From 6e0338629774fffe5fbe7136dfce34ce83844a5c Mon Sep 17 00:00:00 2001 From: xue <> Date: Tue, 30 May 2006 03:26:33 +0000 Subject: Blog demo is completed. --- demos/blog/protected/Pages/Posts/ViewPost.php | 59 +++++++++++++++++---------- 1 file changed, 38 insertions(+), 21 deletions(-) (limited to 'demos/blog/protected/Pages/Posts/ViewPost.php') diff --git a/demos/blog/protected/Pages/Posts/ViewPost.php b/demos/blog/protected/Pages/Posts/ViewPost.php index 309bedc1..84f33cff 100644 --- a/demos/blog/protected/Pages/Posts/ViewPost.php +++ b/demos/blog/protected/Pages/Posts/ViewPost.php @@ -1,40 +1,57 @@ + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2006 PradoSoft + * @license http://www.pradosoft.com/license/ + * @version $Revision: $ $Date: $ + */ +/** + * ViewPost class + * + * @author Qiang Xue + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2006 PradoSoft + * @license http://www.pradosoft.com/license/ + */ class ViewPost extends BlogPage { - private $_postID=null; private $_post=null; - public function getPostID() - { - if($this->_postID===null) - $this->_postID=TPropertyValue::ensureInteger($this->Request['id']); - return $this->_postID; - } - - public function getCurrentPost() + public function onInit($param) { + parent::onInit($param); + $id=TPropertyValue::ensureInteger($this->Request['id']); + $this->_post=$this->DataAccess->queryPostByID($id); if($this->_post===null) - { - if(($this->_post=$this->DataAccess->queryPostByID($this->getPostID()))===null) - $this->reportError(BlogErrors::ERROR_POST_NOT_FOUND); - } - return $this->_post; + throw new BlogException(500,'post_id_invalid',$id); + // if post is not published, only the author and admin can view it + if($this->_post->Status!==PostRecord::STATUS_PUBLISHED && !$this->User->IsAdmin && $this->User->ID!==$this->_post->AuthorID) + throw new BlogException(500,'post_view_disallowed',$id); + $this->Title=htmlentities($this->_post->Title,ENT_QUOTES,'UTF-8'); } public function getCanEditPost() { $user=$this->getUser(); - $authorID=$this->getCurrentPost()->AuthorID; - return $authorID===$user->getID() || $user->isInRole('admin'); + return $user->getIsAdmin() || $user->getID()===$this->_post->AuthorID; + } + + public function getCurrentPost() + { + return $this->_post; } public function onLoad($param) { parent::onLoad($param); - $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->getPostID()); + $this->Status->Visible=$this->_post->Status!==PostRecord::STATUS_PUBLISHED; + $this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->_post->ID); $this->CategoryList->dataBind(); - $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->getPostID()); + $this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->_post->ID); $this->CommentList->dataBind(); } @@ -44,11 +61,11 @@ class ViewPost extends BlogPage { $commentRecord=new CommentRecord; $commentRecord->PostID=$this->CurrentPost->ID; - $commentRecord->AuthorName=$this->CommentAuthor->Text; + $commentRecord->AuthorName=$this->CommentAuthor->SafeText; $commentRecord->AuthorEmail=$this->CommentEmail->Text; - $commentRecord->AuthorWebsite=$this->CommentWebsite->Text; + $commentRecord->AuthorWebsite=$this->CommentWebsite->SafeText; $commentRecord->AuthorIP=$this->Request->UserHostAddress; - $commentRecord->Content=$this->CommentContent->Text; + $commentRecord->Content=$this->CommentContent->SafeText; $commentRecord->CreateTime=time(); $commentRecord->Status=0; $this->DataAccess->insertComment($commentRecord); -- cgit v1.2.3