VladPolskiy/dokuwiki-plugin-struct
1
0
Fork 0
mirror of https://github.com/cosmocode/dokuwiki-plugin-struct.git synced 2025-08-06 10:24:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

do various checks before editing and saving

Browse Source 
ACLs, CSRF, page locking
This commit is contained in:
Andreas Gohr
2016-08-01 16:59:54 +02:00
parent 4731b875bb
commit cdd09a9619
2 changed files with 54 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
action/inline.php
View File

@ -64,43 +64,55 @@ class action_plugin_struct_inline extends DokuWiki_Action_Plugin {
echo $e->getMessage(); echo $e->getMessage();
} }
} }
if(substr($event->data,$len) == 'cancel') {
$this->inline_cancel();
}
} }
/**
* Creates the inline editor
*/
protected function inline_editor() { protected function inline_editor() {
// silently fail when editing not possible
if(!$this->initFromInput()) return; if(!$this->initFromInput()) return;
if(auth_quickaclcheck($this->pid) < AUTH_EDIT) return;
if(checklock($this->pid)) return;
// lock page
lock($this->pid);
// FIXME check read permission // output the editor
// FIXME lock page
$value = $this->schemadata->getDataColumn($this->column); $value = $this->schemadata->getDataColumn($this->column);
echo '<div>'; echo '<div>';
echo $value->getValueEditor('entry'); echo $value->getValueEditor('entry');
echo '</div>'; echo '</div>';
$hint = $this->column->getType()->getTranslatedHint(); $hint = $this->column->getType()->getTranslatedHint();
if($hint) { if($hint) {
echo '<div class="hint">'; echo '<div class="hint">';
echo hsc($hint); echo hsc($hint);
echo '</div>'; echo '</div>';
} }
// csrf protection
formSecurityToken();
} }
/**
* Save the data posted by the inline editor
*/
protected function inline_save() { protected function inline_save() {
global $INPUT; global $INPUT;
if(!$this->initFromInput()) { if (
!$this->initFromInput() || // initialize
getSecurityToken() != $INPUT->str('sectoc') || // csrf check
auth_quickaclcheck($this->pid) < AUTH_EDIT || // edit permissions
checklock($this->pid) // page is locked
) {
throw new StructException('inline save error'); throw new StructException('inline save error');
} }
// FIXME
// FIXME handle CSRF protection
// FIXME check write permission
// FIXME make sure page still locked
// validate // validate
$value = $INPUT->param('entry'); $value = $INPUT->param('entry');
$validator = new Validator(); $validator = new Validator();
@ -118,16 +130,26 @@ class action_plugin_struct_inline extends DokuWiki_Action_Plugin {
$helper = plugin_load('helper', 'struct'); $helper = plugin_load('helper', 'struct');
$helper->saveData($this->pid, $tosave, 'inline edit'); $helper->saveData($this->pid, $tosave, 'inline edit');
// unlock
unlock($this->pid);
// reinit then render // reinit then render
$this->initFromInput(); $this->initFromInput();
$value = $this->schemadata->getDataColumn($this->column); $value = $this->schemadata->getDataColumn($this->column);
$R = new Doku_Renderer_xhtml(); $R = new Doku_Renderer_xhtml();
$value->render($R, 'xhtml'); // FIXME use configured default renderer $value->render($R, 'xhtml'); // FIXME use configured default renderer
echo $R->doc; echo $R->doc;
} }
/**
* Unlock a page (on cancel action)
*/
protected function inline_cancel() {
global $INPUT;
$pid = $INPUT->str('pid');
unlock($pid);
}
/** /**
* Initialize internal state based on input variables * Initialize internal state based on input variables
* *

25
script.js
View File

@ -232,6 +232,9 @@ jQuery(function () {
}); });
}); });
/**
* Confirm Schema Deletion
*/
jQuery('a.deleteSchema').click(function (event) { jQuery('a.deleteSchema').click(function (event) {
var schema = jQuery(this).closest('tr').find('td:nth-child(2)').text(); var schema = jQuery(this).closest('tr').find('td:nth-child(2)').text();
var page = jQuery(this).closest('tr').find('td:nth-child(1)').text(); var page = jQuery(this).closest('tr').find('td:nth-child(1)').text();
@ -241,8 +244,14 @@ jQuery(function () {
} }
}); });
/**
* Inline Editor
*
* @todo move to separate file
*/
jQuery('div.structaggregation table td').dblclick(function (e) { jQuery('div.structaggregation table td').dblclick(function (e) {
e.preventDefault();
var $self = jQuery(this); var $self = jQuery(this);
var pid = $self.parent().data('pid'); var pid = $self.parent().data('pid');
var field = $self.parents('table').find('tr th').eq($self.index()).data('field'); var field = $self.parents('table').find('tr th').eq($self.index()).data('field');
@ -261,7 +270,6 @@ jQuery(function () {
$form.append('<input type="hidden" name="call" value="plugin_struct_inline_save">'); $form.append('<input type="hidden" name="call" value="plugin_struct_inline_save">');
$form.append(jQuery('<div class="ctl">').append($save).append($cancel)); $form.append(jQuery('<div class="ctl">').append($save).append($cancel));
/** /**
* load the editor * load the editor
*/ */
@ -291,7 +299,6 @@ jQuery(function () {
} }
); );
/** /**
* Save the data, then close the form * Save the data, then close the form
*/ */
@ -319,14 +326,18 @@ jQuery(function () {
* Close the editor without saving * Close the editor without saving
*/ */
$cancel.click(function (e) { $cancel.click(function (e) {
// unlock page
// FIXME unlock page jQuery.post(
DOKU_BASE + 'lib/exe/ajax.php',
{
call: 'plugin_struct_inline_cancel',
pid: pid
}
);
e.preventDefault(); e.preventDefault();
$div.remove(); $div.remove();
}); });
}); });
}); });