Зуев Егор / wiki.dev

Go to a project
Toggle navigation
Toggle navigation pinning
Dan Brown
b662670e 1 parent 771626b6

Prevented guest users creating draft pages.

Inline Side-by-side
Showing 6 changed files with 92 additions and 15 deletions
...@@ -44,20 +44,53 @@ class PageController extends Controller ...@@ -44,20 +44,53 @@ class PageController extends Controller
44 /** 44 /**
45 * Show the form for creating a new page. 45 * Show the form for creating a new page.
46 * @param string $bookSlug 46 * @param string $bookSlug
47 - * @param bool $chapterSlug 47 + * @param string $chapterSlug
48 * @return Response 48 * @return Response
49 * @internal param bool $pageSlug 49 * @internal param bool $pageSlug
50 */ 50 */
51 - public function create($bookSlug, $chapterSlug = false) 51 + public function create($bookSlug, $chapterSlug = null)
52 { 52 {
53 $book = $this->bookRepo->getBySlug($bookSlug); 53 $book = $this->bookRepo->getBySlug($bookSlug);
54 $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null; 54 $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
55 $parent = $chapter ? $chapter : $book; 55 $parent = $chapter ? $chapter : $book;
56 $this->checkOwnablePermission('page-create', $parent); 56 $this->checkOwnablePermission('page-create', $parent);
57 +
58 + // Redirect to draft edit screen if signed in
59 + if ($this->signedIn) {
60 + $draft = $this->pageRepo->getDraftPage($book, $chapter);
61 + return redirect($draft->getUrl());
62 + }
63 +
64 + // Otherwise show edit view
57 $this->setPageTitle('Create New Page'); 65 $this->setPageTitle('Create New Page');
66 + return view('pages/guest-create', ['parent' => $parent]);
67 + }
58 68
59 - $draft = $this->pageRepo->getDraftPage($book, $chapter); 69 + /**
60 - return redirect($draft->getUrl()); 70 + * Create a new page as a guest user.
71 + * @param Request $request
72 + * @param string $bookSlug
73 + * @param string|null $chapterSlug
74 + * @return mixed
75 + * @throws NotFoundException
76 + */
77 + public function createAsGuest(Request $request, $bookSlug, $chapterSlug = null)
78 + {
79 + $this->validate($request, [
80 + 'name' => 'required|string|max:255'
81 + ]);
82 +
83 + $book = $this->bookRepo->getBySlug($bookSlug);
84 + $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
85 + $parent = $chapter ? $chapter : $book;
86 + $this->checkOwnablePermission('page-create', $parent);
87 +
88 + $page = $this->pageRepo->getDraftPage($book, $chapter);
89 + $this->pageRepo->publishDraft($page, [
90 + 'name' => $request->get('name'),
91 + 'html' => ''
92 + ]);
93 + return redirect($page->getUrl('/edit'));
61 } 94 }
62 95
63 /** 96 /**
...@@ -183,7 +216,13 @@ class PageController extends Controller ...@@ -183,7 +216,13 @@ class PageController extends Controller
183 216
184 if (count($warnings) > 0) session()->flash('warning', implode("\n", $warnings)); 217 if (count($warnings) > 0) session()->flash('warning', implode("\n", $warnings));
185 218
186 - return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]); 219 + $draftsEnabled = $this->signedIn;
220 + return view('pages/edit', [
221 + 'page' => $page,
222 + 'book' => $book,
223 + 'current' => $page,
224 + 'draftsEnabled' => $draftsEnabled
225 + ]);
187 } 226 }
188 227
189 /** 228 /**
...@@ -216,6 +255,14 @@ class PageController extends Controller ...@@ -216,6 +255,14 @@ class PageController extends Controller
216 { 255 {
217 $page = $this->pageRepo->getById($pageId, true); 256 $page = $this->pageRepo->getById($pageId, true);
218 $this->checkOwnablePermission('page-update', $page); 257 $this->checkOwnablePermission('page-update', $page);
258 +
259 + if (!$this->signedIn) {
260 + return response()->json([
261 + 'status' => 'error',
262 + 'message' => 'Guests cannot save drafts',
263 + ], 500);
264 + }
265 +
219 if ($page->draft) { 266 if ($page->draft) {
220 $draft = $this->pageRepo->updateDraftPage($page, $request->only(['name', 'html', 'markdown'])); 267 $draft = $this->pageRepo->updateDraftPage($page, $request->only(['name', 'html', 'markdown']));
221 } else { 268 } else {
......
...@@ -300,6 +300,7 @@ module.exports = function (ngApp, events) { ...@@ -300,6 +300,7 @@ module.exports = function (ngApp, events) {
300 var isEdit = pageId !== 0; 300 var isEdit = pageId !== 0;
301 var autosaveFrequency = 30; // AutoSave interval in seconds. 301 var autosaveFrequency = 30; // AutoSave interval in seconds.
302 var isMarkdown = $attrs.editorType === 'markdown'; 302 var isMarkdown = $attrs.editorType === 'markdown';
303 + $scope.draftsEnabled = $attrs.draftsEnabled === 'true';
303 $scope.isUpdateDraft = Number($attrs.pageUpdateDraft) === 1; 304 $scope.isUpdateDraft = Number($attrs.pageUpdateDraft) === 1;
304 $scope.isNewPageDraft = Number($attrs.pageNewDraft) === 1; 305 $scope.isNewPageDraft = Number($attrs.pageNewDraft) === 1;
305 306
...@@ -317,7 +318,7 @@ module.exports = function (ngApp, events) { ...@@ -317,7 +318,7 @@ module.exports = function (ngApp, events) {
317 html: false 318 html: false
318 }; 319 };
319 320
320 - if (isEdit) { 321 + if (isEdit && $scope.draftsEnabled) {
321 setTimeout(() => { 322 setTimeout(() => {
322 startAutoSave(); 323 startAutoSave();
323 }, 1000); 324 }, 1000);
...@@ -366,6 +367,7 @@ module.exports = function (ngApp, events) { ...@@ -366,6 +367,7 @@ module.exports = function (ngApp, events) {
366 * Save a draft update into the system via an AJAX request. 367 * Save a draft update into the system via an AJAX request.
367 */ 368 */
368 function saveDraft() { 369 function saveDraft() {
370 + if (!$scope.draftsEnabled) return;
369 var data = { 371 var data = {
370 name: $('#name').val(), 372 name: $('#name').val(),
371 html: isMarkdown ? $sce.getTrustedHtml($scope.displayContent) : $scope.editContent 373 html: isMarkdown ? $sce.getTrustedHtml($scope.displayContent) : $scope.editContent
......
...@@ -23,10 +23,4 @@ ...@@ -23,10 +23,4 @@
23 @include('partials/image-manager', ['imageType' => 'gallery', 'uploaded_to' => $page->id]) 23 @include('partials/image-manager', ['imageType' => 'gallery', 'uploaded_to' => $page->id])
24 @include('partials/entity-selector-popup') 24 @include('partials/entity-selector-popup')
25 25
26 - <script>
27 - (function() {
28 -
29 - })();
30 - </script>
31 -
32 @stop 26 @stop
...\ No newline at end of file ...\ No newline at end of file
......
1 1
2 -<div class="page-editor flex-fill flex" ng-controller="PageEditController" editor-type="{{ setting('app-editor') }}" page-id="{{ $model->id or 0 }}" page-new-draft="{{ $model->draft or 0 }}" page-update-draft="{{ $model->isDraft or 0 }}"> 2 +<div class="page-editor flex-fill flex" ng-controller="PageEditController" drafts-enabled="{{ $draftsEnabled ? 'true' : 'false' }}" editor-type="{{ setting('app-editor') }}" page-id="{{ $model->id or 0 }}" page-new-draft="{{ $model->draft or 0 }}" page-update-draft="{{ $model->isDraft or 0 }}">
3 3
4 {{ csrf_field() }} 4 {{ csrf_field() }}
5 +
6 + {{--Header Bar--}}
5 <div class="faded-small toolbar"> 7 <div class="faded-small toolbar">
6 <div class="container"> 8 <div class="container">
7 <div class="row"> 9 <div class="row">
...@@ -13,7 +15,7 @@ ...@@ -13,7 +15,7 @@
13 </div> 15 </div>
14 <div class="col-sm-4 faded text-center"> 16 <div class="col-sm-4 faded text-center">
15 17
16 - <div dropdown class="dropdown-container draft-display"> 18 + <div ng-show="draftsEnabled" dropdown class="dropdown-container draft-display">
17 <a dropdown-toggle class="text-primary text-button"><span class="faded-text" ng-bind="draftText"></span>&nbsp; <i class="zmdi zmdi-more-vert"></i></a> 19 <a dropdown-toggle class="text-primary text-button"><span class="faded-text" ng-bind="draftText"></span>&nbsp; <i class="zmdi zmdi-more-vert"></i></a>
18 <i class="zmdi zmdi-check-circle text-pos draft-notification" ng-class="{visible: draftUpdated}"></i> 20 <i class="zmdi zmdi-check-circle text-pos draft-notification" ng-class="{visible: draftUpdated}"></i>
19 <ul> 21 <ul>
...@@ -48,13 +50,17 @@ ...@@ -48,13 +50,17 @@
48 </div> 50 </div>
49 </div> 51 </div>
50 52
53 + {{--Title input--}}
51 <div class="title-input page-title clearfix" ng-non-bindable> 54 <div class="title-input page-title clearfix" ng-non-bindable>
52 <div class="input"> 55 <div class="input">
53 @include('form/text', ['name' => 'name', 'placeholder' => 'Page Title']) 56 @include('form/text', ['name' => 'name', 'placeholder' => 'Page Title'])
54 </div> 57 </div>
55 </div> 58 </div>
56 59
60 + {{--Editors--}}
57 <div class="edit-area flex-fill flex"> 61 <div class="edit-area flex-fill flex">
62 +
63 + {{--WYSIWYG Editor--}}
58 @if(setting('app-editor') === 'wysiwyg') 64 @if(setting('app-editor') === 'wysiwyg')
59 <div tinymce="editorOptions" mce-change="editorChange" mce-model="editContent" class="flex-fill flex"> 65 <div tinymce="editorOptions" mce-change="editorChange" mce-model="editContent" class="flex-fill flex">
60 <textarea id="html-editor" name="html" rows="5" ng-non-bindable 66 <textarea id="html-editor" name="html" rows="5" ng-non-bindable
...@@ -66,6 +72,7 @@ ...@@ -66,6 +72,7 @@
66 @endif 72 @endif
67 @endif 73 @endif
68 74
75 + {{--Markdown Editor--}}
69 @if(setting('app-editor') === 'markdown') 76 @if(setting('app-editor') === 'markdown')
70 <div id="markdown-editor" markdown-editor class="flex-fill flex"> 77 <div id="markdown-editor" markdown-editor class="flex-fill flex">
71 78
...@@ -102,7 +109,7 @@ ...@@ -102,7 +109,7 @@
102 @if($errors->has('markdown')) 109 @if($errors->has('markdown'))
103 <div class="text-neg text-small">{{ $errors->first('markdown') }}</div> 110 <div class="text-neg text-small">{{ $errors->first('markdown') }}</div>
104 @endif 111 @endif
105 -
106 @endif 112 @endif
113 +
107 </div> 114 </div>
108 </div> 115 </div>
...\ No newline at end of file ...\ No newline at end of file
......
1 +@extends('base')
2 +
3 +@section('content')
4 +
5 + <div class="container small" ng-non-bindable>
6 + <h1>Create Page</h1>
7 + <form action="{{ $parent->getUrl('/page/create/guest') }}" method="POST">
8 +
9 + {!! csrf_field() !!}
10 +
11 + <div class="form-group title-input">
12 + <label for="name">Page Name</label>
13 + @include('form/text', ['name' => 'name'])
14 + </div>
15 +
16 + <div class="form-group">
17 + <a href="{{ $parent->getUrl() }}" class="button muted">Cancel</a>
18 + <button type="submit" class="button pos">Continue</button>
19 + </div>
20 +
21 + </form>
22 + </div>
23 +
24 +
25 +@stop
...\ No newline at end of file ...\ No newline at end of file
...@@ -27,6 +27,7 @@ Route::group(['middleware' => 'auth'], function () { ...@@ -27,6 +27,7 @@ Route::group(['middleware' => 'auth'], function () {
27 27
28 // Pages 28 // Pages
29 Route::get('/{bookSlug}/page/create', 'PageController@create'); 29 Route::get('/{bookSlug}/page/create', 'PageController@create');
30 + Route::post('/{bookSlug}/page/create/guest', 'PageController@createAsGuest');
30 Route::get('/{bookSlug}/draft/{pageId}', 'PageController@editDraft'); 31 Route::get('/{bookSlug}/draft/{pageId}', 'PageController@editDraft');
31 Route::post('/{bookSlug}/draft/{pageId}', 'PageController@store'); 32 Route::post('/{bookSlug}/draft/{pageId}', 'PageController@store');
32 Route::get('/{bookSlug}/page/{pageSlug}', 'PageController@show'); 33 Route::get('/{bookSlug}/page/{pageSlug}', 'PageController@show');
...@@ -52,6 +53,7 @@ Route::group(['middleware' => 'auth'], function () { ...@@ -52,6 +53,7 @@ Route::group(['middleware' => 'auth'], function () {
52 53
53 // Chapters 54 // Chapters
54 Route::get('/{bookSlug}/chapter/{chapterSlug}/create-page', 'PageController@create'); 55 Route::get('/{bookSlug}/chapter/{chapterSlug}/create-page', 'PageController@create');
56 + Route::post('/{bookSlug}/chapter/{chapterSlug}/page/create/guest', 'PageController@createAsGuest');
55 Route::get('/{bookSlug}/chapter/create', 'ChapterController@create'); 57 Route::get('/{bookSlug}/chapter/create', 'ChapterController@create');
56 Route::post('/{bookSlug}/chapter/create', 'ChapterController@store'); 58 Route::post('/{bookSlug}/chapter/create', 'ChapterController@store');
57 Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show'); 59 Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show');
......