From 5a5b784d1e68715862278ebfb52d2fcdd626af9a Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Sun, 21 Jan 2007 12:55:40 +0000
Subject: [PATCH] "petites correction d'autorisation (il y avait des
restrictions erronees pour les redacteurs) et
('creerxxxdans','rubrique',$id_rubrique) systematique"
---
ecrire/exec/articles_edit.php | 2 +-
ecrire/exec/breves_edit.php | 4 ++--
ecrire/exec/naviguer.php | 12 +++++------
ecrire/exec/sites_edit.php | 17 ++++++++--------
ecrire/inc/autoriser.php | 38 +++++++++++++++++++++++++++++++++++
5 files changed, 56 insertions(+), 17 deletions(-)
diff --git a/ecrire/exec/articles_edit.php b/ecrire/exec/articles_edit.php
index ebbdb1157d..58f6cbe332 100644
--- a/ecrire/exec/articles_edit.php
+++ b/ecrire/exec/articles_edit.php
@@ -33,7 +33,7 @@ function articles_edit($id_article, $id_rubrique,$lier_trad, $id_version, $new,
{
$commencer_page = charger_fonction('commencer_page', 'inc');
if (
- ($new AND !autoriser('voir','rubrique',$id_rubrique))
+ ($new AND !autoriser('creerarticledans','rubrique',$id_rubrique))
OR (!$new AND (!autoriser('voir', 'article', $id_article) OR !autoriser('modifier','article', $id_article)))
) {
echo $commencer_page(_T('info_modifier_titre', array('titre' => $titre)), "naviguer", "rubriques", $id_rubrique);
diff --git a/ecrire/exec/breves_edit.php b/ecrire/exec/breves_edit.php
index 7f8defd030..cbe5178037 100644
--- a/ecrire/exec/breves_edit.php
+++ b/ecrire/exec/breves_edit.php
@@ -25,8 +25,8 @@ function exec_breves_edit_dist()
$id_rubrique = intval(_request('id_rubrique'));
$new = _request('new');
- if ( (!$new AND !autoriser('voir','breve',$id_breve))
- OR ($new AND !autoriser('voir','rubrique',$id_rubrique)) ) {
+ if ( (!$new AND (!autoriser('voir','breve',$id_breve) OR !autoriser('modifier','breve', $id_breve)))
+ OR ($new AND !autoriser('creerbrevedans','rubrique',$id_rubrique)) ) {
echo $commencer_page("« $titre_breve »", "naviguer", "breves", $id_rubrique);
echo "<strong>"._T('avis_acces_interdit')."</strong>";
echo fin_page();
diff --git a/ecrire/exec/naviguer.php b/ecrire/exec/naviguer.php
index 4802cf49f4..4c6d204f80 100644
--- a/ecrire/exec/naviguer.php
+++ b/ecrire/exec/naviguer.php
@@ -122,7 +122,7 @@ function exec_naviguer_dist()
fin_cadre_relief();
- echo afficher_enfant_rub($id_rubrique, $flag_editable, false);
+ echo afficher_enfant_rub($id_rubrique, autoriser('creerrubriquedans','rubrique',$id_rubrique), false);
echo contenu_naviguer($id_rubrique, $id_parent, $ze_logo, $flag_editable);
@@ -199,11 +199,11 @@ function raccourcis_naviguer($id_rubrique, $id_parent)
$n = spip_num_rows(spip_query("SELECT id_rubrique FROM spip_rubriques LIMIT 1"));
if ($n) {
- if ($id_rubrique > 0)
+ if (autoriser('creerarticledans','rubrique',$id_rubrique))
$res .= icone_horizontale(_T('icone_ecrire_article'), generer_url_ecrire("articles_edit","id_rubrique=$id_rubrique&new=oui"), "article-24.gif","creer.gif", false);
$activer_breves = $GLOBALS['meta']["activer_breves"];
- if ($activer_breves != "non" AND $id_parent == "0" AND $id_rubrique != "0") {
+ if (autoriser('creerbrevedans','rubrique',$id_rubrique,NULL,array('id_parent'=>$id_parent))) {
$res .= icone_horizontale(_T('icone_nouvelle_breve'), generer_url_ecrire("breves_edit","id_rubrique=$id_rubrique&new=oui"), "breve-24.gif","creer.gif", false);
}
}
@@ -340,7 +340,7 @@ function contenu_naviguer($id_rubrique, $id_parent) {
$res .= afficher_articles(_T('info_tous_articles_presents'), array("WHERE" => "statut='publie' AND id_rubrique='$id_rubrique'", 'ORDER BY' => "date DESC"));
- if ($id_rubrique > 0){
+ if (autoriser('creerarticledans','rubrique',$id_rubrique)){
$res .= "<div align='$spip_lang_right'>"
. icone(_T('icone_ecrire_article'), generer_url_ecrire("articles_edit","id_rubrique=$id_rubrique&new=oui"), "article-24.gif", "creer.gif", '', 'non')
. "</div>";
@@ -351,7 +351,7 @@ function contenu_naviguer($id_rubrique, $id_parent) {
$res .= afficher_breves('<b>' . _T('icone_ecrire_nouvel_article') . '</b>', array("FROM" => 'spip_breves', 'WHERE' => "id_rubrique='$id_rubrique' AND statut != 'prop' AND statut != 'prepa'", 'ORDER BY' => "date_heure DESC"));
- if ((!$id_parent) AND $id_rubrique AND $GLOBALS['meta']["activer_breves"]!="non"){
+ if (autoriser('creerbrevedans','rubrique',$id_rubrique,NULL,array('id_parent'=>$id_parent))){
$res .= "<br /><div align='$spip_lang_right'>"
. icone(_T('icone_nouvelle_breve'), generer_url_ecrire("breves_edit","id_rubrique=$id_rubrique&new=oui"), "breve-24.gif", "creer.gif",'','non')
. "</div>";
@@ -364,7 +364,7 @@ function contenu_naviguer($id_rubrique, $id_parent) {
$res .= '<br />' . afficher_sites('<b>' . _T('titre_sites_references_rubrique') . '</b>', array("FROM" => 'spip_syndic', 'WHERE' => "id_rubrique='$id_rubrique' AND statut!='refuse' AND statut != 'prop' AND syndication NOT IN ('off','sus')", 'ORDER BY' => 'nom_site'));
if ($id_rubrique > 0
- AND ($GLOBALS['meta']["proposer_sites"]> 0 OR autoriser('publierdans','rubrique',$id_rubrique))) {
+ AND (autoriser('creersitedans','rubrique',$id_rubrique))) {
$res .= "<br /><div align='$spip_lang_right'>"
. icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&redirect=" . generer_url_retour('naviguer', "id_rubrique=$id_rubrique")), "site-24.gif", "creer.gif",'', 'non')
diff --git a/ecrire/exec/sites_edit.php b/ecrire/exec/sites_edit.php
index 43db3de4ef..6819034dc7 100644
--- a/ecrire/exec/sites_edit.php
+++ b/ecrire/exec/sites_edit.php
@@ -19,14 +19,6 @@ function exec_sites_edit_dist()
global $connect_statut, $descriptif, $id_rubrique, $id_secteur, $id_syndic, $new, $nom_site, $syndication, $url_site, $url_syndic, $connect_id_rubrique;
$result = spip_query("SELECT * FROM spip_syndic WHERE id_syndic=" . intval($id_syndic));
- $commencer_page = charger_fonction('commencer_page', 'inc');
- if (!autoriser('voir','site',$id_syndic)
- OR !autoriser('modifier','site',$id_syndic)){
- echo $commencer_page(_T('info_site_reference_2'), "naviguer", "sites", $id_rubrique);
- echo "<strong>"._T('avis_acces_interdit')."</strong>";
- echo fin_page();
- exit;
- }
if ($row = spip_fetch_array($result)) {
$id_syndic = $row["id_syndic"];
@@ -47,6 +39,15 @@ function exec_sites_edit_dist()
$id_rubrique = $row['id_rubrique'];
}
}
+ $commencer_page = charger_fonction('commencer_page', 'inc');
+ if ( ($new!='oui' AND (!autoriser('voir','site',$id_syndic) OR !autoriser('modifier','site',$id_syndic)))
+ OR ($new=='oui' AND !autoriser('creersitedans','rubrique',$id_rubrique)) ){
+ echo $commencer_page(_T('info_site_reference_2'), "naviguer", "sites", $id_rubrique);
+ echo "<strong>"._T('avis_acces_interdit')."</strong>";
+ echo fin_page();
+ exit;
+ }
+
pipeline('exec_init',array('args'=>array('exec'=>'sites_edit','id_syndic'=>$id_syndic),'data'=>''));
echo $commencer_page(_T('info_site_reference_2'), "naviguer", "sites", $id_rubrique);
diff --git a/ecrire/inc/autoriser.php b/ecrire/inc/autoriser.php
index 703180e7e8..a4f5a6b202 100644
--- a/ecrire/inc/autoriser.php
+++ b/ecrire/inc/autoriser.php
@@ -121,6 +121,44 @@ function autoriser_rubrique_publierdans_dist($faire, $type, $id, $qui, $opt) {
);
}
+// Autoriser a creer un article dans la rubrique $id
+function autoriser_rubrique_creerrubriquedans_dist($faire, $type, $id, $qui, $opt) {
+ return
+ autoriser('voir','rubrique',$id)
+ AND autoriser('publierdans','rubrique',$id);
+}
+
+// Autoriser a creer un article dans la rubrique $id
+function autoriser_rubrique_creerarticledans_dist($faire, $type, $id, $qui, $opt) {
+ return
+ $id
+ AND autoriser('voir','rubrique',$id);
+}
+
+// Autoriser a creer une breve dans la rubrique $id
+function autoriser_rubrique_creerbrevedans_dist($faire, $type, $id, $qui, $opt) {
+ $s = spip_query(
+ "SELECT id_parent FROM spip_rubriques WHERE id_rubrique="._q($id));
+ $r = spip_fetch_array($s);
+ return
+ $id
+ AND ($r['id_parent']==0)
+ AND ($GLOBALS['meta']["activer_breves"]!="non")
+ AND autoriser('voir','rubrique',$id);
+}
+
+// Autoriser a creer un site dans la rubrique $id
+function autoriser_rubrique_creersitedans_dist($faire, $type, $id, $qui, $opt) {
+ return
+ $id
+ AND autoriser('voir','rubrique',$id)
+ AND $GLOBALS['meta']['activer_sites'] != 'non'
+ AND (
+ $qui['statut']=='0minirezo'
+ OR ($qui['statut']=='1comite' AND $GLOBALS['meta']["proposer_sites"]>=1)
+ OR ($qui['statut']=='6forum' AND $GLOBALS['meta']["proposer_sites"]>=2) );
+}
+
// Autoriser a modifier la rubrique $id
// = publierdans rubrique $id
// http://doc.spip.org/@autoriser_rubrique_modifier_dist
--
GitLab