered, {
'alldatepart' => $entry->alldatepart ,
@@ -114,7 +123,8 @@
my $delayed_entries = LJ::DelayedEntry->get_entries_by_journal($usejournal_u,
{ 'skip' => $skip,
'show' => $items_per_page + 1,
- 'only_my' => $only_me_checked, });
+ 'only_my' => $only_me_checked,
+ 'delayed_visibility' => $visibility });
my $have_next_page = scalar @$delayed_entries > $items_per_page;
if ($have_next_page) {
Modified: trunk/htdocs/preview/entry.bml
===================================================================
--- trunk/htdocs/preview/entry.bml 2012-02-02 14:34:55 UTC (rev 21076)
+++ trunk/htdocs/preview/entry.bml 2012-02-02 14:45:26 UTC (rev 21077)
@@ -20,12 +20,12 @@
## http://download.microsoft.com/download/6/6/B/66B06981-67F0-4151-B71D-848BEF65F3C7/Developing%20Securely%20with%20Cross%20Site%20Scripting%20Filter%20%20-%20IE8%20Developer%20Series%20Information%20Page.pdf
LJ::Request->header_out("X-XSS-Protection" => 0);
+ my $usejournal = $POST{'usejournal'} || LJ::Request->notes('usejournal');
-
### Figure out poster/journal
my ($u, $up);
- if ($POST{'usejournal'}) {
- $u = LJ::load_user($POST{'usejournal'});
+ if ($usejournal) {
+ $u = LJ::load_user($usejournal);
$up = $POST{'user'} ? LJ::load_user($POST{'user'}) : $remote;
} elsif ($POST{'user'}) {
$u = LJ::load_user($POST{'user'});
@@ -41,15 +41,12 @@
my ($ditemid, $anum, $itemid);
my %req = ( 'usejournal' => $POST{'usejournal'}, );
- my $delayed_obj;
if (!$delayed_id) {
LJ::entry_form_decode(\%req, \%POST);
} else {
- $delayed_obj
- = LJ::DelayedEntry->get_entry_by_id($u, $delayed_id);
-
+ my $delayed_obj = LJ::DelayedEntry->get_entry_by_id($u, $delayed_id);
if (!$delayed_obj) {
- return "unknown error";
+ return "no such scheduled entry $delayed_id for user " . $u->user;
}
%req = %{$delayed_obj->data};