add two helper account access levels:
- read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers
This commit is contained in:
parent
7a52560e4e
commit
9e8d69739f
11
backend.php
11
backend.php
|
@ -86,10 +86,13 @@
|
||||||
1440 => __("Daily"),
|
1440 => __("Daily"),
|
||||||
10080 => __("Weekly"));
|
10080 => __("Weekly"));
|
||||||
|
|
||||||
$access_level_names = array(
|
$access_level_names = [
|
||||||
0 => __("User"),
|
UserHelper::ACCESS_LEVEL_DISABLED => __("Disabled"),
|
||||||
5 => __("Power User"),
|
UserHelper::ACCESS_LEVEL_READONLY => __("Read Only"),
|
||||||
10 => __("Administrator"));
|
UserHelper::ACCESS_LEVEL_USER => __("User"),
|
||||||
|
UserHelper::ACCESS_LEVEL_POWERUSER => __("Power User"),
|
||||||
|
UserHelper::ACCESS_LEVEL_ADMIN => __("Administrator")
|
||||||
|
];
|
||||||
|
|
||||||
// shortcut syntax for plugin methods (?op=plugin--pmethod&...params)
|
// shortcut syntax for plugin methods (?op=plugin--pmethod&...params)
|
||||||
/* if (strpos($op, PluginHost::PUBLIC_METHOD_DELIMITER) !== false) {
|
/* if (strpos($op, PluginHost::PUBLIC_METHOD_DELIMITER) !== false) {
|
||||||
|
|
|
@ -1027,10 +1027,17 @@ class Feeds extends Handler_Protected {
|
||||||
* 5 - Couldn't download the URL content.
|
* 5 - Couldn't download the URL content.
|
||||||
* 6 - Content is an invalid XML.
|
* 6 - Content is an invalid XML.
|
||||||
* 7 - Error while creating feed database entry.
|
* 7 - Error while creating feed database entry.
|
||||||
|
* 8 - Permission denied (ACCESS_LEVEL_READONLY).
|
||||||
*/
|
*/
|
||||||
static function _subscribe($url, $cat_id = 0,
|
static function _subscribe($url, $cat_id = 0,
|
||||||
$auth_login = '', $auth_pass = '') : array {
|
$auth_login = '', $auth_pass = '') : array {
|
||||||
|
|
||||||
|
$user = ORM::for_table("ttrss_users")->find_one($_SESSION['uid']);
|
||||||
|
|
||||||
|
if ($user && $user->access_level == UserHelper::ACCESS_LEVEL_READONLY) {
|
||||||
|
return ["code" => 8];
|
||||||
|
}
|
||||||
|
|
||||||
$pdo = Db::pdo();
|
$pdo = Db::pdo();
|
||||||
|
|
||||||
$url = UrlHelper::validate($url);
|
$url = UrlHelper::validate($url);
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
class Handler_Administrative extends Handler_Protected {
|
class Handler_Administrative extends Handler_Protected {
|
||||||
function before($method) {
|
function before($method) {
|
||||||
if (parent::before($method)) {
|
if (parent::before($method)) {
|
||||||
if (($_SESSION["access_level"] ?? 0) >= 10) {
|
if (($_SESSION["access_level"] ?? 0) >= UserHelper::ACCESS_LEVEL_ADMIN) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -538,6 +538,8 @@ class Pref_Feeds extends Handler_Protected {
|
||||||
$local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ];
|
$local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$user = ORM::for_table("ttrss_users")->find_one($_SESSION["uid"]);
|
||||||
|
|
||||||
print json_encode([
|
print json_encode([
|
||||||
"feed" => $row,
|
"feed" => $row,
|
||||||
"cats" => [
|
"cats" => [
|
||||||
|
@ -550,6 +552,9 @@ class Pref_Feeds extends Handler_Protected {
|
||||||
"update" => $local_update_intervals,
|
"update" => $local_update_intervals,
|
||||||
"purge" => $local_purge_intervals,
|
"purge" => $local_purge_intervals,
|
||||||
],
|
],
|
||||||
|
"user" => [
|
||||||
|
"access_level" => $user->access_level
|
||||||
|
],
|
||||||
"lang" => [
|
"lang" => [
|
||||||
"enabled" => Config::get(Config::DB_TYPE) == "pgsql",
|
"enabled" => Config::get(Config::DB_TYPE) == "pgsql",
|
||||||
"default" => get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE),
|
"default" => get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE),
|
||||||
|
@ -1207,6 +1212,13 @@ class Pref_Feeds extends Handler_Protected {
|
||||||
$login = clean($_REQUEST['login']);
|
$login = clean($_REQUEST['login']);
|
||||||
$pass = clean($_REQUEST['pass']);
|
$pass = clean($_REQUEST['pass']);
|
||||||
|
|
||||||
|
$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
|
||||||
|
|
||||||
|
// TODO: we should return some kind of error code to frontend here
|
||||||
|
if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
|
$csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
|
||||||
WHERE feed_url = ? AND owner_uid = ?");
|
WHERE feed_url = ? AND owner_uid = ?");
|
||||||
|
|
||||||
|
|
|
@ -813,7 +813,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
|
|
||||||
usort($rv, function($a, $b) { return strcmp($a["name"], $b["name"]); });
|
usort($rv, function($a, $b) { return strcmp($a["name"], $b["name"]); });
|
||||||
|
|
||||||
print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= 10]);
|
print json_encode(['plugins' => $rv, 'is_admin' => $_SESSION['access_level'] >= UserHelper::ACCESS_LEVEL_ADMIN]);
|
||||||
}
|
}
|
||||||
|
|
||||||
function index_plugins() {
|
function index_plugins() {
|
||||||
|
@ -890,7 +890,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
|
|
||||||
<?= \Controls\button_tag(\Controls\icon("refresh"), "", ["title" => __("Reload"), "onclick" => "Helpers.Plugins.reload()"]) ?>
|
<?= \Controls\button_tag(\Controls\icon("refresh"), "", ["title" => __("Reload"), "onclick" => "Helpers.Plugins.reload()"]) ?>
|
||||||
|
|
||||||
<?php if ($_SESSION["access_level"] >= 10) { ?>
|
<?php if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { ?>
|
||||||
<?php if (Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { ?>
|
<?php if (Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) { ?>
|
||||||
|
|
||||||
<button class='alt-warning' dojoType='dijit.form.Button' onclick="Helpers.Plugins.update()">
|
<button class='alt-warning' dojoType='dijit.form.Button' onclick="Helpers.Plugins.update()">
|
||||||
|
@ -1152,7 +1152,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
function uninstallPlugin() {
|
function uninstallPlugin() {
|
||||||
if ($_SESSION["access_level"] >= 10) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
|
||||||
$plugin_name = basename(clean($_REQUEST['plugin']));
|
$plugin_name = basename(clean($_REQUEST['plugin']));
|
||||||
$status = 0;
|
$status = 0;
|
||||||
|
|
||||||
|
@ -1167,7 +1167,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
function installPlugin() {
|
function installPlugin() {
|
||||||
if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
|
||||||
$plugin_name = basename(clean($_REQUEST['plugin']));
|
$plugin_name = basename(clean($_REQUEST['plugin']));
|
||||||
$all_plugins = $this->_get_available_plugins();
|
$all_plugins = $this->_get_available_plugins();
|
||||||
$plugin_dir = dirname(dirname(__DIR__)) . "/plugins.local";
|
$plugin_dir = dirname(dirname(__DIR__)) . "/plugins.local";
|
||||||
|
@ -1252,18 +1252,18 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
private function _get_available_plugins() {
|
private function _get_available_plugins() {
|
||||||
if ($_SESSION["access_level"] >= 10 && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::ENABLE_PLUGIN_INSTALLER)) {
|
||||||
return json_decode(UrlHelper::fetch(['url' => 'https://tt-rss.org/plugins.json']), true);
|
return json_decode(UrlHelper::fetch(['url' => 'https://tt-rss.org/plugins.json']), true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
function getAvailablePlugins() {
|
function getAvailablePlugins() {
|
||||||
if ($_SESSION["access_level"] >= 10) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
|
||||||
print json_encode($this->_get_available_plugins());
|
print json_encode($this->_get_available_plugins());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkForPluginUpdates() {
|
function checkForPluginUpdates() {
|
||||||
if ($_SESSION["access_level"] >= 10 && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && Config::get(Config::CHECK_FOR_UPDATES) && Config::get(Config::CHECK_FOR_PLUGIN_UPDATES)) {
|
||||||
$plugin_name = $_REQUEST["name"] ?? "";
|
$plugin_name = $_REQUEST["name"] ?? "";
|
||||||
|
|
||||||
$root_dir = dirname(dirname(__DIR__)); # we're in classes/pref/
|
$root_dir = dirname(dirname(__DIR__)); # we're in classes/pref/
|
||||||
|
@ -1279,7 +1279,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
function updateLocalPlugins() {
|
function updateLocalPlugins() {
|
||||||
if ($_SESSION["access_level"] >= 10) {
|
if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) {
|
||||||
$plugins = explode(",", $_REQUEST["plugins"] ?? "");
|
$plugins = explode(",", $_REQUEST["plugins"] ?? "");
|
||||||
|
|
||||||
# we're in classes/pref/
|
# we're in classes/pref/
|
||||||
|
|
|
@ -299,7 +299,8 @@ class RPC extends Handler_Protected {
|
||||||
ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
||||||
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
||||||
WHERE
|
WHERE
|
||||||
f.owner_uid = u.id
|
f.owner_uid = u.id AND
|
||||||
|
u.access_level NOT IN (".sprintf("%d, %d", UserHelper::ACCESS_LEVEL_DISABLED, UserHelper::ACCESS_LEVEL_READONLY).")
|
||||||
$owner_check_qpart
|
$owner_check_qpart
|
||||||
$update_limit_qpart
|
$update_limit_qpart
|
||||||
$updstart_thresh_qpart
|
$updstart_thresh_qpart
|
||||||
|
@ -403,7 +404,7 @@ class RPC extends Handler_Protected {
|
||||||
$git_timestamp = $version["timestamp"] ?? false;
|
$git_timestamp = $version["timestamp"] ?? false;
|
||||||
$git_commit = $version["commit"] ?? false;
|
$git_commit = $version["commit"] ?? false;
|
||||||
|
|
||||||
if (Config::get(Config::CHECK_FOR_UPDATES) && $_SESSION["access_level"] >= 10 && $git_timestamp) {
|
if (Config::get(Config::CHECK_FOR_UPDATES) && $_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN && $git_timestamp) {
|
||||||
$content = @UrlHelper::fetch(["url" => "https://tt-rss.org/version.json"]);
|
$content = @UrlHelper::fetch(["url" => "https://tt-rss.org/version.json"]);
|
||||||
|
|
||||||
if ($content) {
|
if ($content) {
|
||||||
|
@ -510,7 +511,7 @@ class RPC extends Handler_Protected {
|
||||||
$data['cdm_expanded'] = get_pref(Prefs::CDM_EXPANDED);
|
$data['cdm_expanded'] = get_pref(Prefs::CDM_EXPANDED);
|
||||||
$data["labels"] = Labels::get_all($_SESSION["uid"]);
|
$data["labels"] = Labels::get_all($_SESSION["uid"]);
|
||||||
|
|
||||||
if (Config::get(Config::LOG_DESTINATION) == 'sql' && $_SESSION['access_level'] >= 10) {
|
if (Config::get(Config::LOG_DESTINATION) == 'sql' && $_SESSION['access_level'] >= UserHelper::ACCESS_LEVEL_ADMIN) {
|
||||||
if (Config::get(Config::DB_TYPE) == 'pgsql') {
|
if (Config::get(Config::DB_TYPE) == 'pgsql') {
|
||||||
$log_interval = "created_at > NOW() - interval '1 hour'";
|
$log_interval = "created_at > NOW() - interval '1 hour'";
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -123,7 +123,8 @@ class RSSUtils {
|
||||||
ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
||||||
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
||||||
WHERE
|
WHERE
|
||||||
f.owner_uid = u.id
|
f.owner_uid = u.id AND
|
||||||
|
u.access_level NOT IN (".sprintf("%d, %d", UserHelper::ACCESS_LEVEL_DISABLED, UserHelper::ACCESS_LEVEL_READONLY).")
|
||||||
$login_thresh_qpart
|
$login_thresh_qpart
|
||||||
$update_limit_qpart
|
$update_limit_qpart
|
||||||
$updstart_thresh_qpart
|
$updstart_thresh_qpart
|
||||||
|
@ -163,7 +164,8 @@ class RSSUtils {
|
||||||
FROM ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
FROM ttrss_feeds f, ttrss_users u LEFT JOIN ttrss_user_prefs2 p ON
|
||||||
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
(p.owner_uid = u.id AND profile IS NULL AND pref_name = 'DEFAULT_UPDATE_INTERVAL')
|
||||||
WHERE
|
WHERE
|
||||||
f.owner_uid = u.id
|
f.owner_uid = u.id AND
|
||||||
|
u.access_level NOT IN (".sprintf("%d, %d", UserHelper::ACCESS_LEVEL_DISABLED, UserHelper::ACCESS_LEVEL_READONLY).")
|
||||||
AND feed_url = :feed
|
AND feed_url = :feed
|
||||||
$login_thresh_qpart
|
$login_thresh_qpart
|
||||||
$update_limit_qpart
|
$update_limit_qpart
|
||||||
|
@ -352,6 +354,19 @@ class RSSUtils {
|
||||||
if (!$feed_language) $feed_language = mb_strtolower(get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE, $feed_obj->owner_uid));
|
if (!$feed_language) $feed_language = mb_strtolower(get_pref(Prefs::DEFAULT_SEARCH_LANGUAGE, $feed_obj->owner_uid));
|
||||||
if (!$feed_language) $feed_language = 'simple';
|
if (!$feed_language) $feed_language = 'simple';
|
||||||
|
|
||||||
|
$user = ORM::for_table('ttrss_users')->find_one($feed_obj->owner_uid);
|
||||||
|
|
||||||
|
if ($user) {
|
||||||
|
if ($user->access_level == UserHelper::ACCESS_LEVEL_READONLY) {
|
||||||
|
Debug::log("error: denied update for $feed: permission denied by owner access level");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// this would indicate database corruption of some kind
|
||||||
|
Debug::log("error: owner not found for feed: $feed");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
Debug::log("error: feeds table record not found for feed: $feed");
|
Debug::log("error: feeds table record not found for feed: $feed");
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -17,6 +17,21 @@ class UserHelper {
|
||||||
self::HASH_ALGO_SHA1
|
self::HASH_ALGO_SHA1
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/** forbidden to login */
|
||||||
|
const ACCESS_LEVEL_DISABLED = -2;
|
||||||
|
|
||||||
|
/** can't subscribe to new feeds, feeds are not updated */
|
||||||
|
const ACCESS_LEVEL_READONLY = -1;
|
||||||
|
|
||||||
|
/** no restrictions, regular user */
|
||||||
|
const ACCESS_LEVEL_USER = 0;
|
||||||
|
|
||||||
|
/** not used, same as regular user */
|
||||||
|
const ACCESS_LEVEL_POWERUSER = 5;
|
||||||
|
|
||||||
|
/** has administrator permissions */
|
||||||
|
const ACCESS_LEVEL_ADMIN = 10;
|
||||||
|
|
||||||
static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
|
static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
|
||||||
if (!Config::get(Config::SINGLE_USER_MODE)) {
|
if (!Config::get(Config::SINGLE_USER_MODE)) {
|
||||||
$user_id = false;
|
$user_id = false;
|
||||||
|
@ -41,7 +56,7 @@ class UserHelper {
|
||||||
|
|
||||||
$user = ORM::for_table('ttrss_users')->find_one($user_id);
|
$user = ORM::for_table('ttrss_users')->find_one($user_id);
|
||||||
|
|
||||||
if ($user) {
|
if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) {
|
||||||
$_SESSION["uid"] = $user_id;
|
$_SESSION["uid"] = $user_id;
|
||||||
$_SESSION["auth_module"] = $auth_module;
|
$_SESSION["auth_module"] = $auth_module;
|
||||||
$_SESSION["name"] = $user->login;
|
$_SESSION["name"] = $user->login;
|
||||||
|
@ -68,7 +83,7 @@ class UserHelper {
|
||||||
|
|
||||||
$_SESSION["uid"] = 1;
|
$_SESSION["uid"] = 1;
|
||||||
$_SESSION["name"] = "admin";
|
$_SESSION["name"] = "admin";
|
||||||
$_SESSION["access_level"] = 10;
|
$_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN;
|
||||||
|
|
||||||
$_SESSION["hide_hello"] = true;
|
$_SESSION["hide_hello"] = true;
|
||||||
$_SESSION["hide_logout"] = true;
|
$_SESSION["hide_logout"] = true;
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
namespace Sessions;
|
namespace Sessions;
|
||||||
|
|
||||||
|
use UserHelper;
|
||||||
|
|
||||||
require_once "autoload.php";
|
require_once "autoload.php";
|
||||||
require_once "functions.php";
|
require_once "functions.php";
|
||||||
require_once "errorhandler.php";
|
require_once "errorhandler.php";
|
||||||
|
@ -42,6 +44,11 @@
|
||||||
$_SESSION["login_error_msg"] = __("Session failed to validate (password changed)");
|
$_SESSION["login_error_msg"] = __("Session failed to validate (password changed)");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user->access_level == UserHelper::ACCESS_LEVEL_DISABLED) {
|
||||||
|
$_SESSION["login_error_msg"] = __("Session failed to validate (account is disabled)");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$_SESSION["login_error_msg"] = __("Session failed to validate (user not found)");
|
$_SESSION["login_error_msg"] = __("Session failed to validate (user not found)");
|
||||||
return false;
|
return false;
|
||||||
|
|
12
js/App.js
12
js/App.js
|
@ -17,6 +17,9 @@ const App = {
|
||||||
hotkey_actions: {},
|
hotkey_actions: {},
|
||||||
is_prefs: false,
|
is_prefs: false,
|
||||||
LABEL_BASE_INDEX: -1024,
|
LABEL_BASE_INDEX: -1024,
|
||||||
|
UserAccessLevels: {
|
||||||
|
ACCESS_LEVEL_READONLY: -1
|
||||||
|
},
|
||||||
_translations: {},
|
_translations: {},
|
||||||
Hash: {
|
Hash: {
|
||||||
get: function() {
|
get: function() {
|
||||||
|
@ -76,10 +79,15 @@ const App = {
|
||||||
</select>
|
</select>
|
||||||
`
|
`
|
||||||
},
|
},
|
||||||
select_hash: function(name, value, values = {}, attributes = {}, id = "") {
|
select_hash: function(name, value, values = {}, attributes = {}, id = "", params = {}) {
|
||||||
|
let keys = Object.keys(values);
|
||||||
|
|
||||||
|
if (params.numeric_sort)
|
||||||
|
keys = keys.sort((a,b) => a - b);
|
||||||
|
|
||||||
return `
|
return `
|
||||||
<select name="${name}" dojoType="fox.form.Select" id="${App.escapeHtml(id)}" ${this.attributes_to_string(attributes)}>
|
<select name="${name}" dojoType="fox.form.Select" id="${App.escapeHtml(id)}" ${this.attributes_to_string(attributes)}>
|
||||||
${Object.keys(values).map((vk) =>
|
${keys.map((vk) =>
|
||||||
`<option ${vk == value ? 'selected="selected"' : ''} value="${App.escapeHtml(vk)}">${App.escapeHtml(values[vk])}</option>`
|
`<option ${vk == value ? 'selected="selected"' : ''} value="${App.escapeHtml(vk)}">${App.escapeHtml(values[vk])}</option>`
|
||||||
).join("")}
|
).join("")}
|
||||||
</select>
|
</select>
|
||||||
|
|
|
@ -131,6 +131,9 @@ const CommonDialogs = {
|
||||||
console.log(rc);
|
console.log(rc);
|
||||||
|
|
||||||
switch (parseInt(rc['code'])) {
|
switch (parseInt(rc['code'])) {
|
||||||
|
case 0:
|
||||||
|
dialog.show_error(__("You are already subscribed to this feed."));
|
||||||
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
dialog.hide();
|
dialog.hide();
|
||||||
Notify.info(__("Subscribed to %s").replace("%s", feed_url));
|
Notify.info(__("Subscribed to %s").replace("%s", feed_url));
|
||||||
|
@ -175,8 +178,11 @@ const CommonDialogs = {
|
||||||
case 6:
|
case 6:
|
||||||
dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message']));
|
dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message']));
|
||||||
break;
|
break;
|
||||||
case 0:
|
case 7:
|
||||||
dialog.show_error(__("You are already subscribed to this feed."));
|
dialog.show_error(__("Error while creating feed database entry."));
|
||||||
|
break;
|
||||||
|
case 8:
|
||||||
|
dialog.show_error(__("You are not allowed to perform this operation."));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -451,6 +457,7 @@ const CommonDialogs = {
|
||||||
|
|
||||||
xhr.json("backend.php", {op: "pref-feeds", method: "editfeed", id: feed_id}, (reply) => {
|
xhr.json("backend.php", {op: "pref-feeds", method: "editfeed", id: feed_id}, (reply) => {
|
||||||
const feed = reply.feed;
|
const feed = reply.feed;
|
||||||
|
const is_readonly = reply.user.access_level == App.UserAccessLevels.ACCESS_LEVEL_READONLY;
|
||||||
|
|
||||||
// for unsub prompt
|
// for unsub prompt
|
||||||
dialog.feed_title = feed.title;
|
dialog.feed_title = feed.title;
|
||||||
|
@ -524,7 +531,9 @@ const CommonDialogs = {
|
||||||
|
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label>${__("Update interval:")}</label>
|
<label>${__("Update interval:")}</label>
|
||||||
${App.FormFields.select_hash("update_interval", feed.update_interval, reply.intervals.update)}
|
${App.FormFields.select_hash("update_interval", is_readonly ? -1 : feed.update_interval,
|
||||||
|
reply.intervals.update,
|
||||||
|
{disabled: is_readonly})}
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label>${__('Article purging:')}</label>
|
<label>${__('Article purging:')}</label>
|
||||||
|
|
|
@ -75,7 +75,7 @@ const Users = {
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label>${__('Access level: ')}</label>
|
<label>${__('Access level: ')}</label>
|
||||||
${App.FormFields.select_hash("access_level",
|
${App.FormFields.select_hash("access_level",
|
||||||
user.access_level, reply.access_level_names, {disabled: admin_disabled.toString()})}
|
user.access_level, reply.access_level_names, {disabled: admin_disabled.toString()}, "", {numeric_sort: true})}
|
||||||
|
|
||||||
${admin_disabled ? App.FormFields.hidden_tag("access_level",
|
${admin_disabled ? App.FormFields.hidden_tag("access_level",
|
||||||
user.access_level.toString()) : ''}
|
user.access_level.toString()) : ''}
|
||||||
|
|
|
@ -148,7 +148,7 @@
|
||||||
style="padding : 0px"
|
style="padding : 0px"
|
||||||
href="backend.php?op=pref-labels"
|
href="backend.php?op=pref-labels"
|
||||||
title="<i class='material-icons'>label_outline1</i> <?= __('Labels') ?>"></div>
|
title="<i class='material-icons'>label_outline1</i> <?= __('Labels') ?>"></div>
|
||||||
<?php if ($_SESSION["access_level"] >= 10) { ?>
|
<?php if ($_SESSION["access_level"] >= UserHelper::ACCESS_LEVEL_ADMIN) { ?>
|
||||||
<div id="usersTab" dojoType="dijit.layout.ContentPane"
|
<div id="usersTab" dojoType="dijit.layout.ContentPane"
|
||||||
style="padding : 0px"
|
style="padding : 0px"
|
||||||
href="backend.php?op=pref-users"
|
href="backend.php?op=pref-users"
|
||||||
|
|
Loading…
Reference in New Issue