From 6e0338629774fffe5fbe7136dfce34ce83844a5c Mon Sep 17 00:00:00 2001
From: xue <>
Date: Tue, 30 May 2006 03:26:33 +0000
Subject: Blog demo is completed.

---
 demos/blog/protected/Pages/Posts/EditCategory.page |   7 +-
 demos/blog/protected/Pages/Posts/EditCategory.php  |  43 +++++---
 demos/blog/protected/Pages/Posts/EditPost.page     |  15 ++-
 demos/blog/protected/Pages/Posts/EditPost.php      |  49 +++++++--
 demos/blog/protected/Pages/Posts/ListPost.page     |  28 +++++
 demos/blog/protected/Pages/Posts/ListPost.php      | 121 +++++++++++++++++++--
 demos/blog/protected/Pages/Posts/MyPost.page       |   2 +-
 demos/blog/protected/Pages/Posts/MyPost.php        |  21 +++-
 demos/blog/protected/Pages/Posts/NewCategory.page  |   7 +-
 demos/blog/protected/Pages/Posts/NewCategory.php   |  17 +++
 demos/blog/protected/Pages/Posts/NewPost.page      |  18 +--
 demos/blog/protected/Pages/Posts/NewPost.php       |  28 ++++-
 demos/blog/protected/Pages/Posts/ViewPost.page     |  20 ++--
 demos/blog/protected/Pages/Posts/ViewPost.php      |  59 ++++++----
 demos/blog/protected/Pages/Posts/config.xml        |   2 +
 15 files changed, 351 insertions(+), 86 deletions(-)

(limited to 'demos/blog/protected/Pages/Posts')

diff --git a/demos/blog/protected/Pages/Posts/EditCategory.page b/demos/blog/protected/Pages/Posts/EditCategory.page
index fdde2648..1f61c0af 100644
--- a/demos/blog/protected/Pages/Posts/EditCategory.page
+++ b/demos/blog/protected/Pages/Posts/EditCategory.page
@@ -1,3 +1,5 @@
+<%@ Title="Edit Category" %>
+
 <com:TContent ID="Main">
 
 <h2>Update Post Category</h2>
@@ -14,7 +16,7 @@
 	Display="Dynamic"
 	OnServerValidate="checkCategoryName"
 	Text="...must be unique"
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error1" />
 <br/>
 <com:TTextBox ID="CategoryName" Columns="50" MaxLength="128" />
 <br/>
@@ -27,10 +29,11 @@
 	Columns="50"
 	Rows="5" />
 <br/>
-
+<br/>
 <com:TLinkButton
 	Text="Save"
 	OnClick="saveButtonClicked"
+	CssClass="link-button"
 	ValidationGroup="category" />
 
 </com:TContent>
\ No newline at end of file
diff --git a/demos/blog/protected/Pages/Posts/EditCategory.php b/demos/blog/protected/Pages/Posts/EditCategory.php
index fd2d0707..920d2d80 100644
--- a/demos/blog/protected/Pages/Posts/EditCategory.php
+++ b/demos/blog/protected/Pages/Posts/EditCategory.php
@@ -1,14 +1,33 @@
 <?php
+/**
+ * EditCategory class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * EditCategory class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class EditCategory extends BlogPage
 {
-	public function getCurrentCategory()
+	private $_category;
+
+	public function onInit($param)
 	{
+		parent::onInit($param);
 		$id=TPropertyValue::ensureInteger($this->Request['id']);
-		if(($cat=$this->DataAccess->queryCategoryByID($id))!==null)
-			return $cat;
-		else
-			throw new BlogException('xxx');
+		$this->_category=$this->DataAccess->queryCategoryByID($id);
+		if($this->_category===null)
+			throw new BlogException(500,'category_id_invalid',$id);
 	}
 
 	public function onLoad($param)
@@ -16,9 +35,8 @@ class EditCategory extends BlogPage
 		parent::onLoad($param);
 		if(!$this->IsPostBack)
 		{
-			$catRecord=$this->getCurrentCategory();
-			$this->CategoryName->Text=$catRecord->Name;
-			$this->CategoryDescription->Text=$catRecord->Description;
+			$this->CategoryName->Text=$this->_category->Name;
+			$this->CategoryDescription->Text=$this->_category->Description;
 		}
 	}
 
@@ -26,11 +44,10 @@ class EditCategory extends BlogPage
 	{
 		if($this->IsValid)
 		{
-			$categoryRecord=$this->getCurrentCategory();
-			$categoryRecord->Name=$this->CategoryName->Text;
-			$categoryRecord->Description=$this->CategoryDescription->Text;
-			$this->DataAccess->updateCategory($categoryRecord);
-			$this->gotoPage('Posts.ListPost',array('cat'=>$categoryRecord->ID));
+			$this->_category->Name=$this->CategoryName->Text;
+			$this->_category->Description=$this->CategoryDescription->Text;
+			$this->DataAccess->updateCategory($this->_category);
+			$this->gotoPage('Posts.ListPost',array('cat'=>$this->_category->ID));
 		}
 	}
 
diff --git a/demos/blog/protected/Pages/Posts/EditPost.page b/demos/blog/protected/Pages/Posts/EditPost.page
index 591f5945..97702848 100644
--- a/demos/blog/protected/Pages/Posts/EditPost.page
+++ b/demos/blog/protected/Pages/Posts/EditPost.page
@@ -1,28 +1,31 @@
+<%@ Title="Edit Post" %>
+
 <com:TContent ID="Main">
 
 <h2>Update Post</h2>
 
-Title
+<span class="input-label">Title</span>
 <com:TRequiredFieldValidator
 Display="Dynamic"
 	ControlToValidate="Title"
 	ErrorMessage="...is required"
 	ValidationGroup="post" />
 <br/>
-<com:TTextBox ID="Title" Columns="70" MaxLength="256" />
+<com:TTextBox ID="Title" Columns="80" MaxLength="256" />
 <br/>
 
-Content
+<span class="input-label">Content</span>
 <com:TRequiredFieldValidator
 Display="Dynamic"
 	ControlToValidate="Content"
 	ErrorMessage="...is required"
 	ValidationGroup="post" />
 <br/>
-<com:THtmlArea ID="Content" Width="450px" />
+<com:THtmlArea ID="Content" Width="500px" />
 <br/>
 
-Categories<br/>
+<span class="input-label">Categories</span>
+<br/>
 <com:TListBox
 	ID="Categories"
 	SelectionMode="Multiple"
@@ -32,10 +35,12 @@ Categories<br/>
 
 <com:TCheckBox ID="DraftMode" Text="in draft mode (the post will not be published)" />
 <br/>
+<br/>
 
 <com:TLinkButton
 	Text="Save"
 	OnClick="saveButtonClicked"
+	CssClass="link-button"
 	ValidationGroup="post" />
 
 </com:TContent>
\ No newline at end of file
diff --git a/demos/blog/protected/Pages/Posts/EditPost.php b/demos/blog/protected/Pages/Posts/EditPost.php
index 57e92b1c..24b58529 100644
--- a/demos/blog/protected/Pages/Posts/EditPost.php
+++ b/demos/blog/protected/Pages/Posts/EditPost.php
@@ -1,14 +1,36 @@
 <?php
+/**
+ * EditPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * EditPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class EditPost extends BlogPage
 {
-	public function getCurrentPost()
+	private $_postRecord=null;
+
+	public function onInit($param)
 	{
+		parent::onInit($param);
 		$id=TPropertyValue::ensureInteger($this->Request['id']);
-		if(($post=$this->DataAccess->queryPostByID($id))!==null)
-			return $post;
-		else
-			throw new BlogException('xxx');
+		$this->_postRecord=$this->DataAccess->queryPostByID($id);
+		if($this->_postRecord===null)
+			throw new BlogException(500,'post_id_invalid',$id);
+		// only the author and admin can edit the post
+		if(!$this->User->IsAdmin && $this->User->ID!==$this->_postRecord->AuthorID)
+			throw new BlogException(500,'post_edit_disallowed',$id);
 	}
 
 	public function onLoad($param)
@@ -16,10 +38,10 @@ class EditPost extends BlogPage
 		parent::onLoad($param);
 		if(!$this->IsPostBack)
 		{
-			$postRecord=$this->getCurrentPost();
+			$postRecord=$this->_postRecord;
 			$this->Title->Text=$postRecord->Title;
 			$this->Content->Text=$postRecord->Content;
-			$this->DraftMode->Checked=$postRecord->Status===0;
+			$this->DraftMode->Checked=$postRecord->Status!==PostRecord::STATUS_PUBLISHED;
 			$this->Categories->DataSource=$this->DataAccess->queryCategories();
 			$this->Categories->dataBind();
 			$cats=$this->DataAccess->queryCategoriesByPostID($postRecord->ID);
@@ -34,10 +56,15 @@ class EditPost extends BlogPage
 	{
 		if($this->IsValid)
 		{
-			$postRecord=$this->getCurrentPost();
-			$postRecord->Title=$this->Title->Text;
-			$postRecord->Content=$this->Content->Text;
-			$postRecord->Status=$this->DraftMode->Checked?0:1;
+			$postRecord=$this->_postRecord;
+			$postRecord->Title=$this->Title->SafeText;
+			$postRecord->Content=$this->Content->SafeText;
+			if($this->DraftMode->Checked)
+				$postRecord->Status=PostRecord::STATUS_DRAFT;
+			else if(!$this->User->IsAdmin && TPropertyValue::ensureBoolean($this->Application->Parameters['PostApproval']))
+				$postRecord->Status=PostRecord::STATUS_PENDING;
+			else
+				$postRecord->Status=PostRecord::STATUS_PUBLISHED;
 			$postRecord->ModifyTime=time();
 			$cats=array();
 			foreach($this->Categories->SelectedValues as $value)
diff --git a/demos/blog/protected/Pages/Posts/ListPost.page b/demos/blog/protected/Pages/Posts/ListPost.page
index 15fc3d0c..4c96d6fb 100644
--- a/demos/blog/protected/Pages/Posts/ListPost.page
+++ b/demos/blog/protected/Pages/Posts/ListPost.page
@@ -1,5 +1,20 @@
 <com:TContent ID="Main">
 
+<com:TPanel ID="CategoryPanel" Visible="false" CssClass="category">
+<div class="category-name">
+<%= $this->Category->Name %>
+<com:TLinkButton
+	Text="[-]"
+	Tooltip="Delete this category"
+	Visible=<%= $this->User->IsAdmin %>
+	Attributes.onclick="if(!confirm('Are you sure to delete this category? Posts in this category will NOT be removed.')) return false;"
+	OnClick="deleteButtonClicked" />
+</div>
+<div class="category-description">
+<%= $this->Category->Description %>
+</div>
+</com:TPanel>
+
 <com:TRepeater ID="PostList" EnableViewState="false">
 	<prop:ItemTemplate>
 <div class="post">
@@ -24,4 +39,17 @@ posted by
 	</prop:ItemTemplate>
 </com:TRepeater>
 
+<div class="postlist-pager">
+<com:THyperLink
+	ID="PrevPage"
+	Visible="false"
+	Text="&lt; Previous Page"
+	/>
+<com:THyperLink
+	ID="NextPage"
+	Visible="false"
+	Text="Next Page &gt;"
+	/>
+</div>
+
 </com:TContent>
\ No newline at end of file
diff --git a/demos/blog/protected/Pages/Posts/ListPost.php b/demos/blog/protected/Pages/Posts/ListPost.php
index 6d56b543..bed18222 100644
--- a/demos/blog/protected/Pages/Posts/ListPost.php
+++ b/demos/blog/protected/Pages/Posts/ListPost.php
@@ -1,13 +1,59 @@
 <?php
+/**
+ * ListPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * ListPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class ListPost extends BlogPage
 {
-	const DEFAULT_LIMIT=10;
+	private $_posts;
+	private $_category;
 
-	public function getPosts()
+	public function onInit($param)
+	{
+		parent::onInit($param);
+		$this->_posts=$this->DataAccess->queryPosts(
+				$this->getPostFilter(),
+				$this->getCategoryFilter(),
+				'ORDER BY create_time DESC',
+				'LIMIT '.$this->getPageOffset().','.$this->getPageSize());
+		if($this->Request['cat']!==null)
+		{
+			$catID=TPropertyValue::ensureInteger($this->Request['cat']);
+			$this->_category=$this->DataAccess->queryCategoryByID($catID);
+			$this->CategoryPanel->Visible=true;
+		}
+	}
+
+	private function getPageOffset()
+	{
+		if(($offset=TPropertyValue::ensureInteger($this->Request['offset']))<=0)
+			$offset=0;
+		return $offset;
+	}
+
+	private function getPageSize()
+	{
+		if(($limit=TPropertyValue::ensureInteger($this->Request['limit']))<=0)
+			$limit=TPropertyValue::ensureInteger($this->Application->Parameters['PostPerPage']);
+		return $limit;
+	}
+
+	private function getTimeFilter()
 	{
-		$timeFilter='';
-		$catFilter='';
 		if(($time=TPropertyValue::ensureInteger($this->Request['time']))>0)
 		{
 			$year=(integer)($time/100);
@@ -19,25 +65,76 @@ class ListPost extends BlogPage
 				$year++;
 			}
 			$endTime=mktime(0,0,0,$month,1,$year);
-			$timeFilter="create_time>=$startTime AND create_time<$endTime";
+			return "create_time>=$startTime AND create_time<$endTime";
 		}
+		else
+			return '';
+	}
+
+	private function getPostFilter()
+	{
+		$filter='a.status=0';
+		if(($timeFilter=$this->getTimeFilter())!=='')
+			return "$filter AND $timeFilter";
+		else
+			return $filter;
+	}
+
+	private function getCategoryFilter()
+	{
 		if(($catID=$this->Request['cat'])!==null)
 		{
 			$catID=TPropertyValue::ensureInteger($catID);
-			$catFilter="category_id=$catID";
+			return "category_id=$catID";
 		}
-		if(($offset=TPropertyValue::ensureInteger($this->Request['offset']))<=0)
-			$offset=0;
-		if(($limit=TPropertyValue::ensureInteger($this->Request['limit']))<=0)
-			$limit=self::DEFAULT_LIMIT;
-		return $this->DataAccess->queryPosts('',$timeFilter,$catFilter,'ORDER BY create_time DESC',"LIMIT $offset,$limit");
+		else
+			return '';
+	}
+
+	private function formUrl($newOffset)
+	{
+		$gets=array();
+		$gets['offset']=$newOffset;
+		if($this->Request['limit']!==null)
+			$gets['limit']=$this->Request['limit'];
+		if($this->Request['time']!==null)
+			$gets['time']=$this->Request['time'];
+		if($this->Request['cat']!==null)
+			$gets['cat']=$this->Request['cat'];
+		return $this->Service->constructUrl('Posts.ListPost',$gets);
+	}
+
+	public function getCategory()
+	{
+		return $this->_category;
 	}
 
 	public function onLoad($param)
 	{
 		parent::onLoad($param);
-		$this->PostList->DataSource=$this->getPosts();
+		$this->PostList->DataSource=$this->_posts;
 		$this->PostList->dataBind();
+		if($this->getPageOffset()>0)
+		{
+			if(($offset=$this->getPageOffset()-$this->getPageSize())<0)
+				$offset=0;
+			$this->PrevPage->NavigateUrl=$this->formUrl($offset);
+			$this->PrevPage->Visible=true;
+		}
+		if(count($this->_posts)===$this->getPageSize())
+		{
+			$this->NextPage->NavigateUrl=$this->formUrl($this->getPageOffset()+$this->getPageSize());
+			$this->NextPage->Visible=true;
+		}
+	}
+
+	public function deleteButtonClicked($sender,$param)
+	{
+		if($this->User->IsAdmin)
+		{
+			$this->DataAccess->deleteCategory($this->Category->ID);
+			$this->gotoDefaultPage();
+		}
 	}
 }
 
diff --git a/demos/blog/protected/Pages/Posts/MyPost.page b/demos/blog/protected/Pages/Posts/MyPost.page
index 95a32ac9..ca153166 100644
--- a/demos/blog/protected/Pages/Posts/MyPost.page
+++ b/demos/blog/protected/Pages/Posts/MyPost.page
@@ -25,7 +25,7 @@
 	<com:TBoundColumn
 		HeaderText="Status"
 		DataField="Status"
-		DataFormatString="#{0}?'Published':'Draft'"
+		DataFormatString="#{0}===0?'Published':({0}===1?'Draft':'Pending')"
 		ItemStyle.Width="70px"
 		/>
 	<com:TBoundColumn
diff --git a/demos/blog/protected/Pages/Posts/MyPost.php b/demos/blog/protected/Pages/Posts/MyPost.php
index be03ca63..dff98426 100644
--- a/demos/blog/protected/Pages/Posts/MyPost.php
+++ b/demos/blog/protected/Pages/Posts/MyPost.php
@@ -1,5 +1,22 @@
 <?php
+/**
+ * MyPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * MyPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class MyPost extends BlogPage
 {
 	protected function bindData()
@@ -7,8 +24,8 @@ class MyPost extends BlogPage
 		$author=$this->User->ID;
 		$offset=$this->PostGrid->CurrentPageIndex*$this->PostGrid->PageSize;
 		$limit=$this->PostGrid->PageSize;
-		$this->PostGrid->DataSource=$this->DataAccess->queryPosts("author_id=$author",'','','ORDER BY a.status ASC, create_time DESC',"LIMIT $offset,$limit");
-		$this->PostGrid->VirtualItemCount=$this->DataAccess->queryPostCount("author_id=$author",'','');
+		$this->PostGrid->DataSource=$this->DataAccess->queryPosts("author_id=$author",'','ORDER BY a.status DESC, create_time DESC',"LIMIT $offset,$limit");
+		$this->PostGrid->VirtualItemCount=$this->DataAccess->queryPostCount("author_id=$author",'');
 		$this->PostGrid->dataBind();
 	}
 
diff --git a/demos/blog/protected/Pages/Posts/NewCategory.page b/demos/blog/protected/Pages/Posts/NewCategory.page
index 92fe1468..43dba79b 100644
--- a/demos/blog/protected/Pages/Posts/NewCategory.page
+++ b/demos/blog/protected/Pages/Posts/NewCategory.page
@@ -1,3 +1,5 @@
+<%@ Title="Create New Category" %>
+
 <com:TContent ID="Main">
 
 <h2>New Post Category</h2>
@@ -14,7 +16,7 @@
 	Display="Dynamic"
 	OnServerValidate="checkCategoryName"
 	Text="...must be unique"
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error1" />
 <br/>
 <com:TTextBox ID="CategoryName" Columns="50" MaxLength="128" />
 <br/>
@@ -27,10 +29,11 @@
 	Columns="50"
 	Rows="5" />
 <br/>
-
+<br/>
 <com:TLinkButton
 	Text="Save"
 	OnClick="saveButtonClicked"
+	CssClass="link-button"
 	ValidationGroup="category" />
 
 </com:TContent>
\ No newline at end of file
diff --git a/demos/blog/protected/Pages/Posts/NewCategory.php b/demos/blog/protected/Pages/Posts/NewCategory.php
index d36f6af1..215200a9 100644
--- a/demos/blog/protected/Pages/Posts/NewCategory.php
+++ b/demos/blog/protected/Pages/Posts/NewCategory.php
@@ -1,5 +1,22 @@
 <?php
+/**
+ * NewCategory class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * NewCategory class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class NewCategory extends BlogPage
 {
 	public function saveButtonClicked($sender,$param)
diff --git a/demos/blog/protected/Pages/Posts/NewPost.page b/demos/blog/protected/Pages/Posts/NewPost.page
index a49188f6..15071e3a 100644
--- a/demos/blog/protected/Pages/Posts/NewPost.page
+++ b/demos/blog/protected/Pages/Posts/NewPost.page
@@ -1,28 +1,31 @@
+<%@ Title="Write New Post" %>
+
 <com:TContent ID="Main">
 
-<h2>Write a New Post</h2>
+<h2>Write New Post</h2>
 
-Title
+<span class="input-label">Title</span>
 <com:TRequiredFieldValidator
 Display="Dynamic"
 	ControlToValidate="Title"
 	ErrorMessage="...is required"
 	ValidationGroup="post" />
 <br/>
-<com:TTextBox ID="Title" Columns="70" MaxLength="256" />
+<com:TTextBox ID="Title" Columns="80" MaxLength="256" />
 <br/>
 
-Content
+<span class="input-label">Content</span>
 <com:TRequiredFieldValidator
 Display="Dynamic"
 	ControlToValidate="Content"
 	ErrorMessage="...is required"
 	ValidationGroup="post" />
 <br/>
-<com:THtmlArea ID="Content" Width="450px" />
+<com:THtmlArea ID="Content" Width="500px" />
 <br/>
 
-Categories<br/>
+<span class="input-label">Categories</span>
+<br/>
 <com:TListBox
 	ID="Categories"
 	SelectionMode="Multiple"
@@ -32,10 +35,11 @@ Categories<br/>
 
 <com:TCheckBox ID="DraftMode" Text="in draft mode (the post will not be published)" />
 <br/>
-
+<br/>
 <com:TLinkButton
 	Text="Save"
 	OnClick="saveButtonClicked"
+	CssClass="link-button"
 	ValidationGroup="post" />
 
 </com:TContent>
\ No newline at end of file
diff --git a/demos/blog/protected/Pages/Posts/NewPost.php b/demos/blog/protected/Pages/Posts/NewPost.php
index 055c7f92..7d02557d 100644
--- a/demos/blog/protected/Pages/Posts/NewPost.php
+++ b/demos/blog/protected/Pages/Posts/NewPost.php
@@ -1,5 +1,22 @@
 <?php
+/**
+ * NewPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * NewPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class NewPost extends BlogPage
 {
 	public function onLoad($param)
@@ -17,9 +34,14 @@ class NewPost extends BlogPage
 		if($this->IsValid)
 		{
 			$postRecord=new PostRecord;
-			$postRecord->Title=$this->Title->Text;
-			$postRecord->Content=$this->Content->Text;
-			$postRecord->Status=$this->DraftMode->Checked?0:1;
+			$postRecord->Title=$this->Title->SafeText;
+			$postRecord->Content=$this->Content->SafeText;
+			if($this->DraftMode->Checked)
+				$postRecord->Status=PostRecord::STATUS_DRAFT;
+			else if(!$this->User->IsAdmin && TPropertyValue::ensureBoolean($this->Application->Parameters['PostApproval']))
+				$postRecord->Status=PostRecord::STATUS_PENDING;
+			else
+				$postRecord->Status=PostRecord::STATUS_PUBLISHED;
 			$postRecord->CreateTime=time();
 			$postRecord->AuthorID=$this->User->ID;
 			$cats=array();
diff --git a/demos/blog/protected/Pages/Posts/ViewPost.page b/demos/blog/protected/Pages/Posts/ViewPost.page
index 4b233615..5bd80a52 100644
--- a/demos/blog/protected/Pages/Posts/ViewPost.page
+++ b/demos/blog/protected/Pages/Posts/ViewPost.page
@@ -5,6 +5,10 @@
 <%= $this->CurrentPost->Title %>
 </div>
 <div class="post-time">
+<com:TLabel
+	ID="Status"
+	ForeColor="red"
+	Text=<%= $this->CurrentPost->Status===PostRecord::STATUS_DRAFT?'[Draft]':'[Pending approval]'%> />
 <%= date('l, F j, Y \a\t h:i:s a',$this->CurrentPost->CreateTime) %>
 by
 <%= '<a href="' . $this->Service->constructUrl('Users.ViewUser',array('id'=>$this->CurrentPost->AuthorID)) . '">' . $this->CurrentPost->AuthorName . '</a>' %>
@@ -47,11 +51,11 @@ by
 <%# date('F j, Y \a\t h:i:s a',$this->DataItem->CreateTime) %>
 by
 <%# $this->DataItem->AuthorWebsite==='' ?
-		$this->DataItem->AuthorName :
-		'<a href="' . $this->DataItem->AuthorWebsite . '">' . $this->DataItem->AuthorName . '</a>' %>
+		htmlentities($this->DataItem->AuthorName,ENT_QUOTES,'UTF-8') :
+		'<a href="' . htmlentities($this->DataItem->AuthorWebsite) . '">' . htmlentities($this->DataItem->AuthorName,ENT_QUOTES,'UTF-8') . '</a>' %>
 </div>
 <div class="comment-content">
-<%# $this->DataItem->Content %>
+<%# nl2br(htmlentities($this->DataItem->Content,ENT_QUOTES,'UTF-8')) %>
 </div>
 </div>
 	</prop:ItemTemplate>
@@ -65,7 +69,7 @@ by
 	ValidationGroup="comment""
 	Display="Dynamic"
 	Text="...is required"
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error1" />
 <br/>
 <com:TTextBox ID="CommentAuthor" />
 <br/>
@@ -76,14 +80,14 @@ by
 	ValidationGroup="comment""
 	Display="Dynamic"
 	Text="...is required"
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error1" />
 <com:TEmailAddressValidator
 	ControlToValidate="CommentEmail"
 	ValidationGroup="comment"
 	Display="Dynamic"
 	Text="*"
 	ErrorMessage="You entered an invalid email address."
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error2" />
 <br/>
 <com:TTextBox ID="CommentEmail" />
 <br/>
@@ -99,14 +103,16 @@ by
 	ValidationGroup="comment"
 	Display="Dynamic"
 	Text="...is required"
-	ControlCssClass="inputerror" />
+	ControlCssClass="input-error1" />
 <br/>
 <com:TTextBox ID="CommentContent" TextMode="MultiLine" Columns="55" Rows="10"/>
 <br/>
+<br/>
 
 <com:TLinkButton
 	Text="Submit"
 	ValidationGroup="comment"
+	CssClass="link-button"
 	OnClick="submitCommentButtonClicked" />
 
 </div>
diff --git a/demos/blog/protected/Pages/Posts/ViewPost.php b/demos/blog/protected/Pages/Posts/ViewPost.php
index 309bedc1..84f33cff 100644
--- a/demos/blog/protected/Pages/Posts/ViewPost.php
+++ b/demos/blog/protected/Pages/Posts/ViewPost.php
@@ -1,40 +1,57 @@
 <?php
+/**
+ * ViewPost class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Revision: $  $Date: $
+ */
 
+/**
+ * ViewPost class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
 class ViewPost extends BlogPage
 {
-	private $_postID=null;
 	private $_post=null;
 
-	public function getPostID()
-	{
-		if($this->_postID===null)
-			$this->_postID=TPropertyValue::ensureInteger($this->Request['id']);
-		return $this->_postID;
-	}
-
-	public function getCurrentPost()
+	public function onInit($param)
 	{
+		parent::onInit($param);
+		$id=TPropertyValue::ensureInteger($this->Request['id']);
+		$this->_post=$this->DataAccess->queryPostByID($id);
 		if($this->_post===null)
-		{
-			if(($this->_post=$this->DataAccess->queryPostByID($this->getPostID()))===null)
-				$this->reportError(BlogErrors::ERROR_POST_NOT_FOUND);
-		}
-		return $this->_post;
+			throw new BlogException(500,'post_id_invalid',$id);
+		// if post is not published, only the author and admin can view it
+		if($this->_post->Status!==PostRecord::STATUS_PUBLISHED && !$this->User->IsAdmin && $this->User->ID!==$this->_post->AuthorID)
+			throw new BlogException(500,'post_view_disallowed',$id);
+		$this->Title=htmlentities($this->_post->Title,ENT_QUOTES,'UTF-8');
 	}
 
 	public function getCanEditPost()
 	{
 		$user=$this->getUser();
-		$authorID=$this->getCurrentPost()->AuthorID;
-		return $authorID===$user->getID() || $user->isInRole('admin');
+		return $user->getIsAdmin() || $user->getID()===$this->_post->AuthorID;
+	}
+
+	public function getCurrentPost()
+	{
+		return $this->_post;
 	}
 
 	public function onLoad($param)
 	{
 		parent::onLoad($param);
-		$this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->getPostID());
+		$this->Status->Visible=$this->_post->Status!==PostRecord::STATUS_PUBLISHED;
+		$this->CategoryList->DataSource=$this->DataAccess->queryCategoriesByPostID($this->_post->ID);
 		$this->CategoryList->dataBind();
-		$this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->getPostID());
+		$this->CommentList->DataSource=$this->DataAccess->queryCommentsByPostID($this->_post->ID);
 		$this->CommentList->dataBind();
 	}
 
@@ -44,11 +61,11 @@ class ViewPost extends BlogPage
 		{
 			$commentRecord=new CommentRecord;
 			$commentRecord->PostID=$this->CurrentPost->ID;
-			$commentRecord->AuthorName=$this->CommentAuthor->Text;
+			$commentRecord->AuthorName=$this->CommentAuthor->SafeText;
 			$commentRecord->AuthorEmail=$this->CommentEmail->Text;
-			$commentRecord->AuthorWebsite=$this->CommentWebsite->Text;
+			$commentRecord->AuthorWebsite=$this->CommentWebsite->SafeText;
 			$commentRecord->AuthorIP=$this->Request->UserHostAddress;
-			$commentRecord->Content=$this->CommentContent->Text;
+			$commentRecord->Content=$this->CommentContent->SafeText;
 			$commentRecord->CreateTime=time();
 			$commentRecord->Status=0;
 			$this->DataAccess->insertComment($commentRecord);
diff --git a/demos/blog/protected/Pages/Posts/config.xml b/demos/blog/protected/Pages/Posts/config.xml
index 1c04e946..f3684e58 100644
--- a/demos/blog/protected/Pages/Posts/config.xml
+++ b/demos/blog/protected/Pages/Posts/config.xml
@@ -3,5 +3,7 @@
 <configuration>
   <authorization>
     <deny pages="EditPost,NewPost,MyPost" users="?" />
+    <allow pages="NewCategory,EditCategory" roles="admin" />
+    <deny pages="NewCategory,EditCategory" users="*" />
   </authorization>
 </configuration>
\ No newline at end of file
-- 
cgit v1.2.3