diff options
Diffstat (limited to 'demos/blog/protected/Pages/Posts')
-rw-r--r-- | demos/blog/protected/Pages/Posts/EditCategory.page | 7 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/EditCategory.php | 43 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/EditPost.page | 15 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/EditPost.php | 49 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/ListPost.page | 28 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/ListPost.php | 121 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/MyPost.page | 2 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/MyPost.php | 21 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/NewCategory.page | 7 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/NewCategory.php | 17 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/NewPost.page | 18 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/NewPost.php | 28 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/ViewPost.page | 20 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/ViewPost.php | 59 | ||||
-rw-r--r-- | demos/blog/protected/Pages/Posts/config.xml | 2 |
15 files changed, 351 insertions, 86 deletions
diff --git a/demos/blog/protected/Pages/Posts/EditCategory.page b/demos/blog/protected/Pages/Posts/EditCategory.page index fdde2648..1f61c0af 100644 --- a/demos/blog/protected/Pages/Posts/EditCategory.page +++ b/demos/blog/protected/Pages/Posts/EditCategory.page @@ -1,3 +1,5 @@ +<%@ Title="Edit Category" %>
+
<com:TContent ID="Main">
<h2>Update Post Category</h2>
@@ -14,7 +16,7 @@ Display="Dynamic"
OnServerValidate="checkCategoryName"
Text="...must be unique"
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error1" />
<br/>
<com:TTextBox ID="CategoryName" Columns="50" MaxLength="128" />
<br/>
@@ -27,10 +29,11 @@ Columns="50"
Rows="5" />
<br/>
-
+<br/>
<com:TLinkButton
Text="Save"
OnClick="saveButtonClicked"
+ CssClass="link-button"
ValidationGroup="category" />
</com:TContent>
\ No newline at end of file diff --git a/demos/blog/protected/Pages/Posts/EditCategory.php b/demos/blog/protected/Pages/Posts/EditCategory.php index fd2d0707..920d2d80 100644 --- a/demos/blog/protected/Pages/Posts/EditCategory.php +++ b/demos/blog/protected/Pages/Posts/EditCategory.php @@ -1,14 +1,33 @@ <?php
+/**
+ * EditCategory class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * EditCategory class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class EditCategory extends BlogPage
{
- public function getCurrentCategory()
+ private $_category;
+
+ public function onInit($param)
{
+ parent::onInit($param);
$id=TPropertyValue::ensureInteger($this->Request['id']);
- if(($cat=$this->DataAccess->queryCategoryByID($id))!==null)
- return $cat;
- else
- throw new BlogException('xxx');
+ $this->_category=$this->DataAccess->queryCategoryByID($id);
+ if($this->_category===null)
+ throw new BlogException(500,'category_id_invalid',$id);
}
public function onLoad($param)
@@ -16,9 +35,8 @@ class EditCategory extends BlogPage parent::onLoad($param);
if(!$this->IsPostBack)
{
- $catRecord=$this->getCurrentCategory();
- $this->CategoryName->Text=$catRecord->Name;
- $this->CategoryDescription->Text=$catRecord->Description;
+ $this->CategoryName->Text=$this->_category->Name;
+ $this->CategoryDescription->Text=$this->_category->Description;
}
}
@@ -26,11 +44,10 @@ class EditCategory extends BlogPage {
if($this->IsValid)
{
- $categoryRecord=$this->getCurrentCategory();
- $categoryRecord->Name=$this->CategoryName->Text;
- $categoryRecord->Description=$this->CategoryDescription->Text;
- $this->DataAccess->updateCategory($categoryRecord);
- $this->gotoPage('Posts.ListPost',array('cat'=>$categoryRecord->ID));
+ $this->_category->Name=$this->CategoryName->Text;
+ $this->_category->Description=$this->CategoryDescription->Text;
+ $this->DataAccess->updateCategory($this->_category);
+ $this->gotoPage('Posts.ListPost',array('cat'=>$this->_category->ID));
}
}
diff --git a/demos/blog/protected/Pages/Posts/EditPost.page b/demos/blog/protected/Pages/Posts/EditPost.page index 591f5945..97702848 100644 --- a/demos/blog/protected/Pages/Posts/EditPost.page +++ b/demos/blog/protected/Pages/Posts/EditPost.page @@ -1,28 +1,31 @@ +<%@ Title="Edit Post" %>
+
<com:TContent ID="Main">
<h2>Update Post</h2>
-Title
+<span class="input-label">Title</span>
<com:TRequiredFieldValidator
Display="Dynamic"
ControlToValidate="Title"
ErrorMessage="...is required"
ValidationGroup="post" />
<br/>
-<com:TTextBox ID="Title" Columns="70" MaxLength="256" />
+<com:TTextBox ID="Title" Columns="80" MaxLength="256" />
<br/>
-Content
+<span class="input-label">Content</span>
<com:TRequiredFieldValidator
Display="Dynamic"
ControlToValidate="Content"
ErrorMessage="...is required"
ValidationGroup="post" />
<br/>
-<com:THtmlArea ID="Content" Width="450px" />
+<com:THtmlArea ID="Content" Width="500px" />
<br/>
-Categories<br/>
+<span class="input-label">Categories</span>
+<br/>
<com:TListBox
ID="Categories"
SelectionMode="Multiple"
@@ -32,10 +35,12 @@ Categories<br/> <com:TCheckBox ID="DraftMode" Text="in draft mode (the post will not be published)" />
<br/>
+<br/>
<com:TLinkButton
Text="Save"
OnClick="saveButtonClicked"
+ CssClass="link-button"
ValidationGroup="post" />
</com:TContent>
\ No newline at end of file diff --git a/demos/blog/protected/Pages/Posts/EditPost.php b/demos/blog/protected/Pages/Posts/EditPost.php index 57e92b1c..24b58529 100644 --- a/demos/blog/protected/Pages/Posts/EditPost.php +++ b/demos/blog/protected/Pages/Posts/EditPost.php @@ -1,14 +1,36 @@ <?php
+/**
+ * EditPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * EditPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class EditPost extends BlogPage
{
- public function getCurrentPost()
+ private $_postRecord=null;
+
+ public function onInit($param)
{
+ parent::onInit($param);
$id=TPropertyValue::ensureInteger($this->Request['id']);
- if(($post=$this->DataAccess->queryPostByID($id))!==null)
- return $post;
- else
- throw new BlogException('xxx');
+ $this->_postRecord=$this->DataAccess->queryPostByID($id);
+ if($this->_postRecord===null)
+ throw new BlogException(500,'post_id_invalid',$id);
+ // only the author and admin can edit the post
+ if(!$this->User->IsAdmin && $this->User->ID!==$this->_postRecord->AuthorID)
+ throw new BlogException(500,'post_edit_disallowed',$id);
}
public function onLoad($param)
@@ -16,10 +38,10 @@ class EditPost extends BlogPage parent::onLoad($param);
if(!$this->IsPostBack)
{
- $postRecord=$this->getCurrentPost();
+ $postRecord=$this->_postRecord;
$this->Title->Text=$postRecord->Title;
$this->Content->Text=$postRecord->Content;
- $this->DraftMode->Checked=$postRecord->Status===0;
+ $this->DraftMode->Checked=$postRecord->Status!==PostRecord::STATUS_PUBLISHED;
$this->Categories->DataSource=$this->DataAccess->queryCategories();
$this->Categories->dataBind();
$cats=$this->DataAccess->queryCategoriesByPostID($postRecord->ID);
@@ -34,10 +56,15 @@ class EditPost extends BlogPage {
if($this->IsValid)
{
- $postRecord=$this->getCurrentPost();
- $postRecord->Title=$this->Title->Text;
- $postRecord->Content=$this->Content->Text;
- $postRecord->Status=$this->DraftMode->Checked?0:1;
+ $postRecord=$this->_postRecord;
+ $postRecord->Title=$this->Title->SafeText;
+ $postRecord->Content=$this->Content->SafeText;
+ if($this->DraftMode->Checked)
+ $postRecord->Status=PostRecord::STATUS_DRAFT;
+ else if(!$this->User->IsAdmin && TPropertyValue::ensureBoolean($this->Application->Parameters['PostApproval']))
+ $postRecord->Status=PostRecord::STATUS_PENDING;
+ else
+ $postRecord->Status=PostRecord::STATUS_PUBLISHED;
$postRecord->ModifyTime=time();
$cats=array();
foreach($this->Categories->SelectedValues as $value)
diff --git a/demos/blog/protected/Pages/Posts/ListPost.page b/demos/blog/protected/Pages/Posts/ListPost.page index 15fc3d0c..4c96d6fb 100644 --- a/demos/blog/protected/Pages/Posts/ListPost.page +++ b/demos/blog/protected/Pages/Posts/ListPost.page @@ -1,5 +1,20 @@ <com:TContent ID="Main">
+<com:TPanel ID="CategoryPanel" Visible="false" CssClass="category">
+<div class="category-name">
+<%= $this->Category->Name %>
+<com:TLinkButton
+ Text="[-]"
+ Tooltip="Delete this category"
+ Visible=<%= $this->User->IsAdmin %>
+ Attributes.onclick="if(!confirm('Are you sure to delete this category? Posts in this category will NOT be removed.')) return false;"
+ OnClick="deleteButtonClicked" />
+</div>
+<div class="category-description">
+<%= $this->Category->Description %>
+</div>
+</com:TPanel>
+
<com:TRepeater ID="PostList" EnableViewState="false">
<prop:ItemTemplate>
<div class="post">
@@ -24,4 +39,17 @@ posted by </prop:ItemTemplate>
</com:TRepeater>
+<div class="postlist-pager">
+<com:THyperLink
+ ID="PrevPage"
+ Visible="false"
+ Text="< Previous Page"
+ />
+<com:THyperLink
+ ID="NextPage"
+ Visible="false"
+ Text="Next Page >"
+ />
+</div>
+
</com:TContent>
\ No newline at end of file diff --git a/demos/blog/protected/Pages/Posts/ListPost.php b/demos/blog/protected/Pages/Posts/ListPost.php index 6d56b543..bed18222 100644 --- a/demos/blog/protected/Pages/Posts/ListPost.php +++ b/demos/blog/protected/Pages/Posts/ListPost.php @@ -1,13 +1,59 @@ <?php
+/**
+ * ListPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * ListPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class ListPost extends BlogPage
{
- const DEFAULT_LIMIT=10;
+ private $_posts;
+ private $_category;
- public function getPosts()
+ public function onInit($param)
+ {
+ parent::onInit($param);
+ $this->_posts=$this->DataAccess->queryPosts(
+ $this->getPostFilter(),
+ $this->getCategoryFilter(),
+ 'ORDER BY create_time DESC',
+ 'LIMIT '.$this->getPageOffset().','.$this->getPageSize());
+ if($this->Request['cat']!==null)
+ {
+ $catID=TPropertyValue::ensureInteger($this->Request['cat']);
+ $this->_category=$this->DataAccess->queryCategoryByID($catID);
+ $this->CategoryPanel->Visible=true;
+ }
+ }
+
+ private function getPageOffset()
+ {
+ if(($offset=TPropertyValue::ensureInteger($this->Request['offset']))<=0)
+ $offset=0;
+ return $offset;
+ }
+
+ private function getPageSize()
+ {
+ if(($limit=TPropertyValue::ensureInteger($this->Request['limit']))<=0)
+ $limit=TPropertyValue::ensureInteger($this->Application->Parameters['PostPerPage']);
+ return $limit;
+ }
+
+ private function getTimeFilter()
{
- $timeFilter='';
- $catFilter='';
if(($time=TPropertyValue::ensureInteger($this->Request['time']))>0)
{
$year=(integer)($time/100);
@@ -19,25 +65,76 @@ class ListPost extends BlogPage $year++;
}
$endTime=mktime(0,0,0,$month,1,$year);
- $timeFilter="create_time>=$startTime AND create_time<$endTime";
+ return "create_time>=$startTime AND create_time<$endTime";
}
+ else
+ return '';
+ }
+
+ private function getPostFilter()
+ {
+ $filter='a.status=0';
+ if(($timeFilter=$this->getTimeFilter())!=='')
+ return "$filter AND $timeFilter";
+ else
+ return $filter;
+ }
+
+ private function getCategoryFilter()
+ {
if(($catID=$this->Request['cat'])!==null)
{
$catID=TPropertyValue::ensureInteger($catID);
- $catFilter="category_id=$catID";
+ return "category_id=$catID";
}
- if(($offset=TPropertyValue::ensureInteger($this->Request['offset']))<=0)
- $offset=0;
- if(($limit=TPropertyValue::ensureInteger($this->Request['limit']))<=0)
- $limit=self::DEFAULT_LIMIT;
- return $this->DataAccess->queryPosts('',$timeFilter,$catFilter,'ORDER BY create_time DESC',"LIMIT $offset,$limit");
+ else
+ return '';
+ }
+
+ private function formUrl($newOffset)
+ {
+ $gets=array();
+ $gets['offset']=$newOffset;
+ if($this->Request['limit']!==null)
+ $gets['limit']=$this->Request['limit'];
+ if($this->Request['time']!==null)
+ $gets['time']=$this->Request['time'];
+ if($this->Request['cat']!==null)
+ $gets['cat']=$this->Request['cat'];
+ return $this->Service->constructUrl('Posts.ListPost',$gets);
+ }
+
+ public function getCategory()
+ {
+ return $this->_category;
}
public function onLoad($param)
{
parent::onLoad($param);
- $this->PostList->DataSource=$this->getPosts();
+ $this->PostList->DataSource=$this->_posts;
$this->PostList->dataBind();
+ if($this->getPageOffset()>0)
+ {
+ if(($offset=$this->getPageOffset()-$this->getPageSize())<0)
+ $offset=0;
+ $this->PrevPage->NavigateUrl=$this->formUrl($offset);
+ $this->PrevPage->Visible=true;
+ }
+ if(count($this->_posts)===$this->getPageSize())
+ {
+ $this->NextPage->NavigateUrl=$this->formUrl($this->getPageOffset()+$this->getPageSize());
+ $this->NextPage->Visible=true;
+ }
+ }
+
+ public function deleteButtonClicked($sender,$param)
+ {
+ if($this->User->IsAdmin)
+ {
+ $this->DataAccess->deleteCategory($this->Category->ID);
+ $this->gotoDefaultPage();
+ }
}
}
diff --git a/demos/blog/protected/Pages/Posts/MyPost.page b/demos/blog/protected/Pages/Posts/MyPost.page index 95a32ac9..ca153166 100644 --- a/demos/blog/protected/Pages/Posts/MyPost.page +++ b/demos/blog/protected/Pages/Posts/MyPost.page @@ -25,7 +25,7 @@ <com:TBoundColumn
HeaderText="Status"
DataField="Status"
- DataFormatString="#{0}?'Published':'Draft'"
+ DataFormatString="#{0}===0?'Published':({0}===1?'Draft':'Pending')"
ItemStyle.Width="70px"
/>
<com:TBoundColumn
diff --git a/demos/blog/protected/Pages/Posts/MyPost.php b/demos/blog/protected/Pages/Posts/MyPost.php index be03ca63..dff98426 100644 --- a/demos/blog/protected/Pages/Posts/MyPost.php +++ b/demos/blog/protected/Pages/Posts/MyPost.php @@ -1,5 +1,22 @@ <?php
+/**
+ * MyPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * MyPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class MyPost extends BlogPage
{
protected function bindData()
@@ -7,8 +24,8 @@ class MyPost extends BlogPage $author=$this->User->ID;
$offset=$this->PostGrid->CurrentPageIndex*$this->PostGrid->PageSize;
$limit=$this->PostGrid->PageSize;
- $this->PostGrid->DataSource=$this->DataAccess->queryPosts("author_id=$author",'','','ORDER BY a.status ASC, create_time DESC',"LIMIT $offset,$limit");
- $this->PostGrid->VirtualItemCount=$this->DataAccess->queryPostCount("author_id=$author",'','');
+ $this->PostGrid->DataSource=$this->DataAccess->queryPosts("author_id=$author",'','ORDER BY a.status DESC, create_time DESC',"LIMIT $offset,$limit");
+ $this->PostGrid->VirtualItemCount=$this->DataAccess->queryPostCount("author_id=$author",'');
$this->PostGrid->dataBind();
}
diff --git a/demos/blog/protected/Pages/Posts/NewCategory.page b/demos/blog/protected/Pages/Posts/NewCategory.page index 92fe1468..43dba79b 100644 --- a/demos/blog/protected/Pages/Posts/NewCategory.page +++ b/demos/blog/protected/Pages/Posts/NewCategory.page @@ -1,3 +1,5 @@ +<%@ Title="Create New Category" %>
+
<com:TContent ID="Main">
<h2>New Post Category</h2>
@@ -14,7 +16,7 @@ Display="Dynamic"
OnServerValidate="checkCategoryName"
Text="...must be unique"
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error1" />
<br/>
<com:TTextBox ID="CategoryName" Columns="50" MaxLength="128" />
<br/>
@@ -27,10 +29,11 @@ Columns="50"
Rows="5" />
<br/>
-
+<br/>
<com:TLinkButton
Text="Save"
OnClick="saveButtonClicked"
+ CssClass="link-button"
ValidationGroup="category" />
</com:TContent>
\ No newline at end of file diff --git a/demos/blog/protected/Pages/Posts/NewCategory.php b/demos/blog/protected/Pages/Posts/NewCategory.php index d36f6af1..215200a9 100644 --- a/demos/blog/protected/Pages/Posts/NewCategory.php +++ b/demos/blog/protected/Pages/Posts/NewCategory.php @@ -1,5 +1,22 @@ <?php
+/**
+ * NewCategory class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * NewCategory class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class NewCategory extends BlogPage
{
public function saveButtonClicked($sender,$param)
diff --git a/demos/blog/protected/Pages/Posts/NewPost.page b/demos/blog/protected/Pages/Posts/NewPost.page index a49188f6..15071e3a 100644 --- a/demos/blog/protected/Pages/Posts/NewPost.page +++ b/demos/blog/protected/Pages/Posts/NewPost.page @@ -1,28 +1,31 @@ +<%@ Title="Write New Post" %>
+
<com:TContent ID="Main">
-<h2>Write a New Post</h2>
+<h2>Write New Post</h2>
-Title
+<span class="input-label">Title</span>
<com:TRequiredFieldValidator
Display="Dynamic"
ControlToValidate="Title"
ErrorMessage="...is required"
ValidationGroup="post" />
<br/>
-<com:TTextBox ID="Title" Columns="70" MaxLength="256" />
+<com:TTextBox ID="Title" Columns="80" MaxLength="256" />
<br/>
-Content
+<span class="input-label">Content</span>
<com:TRequiredFieldValidator
Display="Dynamic"
ControlToValidate="Content"
ErrorMessage="...is required"
ValidationGroup="post" />
<br/>
-<com:THtmlArea ID="Content" Width="450px" />
+<com:THtmlArea ID="Content" Width="500px" />
<br/>
-Categories<br/>
+<span class="input-label">Categories</span>
+<br/>
<com:TListBox
ID="Categories"
SelectionMode="Multiple"
@@ -32,10 +35,11 @@ Categories<br/> <com:TCheckBox ID="DraftMode" Text="in draft mode (the post will not be published)" />
<br/>
-
+<br/>
<com:TLinkButton
Text="Save"
OnClick="saveButtonClicked"
+ CssClass="link-button"
ValidationGroup="post" />
</com:TContent>
\ No newline at end of file diff --git a/demos/blog/protected/Pages/Posts/NewPost.php b/demos/blog/protected/Pages/Posts/NewPost.php index 055c7f92..7d02557d 100644 --- a/demos/blog/protected/Pages/Posts/NewPost.php +++ b/demos/blog/protected/Pages/Posts/NewPost.php @@ -1,5 +1,22 @@ <?php
+/**
+ * NewPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * NewPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class NewPost extends BlogPage
{
public function onLoad($param)
@@ -17,9 +34,14 @@ class NewPost extends BlogPage if($this->IsValid)
{
$postRecord=new PostRecord;
- $postRecord->Title=$this->Title->Text;
- $postRecord->Content=$this->Content->Text;
- $postRecord->Status=$this->DraftMode->Checked?0:1;
+ $postRecord->Title=$this->Title->SafeText;
+ $postRecord->Content=$this->Content->SafeText;
+ if($this->DraftMode->Checked)
+ $postRecord->Status=PostRecord::STATUS_DRAFT;
+ else if(!$this->User->IsAdmin && TPropertyValue::ensureBoolean($this->Application->Parameters['PostApproval']))
+ $postRecord->Status=PostRecord::STATUS_PENDING;
+ else
+ $postRecord->Status=PostRecord::STATUS_PUBLISHED;
$postRecord->CreateTime=time();
$postRecord->AuthorID=$this->User->ID;
$cats=array();
diff --git a/demos/blog/protected/Pages/Posts/ViewPost.page b/demos/blog/protected/Pages/Posts/ViewPost.page index 4b233615..5bd80a52 100644 --- a/demos/blog/protected/Pages/Posts/ViewPost.page +++ b/demos/blog/protected/Pages/Posts/ViewPost.page @@ -5,6 +5,10 @@ <%= $this->CurrentPost->Title %>
</div>
<div class="post-time">
+<com:TLabel
+ ID="Status"
+ ForeColor="red"
+ Text=<%= $this->CurrentPost->Status===PostRecord::STATUS_DRAFT?'[Draft]':'[Pending approval]'%> />
<%= date('l, F j, Y \a\t h:i:s a',$this->CurrentPost->CreateTime) %>
by
<%= '<a href="' . $this->Service->constructUrl('Users.ViewUser',array('id'=>$this->CurrentPost->AuthorID)) . '">' . $this->CurrentPost->AuthorName . '</a>' %>
@@ -47,11 +51,11 @@ by <%# date('F j, Y \a\t h:i:s a',$this->DataItem->CreateTime) %>
by
<%# $this->DataItem->AuthorWebsite==='' ?
- $this->DataItem->AuthorName :
- '<a href="' . $this->DataItem->AuthorWebsite . '">' . $this->DataItem->AuthorName . '</a>' %>
+ htmlentities($this->DataItem->AuthorName,ENT_QUOTES,'UTF-8') :
+ '<a href="' . htmlentities($this->DataItem->AuthorWebsite) . '">' . htmlentities($this->DataItem->AuthorName,ENT_QUOTES,'UTF-8') . '</a>' %>
</div>
<div class="comment-content">
-<%# $this->DataItem->Content %>
+<%# nl2br(htmlentities($this->DataItem->Content,ENT_QUOTES,'UTF-8')) %>
</div>
</div>
</prop:ItemTemplate>
@@ -65,7 +69,7 @@ by ValidationGroup="comment""
Display="Dynamic"
Text="...is required"
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error1" />
<br/>
<com:TTextBox ID="CommentAuthor" />
<br/>
@@ -76,14 +80,14 @@ by ValidationGroup="comment""
Display="Dynamic"
Text="...is required"
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error1" />
<com:TEmailAddressValidator
ControlToValidate="CommentEmail"
ValidationGroup="comment"
Display="Dynamic"
Text="*"
ErrorMessage="You entered an invalid email address."
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error2" />
<br/>
<com:TTextBox ID="CommentEmail" />
<br/>
@@ -99,14 +103,16 @@ by ValidationGroup="comment"
Display="Dynamic"
Text="...is required"
- ControlCssClass="inputerror" />
+ ControlCssClass="input-error1" />
<br/>
<com:TTextBox ID="CommentContent" TextMode="MultiLine" Columns="55" Rows="10"/>
<br/>
+<br/>
<com:TLinkButton
Text="Submit"
ValidationGroup="comment"
+ CssClass="link-button"
OnClick="submitCommentButtonClicked" />
</div>
diff --git a/demos/blog/protected/Pages/Posts/ViewPost.php b/demos/blog/protected/Pages/Posts/ViewPost.php index 309bedc1..84f33cff 100644 --- a/demos/blog/protected/Pages/Posts/ViewPost.php +++ b/demos/blog/protected/Pages/Posts/ViewPost.php @@ -1,40 +1,57 @@ <?php
+/**
+ * ViewPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $ $Date: $
+ */
+/**
+ * ViewPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright © 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
class ViewPost extends BlogPage
{
- private $_postID=null;
private $_post=null;
- public function getPostID()
- {
- if($this->_postID===null)
- $this->_postID=TPropertyValue::ensureInteger($this->Request['id']);
- return $this->_postID;
- }
-
- public function getCurrentPost()
+ public function onInit($param)
{
+ parent::onInit($param);
+ $id=TPropertyValue::ensureInteger($this->Request['id']);
+ $this->_post=$this->DataAccess->queryPostByID($id);
if($this->_post===null)
- {
- if(($this->_post=$this->DataAccess->queryPostByID($this->getPostID()))===null)
- $this->reportError(BlogErrors::ERROR_POST_NOT_FOUND);
- }
- return $this->_post;
+ throw new BlogException(500,'post_id_invalid',$id);
+ // if post is not published, only the author and admin can view it
+ if($this->_post->Status!==PostRecord::STATUS_PUBLISHED && !$this->User->IsAdmin && $this->User->ID!==$this->_post->AuthorID)
+ throw new BlogException(500,'post_view_disallowed',$id);
+ $this->Title=htmlentities($this->_post->Title,ENT_QUOTES,'UTF-8');
}
public function getCanEditPost()
{
$user=$this->getUser();
- $authorID=$this->getCurrentPost()->AuthorID;
- return $authorID===$user->getID() || $user->isInRole('admin');
+ return $user->getIsAdmin() || $user->getID()===$this->_post->AuthorID;
+ }
+
+ public function getCurrentPost()
+ {
+ return $this->_post;
}
public function onLoad($param)
{
parent::onLoad($param);
- $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->getPostID());
+ $this->Status->Visible=$this->_post->Status!==PostRecord::STATUS_PUBLISHED;
+ $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->_post->ID);
$this->CategoryList->dataBind();
- $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->getPostID());
+ $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->_post->ID);
$this->CommentList->dataBind();
}
@@ -44,11 +61,11 @@ class ViewPost extends BlogPage {
$commentRecord=new CommentRecord;
$commentRecord->PostID=$this->CurrentPost->ID;
- $commentRecord->AuthorName=$this->CommentAuthor->Text;
+ $commentRecord->AuthorName=$this->CommentAuthor->SafeText;
$commentRecord->AuthorEmail=$this->CommentEmail->Text;
- $commentRecord->AuthorWebsite=$this->CommentWebsite->Text;
+ $commentRecord->AuthorWebsite=$this->CommentWebsite->SafeText;
$commentRecord->AuthorIP=$this->Request->UserHostAddress;
- $commentRecord->Content=$this->CommentContent->Text;
+ $commentRecord->Content=$this->CommentContent->SafeText;
$commentRecord->CreateTime=time();
$commentRecord->Status=0;
$this->DataAccess->insertComment($commentRecord);
diff --git a/demos/blog/protected/Pages/Posts/config.xml b/demos/blog/protected/Pages/Posts/config.xml index 1c04e946..f3684e58 100644 --- a/demos/blog/protected/Pages/Posts/config.xml +++ b/demos/blog/protected/Pages/Posts/config.xml @@ -3,5 +3,7 @@ <configuration>
<authorization>
<deny pages="EditPost,NewPost,MyPost" users="?" />
+ <allow pages="NewCategory,EditCategory" roles="admin" />
+ <deny pages="NewCategory,EditCategory" users="*" />
</authorization>
</configuration>
\ No newline at end of file |