summaryrefslogtreecommitdiff
path: root/demos/blog/protected/Pages/Posts/EditPost.php
diff options
context:
space:
mode:
Diffstat (limited to 'demos/blog/protected/Pages/Posts/EditPost.php')
-rw-r--r--demos/blog/protected/Pages/Posts/EditPost.php49
1 files changed, 38 insertions, 11 deletions
diff --git a/demos/blog/protected/Pages/Posts/EditPost.php b/demos/blog/protected/Pages/Posts/EditPost.php
index 57e92b1c..24b58529 100644
--- a/demos/blog/protected/Pages/Posts/EditPost.php
+++ b/demos/blog/protected/Pages/Posts/EditPost.php
@@ -1,14 +1,36 @@
<?php
+/**
+ * EditPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * EditPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class EditPost extends BlogPage
{
- public function getCurrentPost()
+ private $_postRecord=null;
+
+ public function onInit($param)
{
+ parent::onInit($param);
$id=TPropertyValue::ensureInteger($this->Request['id']);
- if(($post=$this->DataAccess->queryPostByID($id))!==null)
- return $post;
- else
- throw new BlogException('xxx');
+ $this->_postRecord=$this->DataAccess->queryPostByID($id);
+ if($this->_postRecord===null)
+ throw new BlogException(500,'post_id_invalid',$id);
+ // only the author and admin can edit the post
+ if(!$this->User->IsAdmin && $this->User->ID!==$this->_postRecord->AuthorID)
+ throw new BlogException(500,'post_edit_disallowed',$id);
}
public function onLoad($param)
@@ -16,10 +38,10 @@ class EditPost extends BlogPage
parent::onLoad($param);
if(!$this->IsPostBack)
{
- $postRecord=$this->getCurrentPost();
+ $postRecord=$this->_postRecord;
$this->Title->Text=$postRecord->Title;
$this->Content->Text=$postRecord->Content;
- $this->DraftMode->Checked=$postRecord->Status===0;
+ $this->DraftMode->Checked=$postRecord->Status!==PostRecord::STATUS_PUBLISHED;
$this->Categories->DataSource=$this->DataAccess->queryCategories();
$this->Categories->dataBind();
$cats=$this->DataAccess->queryCategoriesByPostID($postRecord->ID);
@@ -34,10 +56,15 @@ class EditPost extends BlogPage
{
if($this->IsValid)
{
- $postRecord=$this->getCurrentPost();
- $postRecord->Title=$this->Title->Text;
- $postRecord->Content=$this->Content->Text;
- $postRecord->Status=$this->DraftMode->Checked?0:1;
+ $postRecord=$this->_postRecord;
+ $postRecord->Title=$this->Title->SafeText;
+ $postRecord->Content=$this->Content->SafeText;
+ if($this->DraftMode->Checked)
+ $postRecord->Status=PostRecord::STATUS_DRAFT;
+ else if(!$this->User->IsAdmin && TPropertyValue::ensureBoolean($this->Application->Parameters['PostApproval']))
+ $postRecord->Status=PostRecord::STATUS_PENDING;
+ else
+ $postRecord->Status=PostRecord::STATUS_PUBLISHED;
$postRecord->ModifyTime=time();
$cats=array();
foreach($this->Categories->SelectedValues as $value)