diff options
| author | Kate Arzamastseva <pshns@ukr.net> | 2011-06-23 14:16:15 +0300 |
|---|---|---|
| committer | Kate Arzamastseva <pshns@ukr.net> | 2011-06-23 14:16:15 +0300 |
| commit | 88a71175e3de9e3ad8b20ca9eb710aaf773cb788 (patch) | |
| tree | 509ed515b81eae97933c88dbb3439c492cccd605 | |
| parent | 532850ed047e0f35268eb1a5d4cf85c80f228dc5 (diff) | |
| download | rpg-88a71175e3de9e3ad8b20ca9eb710aaf773cb788.tar.gz rpg-88a71175e3de9e3ad8b20ca9eb710aaf773cb788.tar.bz2 | |
media manager auth fix
| -rw-r--r-- | inc/lang/en/lang.php | 2 | ||||
| -rw-r--r-- | inc/media.php | 27 | ||||
| -rw-r--r-- | inc/template.php | 3 | ||||
| -rw-r--r-- | lib/exe/mediamanager.php | 4 |
4 files changed, 29 insertions, 7 deletions
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index 6fb387a89..a55981983 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -338,5 +338,7 @@ $lang['media_view'] = 'View'; $lang['media_edit'] = 'Edit'; $lang['media_history'] = 'These are the older revisions of the file.'; $lang['media_meta_edited']= 'metadata edited'; +$lang['media_perm_read'] = 'Sorry, you don\'t have enough rights to read files.'; +$lang['media_perm_upload']= 'Sorry, you don\'t have enough rights to upload files.'; //Setup VIM: ex: et ts=2 : diff --git a/inc/media.php b/inc/media.php index 461a13665..fc7f72941 100644 --- a/inc/media.php +++ b/inc/media.php @@ -89,9 +89,13 @@ function media_metasave($id,$auth,$data){ * @author Kate Arzamastseva <pshns@ukr.net> */ function media_metaform($id,$auth,$fullscreen = false){ - if($auth < AUTH_UPLOAD) return false; global $lang, $config_cascade; + if($auth < AUTH_UPLOAD) { + echo '<div class="nothing">'.$lang['media_perm_upload'].'</div>'.NL; + return false; + } + // load the field descriptions static $fields = null; if(is_null($fields)){ @@ -637,7 +641,7 @@ function media_tab_files($ns,$auth=null,$jump='') { $view = $_REQUEST['view']; if($auth < AUTH_READ){ - echo '<div class="nothing">'.$lang['nothingfound'].'</div>'.NL; + echo '<div class="nothing">'.$lang['media_perm_read'].'</div>'.NL; }else{ if ($view == 'list') { echo '<ul class="mediamanager-file-list mediamanager-list" id="id-mediamanager-file-list">'; @@ -766,6 +770,8 @@ function media_tab_history($image, $ns, $auth=null) { $first = isset($_REQUEST['first']) ? intval($_REQUEST['first']) : 0; html_revisions($first, $image); } + } else { + echo '<div class="nothing">'.$lang['media_perm_read'].'</div>'.NL; } echo '</div>'; echo '</div>'; @@ -778,7 +784,11 @@ function media_tab_history($image, $ns, $auth=null) { */ function media_preview($image, $auth, $rev=false) { global $lang; - if ($auth < AUTH_READ || !$image) return ''; + if (!$image) return ''; + if ($auth < AUTH_READ) { + echo '<div class="nothing">'.$lang['media_perm_read'].'</div>'.NL; + return ''; + } $info = getimagesize(mediaFN($image)); $w = (int) $info[0]; @@ -810,6 +820,12 @@ function media_preview($image, $auth, $rev=false) { function media_details($image, $auth, $rev=false) { global $lang, $config_cascade;; + if (!$image) return ''; + if ($auth < AUTH_READ) { + echo '<div class="nothing">'.$lang['media_perm_read'].'</div>'.NL; + return ''; + } + // load the field descriptions static $tags = null; if(is_null($tags)){ @@ -1196,7 +1212,10 @@ function media_managerURL($params=false, $amp='&') { function media_uploadform($ns, $auth, $fullscreen = false){ global $lang; - if($auth < AUTH_UPLOAD) return; //fixme print info on missing permissions? + if($auth < AUTH_UPLOAD) { + echo '<div class="nothing">'.$lang['media_perm_upload'].'</div>'.NL; + return; + } // The default HTML upload form $params = array('id' => 'dw__upload', diff --git a/inc/template.php b/inc/template.php index 5d29f6950..051679fb9 100644 --- a/inc/template.php +++ b/inc/template.php @@ -1423,7 +1423,8 @@ function tpl_getFavicon($abs=false) { */ function tpl_media() { // - global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $lang; + global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $lang, $fullscreen; + $fullscreen = true; require_once(DOKU_INC.'lib/exe/mediamanager.php'); echo '<div class="mediamanager" id="id-mediamanager">'; diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index d4ebc2d38..24dd5f911 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -35,7 +35,7 @@ $AUTH = auth_quickaclcheck("$NS:*"); // do not display the manager if user does not have read access - if($AUTH < AUTH_READ) { + if($AUTH < AUTH_READ && !$fullscreen) { header('HTTP/1.0 403 Forbidden'); die($lang['accessdenied']); } @@ -108,7 +108,7 @@ } // finished - start output - if (!($_REQUEST['do'] == 'media')) { + if (!$fullscreen) { header('Content-Type: text/html; charset=utf-8'); include(template('mediamanager.php')); } |