1 package BSE::Edit::Article;
3 use base qw(BSE::Edit::Base);
4 use BSE::Util::Tags qw(tag_error_img tag_article tag_object);
5 use BSE::Util::SQL qw(now_sqldate now_sqldatetime);
7 use BSE::Util::HTML qw(:default popup_menu);
9 use BSE::CfgInfo qw(custom_class admin_base_url cfg_image_dir cfg_dist_image_uri cfg_image_uri);
10 use BSE::Util::Iterate;
12 use BSE::Util::ContentType qw(content_type);
13 use BSE::Regen 'generate_article';
14 use DevHelp::Date qw(dh_parse_date dh_parse_sql_date);
15 use List::Util qw(first);
16 use constant MAX_FILE_DISPLAYNAME_LENGTH => 255;
17 use constant ARTICLE_CUSTOM_FIELDS_CFG => "article custom fields";
19 our $VERSION = "1.055";
23 BSE::Edit::Article - editing functionality for BSE articles
27 Provides the base article editing functionality.
29 This is badly organized and documented.
38 my ($self, $req) = @_;
41 # AJAX/Prototype request
42 return $req->json_content
46 message => "Access forbidden: user not logged on",
48 error_code => "LOGON",
52 elsif ($req->cgi->param('_service')) {
55 content => 'Access Forbidden: login timed out',
57 "Status: 403", # forbidden
62 BSE::Template->get_refresh($req->url('logon'), $req->cfg);
66 sub article_dispatch {
67 my ($self, $req, $article, $articles) = @_;
69 BSE::Permissions->check_logon($req)
70 or return $self->not_logged_on($req);
74 my %actions = $self->article_actions;
75 for my $check (keys %actions) {
76 if ($cgi->param($check) || $cgi->param("$check.x")) {
83 ($action, @extraargs) = $self->other_article_actions($cgi);
86 my $method = $actions{$action};
87 return $self->$method($req, $article, $articles, @extraargs);
90 sub noarticle_dispatch {
91 my ($self, $req, $articles) = @_;
93 BSE::Permissions->check_logon($req)
94 or return BSE::Template->get_refresh($req->url('logon'), $req->cfg);
97 my $article = $self->_dummy_article($req, $articles, \$mymsg);
99 require BSE::Edit::Site;
100 my $site = BSE::Edit::Site->new(cfg=>$req->cfg, db=> BSE::DB->single);
101 return $site->edit_sections($req, $articles, $mymsg);
106 my %actions = $self->noarticle_actions;
107 for my $check (keys %actions) {
108 if ($cgi->param($check) || $cgi->param("$check.x")) {
113 my $method = $actions{$action};
114 return $self->$method($req, $article, $articles);
117 sub article_actions {
124 add_stepkid => 'add_stepkid',
125 del_stepkid => 'del_stepkid',
126 save_stepkids => 'save_stepkids',
127 add_stepparent => 'add_stepparent',
128 del_stepparent => 'del_stepparent',
129 save_stepparents => 'save_stepparents',
130 artimg => 'save_image_changes',
131 addimg => 'add_image',
132 a_edit_image => 'req_edit_image',
133 a_save_image => 'req_save_image',
134 a_order_images => 'req_order_images',
136 showimages => 'show_images',
137 process => 'save_image_changes',
138 removeimg => 'remove_img',
139 moveimgup => 'move_img_up',
140 moveimgdown => 'move_img_down',
141 filelist => 'filelist',
142 fileadd => 'fileadd',
143 fileswap => 'fileswap',
144 filedel => 'filedel',
145 filesave => 'filesave',
146 a_edit_file => 'req_edit_file',
147 a_save_file => 'req_save_file',
150 a_thumb => 'req_thumb',
151 a_ajax_get => 'req_ajax_get',
152 a_ajax_save_body => 'req_ajax_save_body',
153 a_ajax_set => 'req_ajax_set',
154 a_filemeta => 'req_filemeta',
155 a_csrfp => 'req_csrfp',
156 a_tree => 'req_tree',
157 a_article => 'req_article',
158 a_config => 'req_config',
159 a_restepkid => 'req_restepkid',
163 sub other_article_actions {
164 my ($self, $cgi) = @_;
166 for my $param ($cgi->param) {
167 if ($param =~ /^removeimg_(\d+)(\.x)?$/) {
168 return ('removeimg', $1 );
175 sub noarticle_actions {
180 a_csrfp => 'req_csrfp',
181 a_config => 'req_config',
186 my ($self, $parentid, $articles) = @_;
188 if ($parentid == -1) {
192 title=>'All Sections',
199 return $articles->getByPkey($parentid);
204 my ($object, $args) = @_;
206 my $value = $object->{$args};
207 defined $value or $value = '';
208 if ($value =~ /\cJ/ && $value =~ /\cM/) {
215 my ($object, $args) = @_;
217 my $value = $object->{$args};
218 defined $value or $value = '';
219 if ($value =~ /\cJ/ && $value =~ /\cM/) {
222 escape_html($value, '<>&"');
226 my ($level, $cfg) = @_;
228 escape_html($cfg->entry('level names', $level, 'Article'));
237 sub reparent_updown {
241 sub should_be_catalog {
242 my ($self, $article, $parent, $articles) = @_;
244 if ($article->{parentid} && (!$parent || $parent->{id} != $article->{parentid})) {
245 $parent = $articles->getByPkey($article->{id});
248 my $shopid = $self->cfg->entryErr('articles', 'shop');
250 return $article->{parentid} && $parent &&
251 ($article->{parentid} == $shopid ||
252 $parent->{generator} eq 'BSE::Generate::Catalog');
255 sub possible_parents {
256 my ($self, $article, $articles, $req) = @_;
261 my $shopid = $self->cfg->entryErr('articles', 'shop');
262 my @parents = $articles->getBy('level', $article->{level}-1);
263 @parents = grep { $_->{generator} eq 'BSE::Generate::Article'
264 && $_->{id} != $shopid } @parents;
266 # user can only select parent they can add to
267 @parents = grep $req->user_can('edit_add_child', $_), @parents;
269 @values = ( map {$_->{id}} @parents );
270 %labels = ( map { $_->{id} => "$_->{title} ($_->{id})" } @parents );
272 if ($article->{level} == 1 && $req->user_can('edit_add_child')) {
274 $labels{-1} = "No parent - this is a section";
277 if ($article->{id} && $self->reparent_updown($article)) {
278 # we also list the siblings and grandparent (if any)
279 my @siblings = grep $_->{id} != $article->{id} && $_->{id} != $shopid,
280 $articles->getBy(parentid => $article->{parentid});
281 @siblings = grep $req->user_can('edit_add_child', $_), @siblings;
282 push @values, map $_->{id}, @siblings;
283 @labels{map $_->{id}, @siblings} =
284 map { "-- move down a level -- $_->{title} ($_->{id})" } @siblings;
286 if ($article->{parentid} != -1) {
287 my $parent = $articles->getByPkey($article->{parentid});
288 if ($parent->{parentid} != -1) {
289 my $gparent = $articles->getByPkey($parent->{parentid});
290 if ($req->user_can('edit_add_child', $gparent)) {
291 push @values, $gparent->{id};
292 $labels{$gparent->{id}} =
293 "-- move up a level -- $gparent->{title} ($gparent->{id})";
297 if ($req->user_can('edit_add_child')) {
299 $labels{-1} = $req->catmsg("msg:bse/admin/edit/uplabelsect");
305 return (\@values, \%labels);
309 my ($self, $article, $articles, $cgi, $req, $what) = @_;
311 if ($what eq 'listed') {
312 my @values = qw(0 1);
313 my %labels = ( 0=>"No", 1=>"Yes");
314 if ($article->{level} <= 2) {
315 $labels{2} = "In Sections, but not menu";
319 $labels{2} = "In content, but not menus";
322 return popup_menu(-name=>'listed',
325 -default=>$article->{listed});
328 my ($values, $labels) = $self->possible_parents($article, $articles, $req);
330 if (defined $article->{parentid}) {
331 $html = popup_menu(-name=>'parentid',
334 -default => $article->{parentid},
338 $html = popup_menu(-name=>'parentid',
344 # munge the html - we display a default value, so we need to wrap the
345 # default <select /> around this one
346 $html =~ s!^<select[^>]+>|</select>!!gi;
352 my ($arg, $acts, $funcname, $templater) = @_;
353 my ($func, $args) = split ' ', $arg, 2;
354 return $templater->perform($acts, $func, $args) ? 'checked' : '';
357 sub iter_get_images {
358 my ($self, $article) = @_;
360 $article->{id} or return;
361 $self->get_images($article);
365 my ($article, $articles) = @_;
368 $article->{id} or return;
369 if (UNIVERSAL::isa($article, 'BSE::TB::Article')) {
370 @children = $article->children;
372 elsif ($article->{id}) {
373 @children = $articles->children($article->{id});
376 return sort { $b->{displayOrder} <=> $a->{displayOrder} } @children;
379 sub tag_if_have_child_type {
380 my ($level, $cfg) = @_;
382 defined $cfg->entry("level names", $level+1);
386 my ($args, $acts, $isname, $templater) = @_;
388 my ($func, $funcargs) = split ' ', $args, 2;
389 return $templater->perform($acts, $func, $funcargs) ? 'Yes' : 'No';
392 sub default_template {
393 my ($self, $article, $cfg, $templates) = @_;
395 if ($article->{parentid}) {
396 my $template = $cfg->entry("children of $article->{parentid}", "template");
398 if $template && grep $_ eq $template, @$templates;
400 if ($article->{level}) {
401 my $template = $cfg->entry("level $article->{level}", "template");
403 if $template && grep $_ eq $template, @$templates;
405 return $templates->[0];
409 my ($self, $article, $cfg, $cgi) = @_;
411 my @templates = sort { $a->{name} cmp $b->{name} } $self->templates_long($article);
413 if ($article->{template} && grep $_->{name} eq $article->{template}, @templates) {
414 $default = $article->{template};
417 my @template_names = map $_->{name}, @templates;
418 $default = $self->default_template($article, $cfg, \@template_names);
425 $_->{name} eq $_->{description}
427 : "$_->{description} ($_->{name})"
430 return popup_menu(-name => 'template',
431 -values => [ map $_->{name}, @templates ],
433 -default => $default,
438 my ($self, $article) = @_;
441 my $imagedir = cfg_image_dir($self->cfg);
442 if (opendir TITLE_IMAGES, "$imagedir/titles") {
444 grep -f "$imagedir/titles/$_" && /\.(gif|jpeg|jpg|png)$/i,
445 readdir TITLE_IMAGES;
446 closedir TITLE_IMAGES;
452 sub tag_title_images {
453 my ($self, $article, $cfg, $cgi) = @_;
455 my @images = $self->title_images($article);
456 my @values = ( '', @images );
457 my %labels = ( '' => 'None', map { $_ => $_ } @images );
459 popup_menu(-name=>'titleImage',
462 -default=>$article->{id} ? $article->{titleImage} : '',
466 sub base_template_dirs {
471 my ($self, $article) = @_;
473 my @dirs = $self->base_template_dirs;
474 if (my $parentid = $article->{parentid}) {
475 my $section = "children of $parentid";
476 if (my $dirs = $self->cfg->entry($section, 'template_dirs')) {
477 push @dirs, split /,/, $dirs;
480 if (my $id = $article->{id}) {
481 my $section = "article $id";
482 if (my $dirs = $self->{cfg}->entry($section, 'template_dirs')) {
483 push @dirs, split /,/, $dirs;
486 if ($article->{level}) {
487 push @dirs, $article->{level};
488 my $dirs = $self->{cfg}->entry("level $article->{level}", 'template_dirs');
489 push @dirs, split /,/, $dirs if $dirs;
496 my ($self, $article) = @_;
498 my @dirs = $self->template_dirs($article);
500 my @basedirs = BSE::Template->template_dirs($self->{cfg});
501 for my $basedir (@basedirs) {
502 for my $dir (@dirs) {
503 my $path = File::Spec->catdir($basedir, $dir);
505 if (opendir TEMPLATE_DIR, $path) {
506 push(@templates, sort map "$dir/$_",
507 grep -f "$path/$_" && /\.(tmpl|html)$/i, readdir TEMPLATE_DIR);
508 closedir TEMPLATE_DIR;
514 # eliminate any dups, and order it nicely
516 @templates = sort { lc($a) cmp lc($b) }
517 grep !$seen{$_}++, @templates;
519 return (@templates, $self->extra_templates($article));
522 sub extra_templates {
523 my ($self, $article) = @_;
525 my $basedir = $self->{cfg}->entryVar('paths', 'templates');
527 if (my $id = $article->{id}) {
528 push @templates, 'index.tmpl'
529 if $id == 1 && -f "$basedir/index.html";
530 push @templates, 'index2.tmpl'
531 if $id == 2 && -f "$basedir/index2.html";
532 my $shopid = $self->{cfg}->entryErr('articles', 'shop');
533 push @templates, "shop_sect.tmpl"
534 if $id == $shopid && -f "$basedir/shop_sect.tmpl";
535 my $section = "article $id";
536 my $extras = $self->{cfg}->entry($section, 'extra_templates');
537 push @templates, grep /\.(tmpl|html)$/i, split /,/, $extras
545 my ($self, $articles) = @_;
547 return $articles->categories;
553 return '' unless $article->{id} && $article->{id} != -1;
555 <a href="$ENV{SCRIPT_NAME}?id=$article->{parentid}">Edit parent</a> |
562 return unless $article->{id} && $article->{id} > 0;
566 sub _load_step_kids {
567 my ($article, $step_kids) = @_;
569 require BSE::TB::OtherParents;
570 my @stepkids = BSE::TB::OtherParents->getBy(parentId=>$article->{id}) if $article->{id};
571 %$step_kids = map { $_->{childId} => $_ } @stepkids;
572 $step_kids->{loaded} = 1;
575 sub tag_if_step_kid {
576 my ($article, $allkids, $rallkid_index, $step_kids) = @_;
578 _load_step_kids($article, $step_kids) unless $step_kids->{loaded};
580 my $kid = $allkids->[$$rallkid_index]
582 exists $step_kids->{$kid->{id}};
586 my ($article, $allkids, $rallkid_index, $step_kids, $arg) = @_;
588 _load_step_kids($article, $step_kids) unless $step_kids->{loaded};
590 my $kid = $allkids->[$$rallkid_index]
592 my $step_kid = $step_kids->{$kid->{id}}
595 #print STDERR "found kid (want $arg): ", Dumper($kid), Dumper($step_kid);
596 escape_html($step_kid->{$arg});
599 sub tag_move_stepkid {
600 my ($self, $cgi, $req, $article, $allkids, $rallkids_index, $arg,
601 $acts, $funcname, $templater) = @_;
603 $req->user_can(edit_reorder_children => $article)
606 @$allkids > 1 or return '';
608 my ($img_prefix, $urladd) = DevHelp::Tags->get_parms($arg, $acts, $templater);
609 $img_prefix = '' unless defined $img_prefix;
610 $urladd = '' unless defined $urladd;
612 my $cgi_uri = $self->{cfg}->entry('uri', 'cgi', '/cgi-bin');
613 my $url = $ENV{SCRIPT_NAME} . "?id=$article->{id}";
614 if ($cgi->param('_t')) {
615 $url .= "&_t=".$cgi->param('_t');
620 if ($$rallkids_index < $#$allkids) {
621 $down_url = "$cgi_uri/admin/move.pl?stepparent=$article->{id}&d=swap&id=$allkids->[$$rallkids_index]{id}&other=$allkids->[$$rallkids_index+1]{id}";
624 if ($$rallkids_index > 0) {
625 $up_url = "$cgi_uri/admin/move.pl?stepparent=$article->{id}&d=swap&id=$allkids->[$$rallkids_index]{id}&other=$allkids->[$$rallkids_index-1]{id}";
628 return make_arrows($req->cfg, $down_url, $up_url, $url, $img_prefix);
631 sub possible_stepkids {
632 my ($req, $article, $articles, $stepkids) = @_;
634 $req->user_can(edit_stepkid_add => $article)
640 my @possible = sort { lc $a->{title} cmp lc $b->{title} }
641 $article->possible_stepchildren;
642 if ($req->access_control && $req->cfg->entry('basic', 'access_filter_steps', 0)) {
643 @possible = grep $req->user_can(edit_stepparent_add => $_->{id}), @possible;
648 sub tag_possible_stepkids {
649 my ($step_kids, $req, $article, $possstepkids, $articles, $cgi) = @_;
651 _load_step_kids($article, $step_kids) unless $step_kids->{loaded};
652 @$possstepkids = possible_stepkids($req, $article, $articles, $step_kids)
653 unless @$possstepkids;
654 my %labels = map { $_->{id} => "$_->{title} ($_->{id})" } @$possstepkids;
656 popup_menu(-name=>'stepkid',
657 -values=> [ map $_->{id}, @$possstepkids ],
658 -labels => \%labels);
661 sub tag_if_possible_stepkids {
662 my ($step_kids, $req, $article, $possstepkids, $articles, $cgi) = @_;
664 _load_step_kids($article, $step_kids) unless $step_kids->{loaded};
665 @$possstepkids = possible_stepkids($req, $article, $articles, $step_kids)
666 unless @$possstepkids;
671 sub iter_get_stepparents {
674 return unless $article->{id} && $article->{id} > 0;
676 require BSE::TB::OtherParents;
677 BSE::TB::OtherParents->getBy(childId=>$article->{id});
680 sub tag_ifStepParents {
681 my ($args, $acts, $funcname, $templater) = @_;
683 return $templater->perform($acts, 'ifStepparents', '');
686 sub tag_stepparent_targ {
687 my ($article, $targs, $rindex, $arg) = @_;
689 if ($article->{id} && $article->{id} > 0 && !@$targs) {
690 @$targs = $article->step_parents;
692 escape_html($targs->[$$rindex]{$arg});
695 sub tag_move_stepparent {
696 my ($self, $cgi, $req, $article, $stepparents, $rindex, $arg,
697 $acts, $funcname, $templater) = @_;
699 $req->user_can(edit_reorder_stepparents => $article)
702 @$stepparents > 1 or return '';
704 my ($img_prefix, $urladd) = DevHelp::Tags->get_parms($arg, $acts, $templater);
705 $img_prefix = '' unless defined $img_prefix;
706 $urladd = '' unless defined $urladd;
708 my $cgi_uri = $self->{cfg}->entry('uri', 'cgi', '/cgi-bin');
709 my $images_uri = cfg_dist_image_uri();
711 my $url = $ENV{SCRIPT_NAME} . "?id=$article->{id}";
712 if ($cgi->param('_t')) {
713 $url .= "&_t=".$cgi->param('_t');
716 $url .= "#stepparents";
717 my $blank = qq!<img src="$images_uri/trans_pixel.gif" width="17" height="13" border="0" align="absbottom" alt="" />!;
719 if ($$rindex < $#$stepparents) {
720 $down_url = "$cgi_uri/admin/move.pl?stepchild=$article->{id}&id=$stepparents->[$$rindex]{parentId}&d=swap&other=$stepparents->[$$rindex+1]{parentId}";
724 $up_url = "$cgi_uri/admin/move.pl?stepchild=$article->{id}&id=$stepparents->[$$rindex]{parentId}&d=swap&other=$stepparents->[$$rindex-1]{parentId}";
727 return make_arrows($req->cfg, $down_url, $up_url, $url, $img_prefix);
730 sub _stepparent_possibles {
731 my ($req, $article, $articles, $targs) = @_;
733 $req->user_can(edit_stepparent_add => $article)
739 @$targs = $article->step_parents unless @$targs;
740 my %targs = map { $_->{id}, 1 } @$targs;
741 my @possibles = $article->possible_stepparents;
742 if ($req->access_control && $req->cfg->entry('basic', 'access_filter_steps', 0)) {
743 @possibles = grep $req->user_can(edit_stepkid_add => $_->{id}), @possibles;
745 @possibles = sort { lc $a->{title} cmp lc $b->{title} } @possibles;
750 sub tag_if_stepparent_possibles {
751 my ($req, $article, $articles, $targs, $possibles) = @_;
753 if ($article->{id} && $article->{id} > 0 && !@$possibles) {
754 @$possibles = _stepparent_possibles($req, $article, $articles, $targs);
759 sub tag_stepparent_possibles {
760 my ($cgi, $req, $article, $articles, $targs, $possibles) = @_;
762 if ($article->{id} && $article->{id} > 0 && !@$possibles) {
763 @$possibles = _stepparent_possibles($req, $article, $articles, $targs);
765 popup_menu(-name=>'stepparent',
766 -values => [ map $_->{id}, @$possibles ],
767 -labels => { map { $_->{id}, "$_->{title} ($_->{id})" }
772 my ($self, $article) = @_;
774 return $self->get_files($article);
778 my ($self, $article) = @_;
780 return unless $article->{id} && $article->{id} > 0;
782 return $article->files;
785 sub tag_edit_parent {
788 return '' unless $article->{id} && $article->{id} != -1;
791 <a href="$ENV{SCRIPT_NAME}?id=$article->{parentid}">Edit parent</a> |
795 sub tag_if_children {
796 my ($args, $acts, $funcname, $templater) = @_;
798 return $templater->perform($acts, 'ifChildren', '');
802 my ($self, $req, $article, $kids, $rindex, $arg,
803 $acts, $funcname, $templater) = @_;
805 $req->user_can('edit_reorder_children', $article)
808 @$kids > 1 or return '';
810 $$rindex >=0 && $$rindex < @$kids
811 or return '** movechild can only be used in the children iterator **';
813 my ($img_prefix, $urladd) = DevHelp::Tags->get_parms($arg, $acts, $templater);
814 $img_prefix = '' unless defined $img_prefix;
815 $urladd = '' unless defined $urladd;
817 my $cgi_uri = $self->{cfg}->entry('uri', 'cgi', '/cgi-bin');
818 my $images_uri = cfg_dist_image_uri();
819 my $urlbase = admin_base_url($req->cfg);
820 my $refresh_url = "$urlbase$ENV{SCRIPT_NAME}?id=$article->{id}";
821 my $t = $req->cgi->param('_t');
822 if ($t && $t =~ /^\w+$/) {
823 $refresh_url .= "&_t=$t";
826 $refresh_url .= $urladd;
828 my $id = $kids->[$$rindex]{id};
830 if ($$rindex < $#$kids) {
831 $down_url = "$cgi_uri/admin/move.pl?id=$id&d=down&edit=1&all=1";
835 $up_url = "$cgi_uri/admin/move.pl?id=$id&d=up&edit=1&all=1"
838 return make_arrows($req->cfg, $down_url, $up_url, $refresh_url, $img_prefix);
842 my ($self, $articles, $article) = @_;
844 my @cats = $self->categories($articles);
846 my %labels = map { $_->{id}, $_->{name} } @cats;
848 return popup_menu(-name => 'category',
849 -values => [ map $_->{id}, @cats ],
851 -default => $article->{category});
855 my ($cfg, $article, $args, $acts, $funcname, $templater) = @_;
856 my ($which, $name) = split / /, $args, 2;
860 && ($gen_class = $templater->perform($acts, $which, 'generator'))) {
861 eval "use $gen_class";
863 my $gen = $gen_class->new(top => $article, cfg => $cfg);
864 my $link = $gen->edit_link($templater->perform($acts, $which, 'id'));
865 return qq!<a href="$link">$name</a>!;
872 my ($req, $article, $rindex, $images, $arg,
873 $acts, $funcname, $templater) = @_;
875 $req->user_can(edit_images_reorder => $article)
878 @$images > 1 or return '';
880 $$rindex >= 0 && $$rindex < @$images
881 or return '** imgmove can only be used in image iterator **';
883 my ($img_prefix, $urladd) = DevHelp::Tags->get_parms($arg, $acts, $templater);
884 $img_prefix = '' unless defined $img_prefix;
885 $urladd = '' unless defined $urladd;
887 my $urlbase = admin_base_url($req->cfg);
888 my $url = "$urlbase$ENV{SCRIPT_NAME}?id=$article->{id}";
889 my $t = $req->cgi->param('_t');
890 if ($t && $t =~ /^\w+$/) {
895 my $image = $images->[$$rindex];
896 my $csrfp = $req->get_csrf_token("admin_move_image");
897 my $baseurl = "$ENV{SCRIPT_NAME}?id=$article->{id}&imageid=$image->{id}&";
898 $baseurl .= "_csrfp=$csrfp&";
900 if ($$rindex < $#$images) {
901 $down_url = $baseurl . "moveimgdown=1";
905 $up_url = $baseurl . "moveimgup=1";
907 return make_arrows($req->cfg, $down_url, $up_url, $url, $img_prefix);
911 my ($self, $req, $article, $files, $rindex, $arg,
912 $acts, $funcname, $templater) = @_;
914 $req->user_can('edit_files_reorder', $article)
917 @$files > 1 or return '';
919 my ($img_prefix, $urladd) = DevHelp::Tags->get_parms($arg, $acts, $templater);
920 $img_prefix = '' unless defined $img_prefix;
921 $urladd = '' unless defined $urladd;
923 $$rindex >= 0 && $$rindex < @$files
924 or return '** movefiles can only be used in the files iterator **';
926 my $urlbase = admin_base_url($req->cfg);
927 my $url = "$urlbase$ENV{SCRIPT_NAME}?id=$article->{id}$urladd";
928 my $t = $req->cgi->param('_t');
929 if ($t && $t =~ /^\w+$/) {
934 my $csrfp = $req->get_csrf_token("admin_move_file");
935 my $baseurl = "$ENV{SCRIPT_NAME}?fileswap=1&id=$article->{id}&";
936 $baseurl .= "_csrfp=$csrfp&";
937 if ($$rindex < $#$files) {
938 $down_url = $baseurl . "file1=$files->[$$rindex]{id}&file2=$files->[$$rindex+1]{id}";
942 $up_url = $baseurl . "file1=$files->[$$rindex]{id}&file2=$files->[$$rindex-1]{id}";
945 return make_arrows($req->cfg, $down_url, $up_url, $url, $img_prefix);
949 my ($article, $cgi, $args, $acts, $funcname, $templater) = @_;
951 my ($col, $func, $funcargs) = split ' ', $args, 3;
952 my $value = $cgi->param($col);
953 if (defined $value) {
954 return escape_html($value);
958 return $templater->perform($acts, $func, $funcargs);
961 $value = $article->{$args};
962 defined $value or $value = '';
963 return escape_html($value);
968 sub iter_admin_users {
969 require BSE::TB::AdminUsers;
971 BSE::TB::AdminUsers->all;
974 sub iter_admin_groups {
975 require BSE::TB::AdminGroups;
977 BSE::TB::AdminGroups->all;
980 sub tag_if_field_perm {
981 my ($req, $article, $field) = @_;
983 unless ($field =~ /^\w+$/) {
984 print STDERR "Bad fieldname '$field'\n";
987 if ($article->{id}) {
988 return $req->user_can("edit_field_edit_$field", $article);
991 #print STDERR "adding, always successful\n";
997 my ($self, $req, $article, $args, $acts, $funcname, $templater) = @_;
999 my ($col, $func, $funcargs) = split ' ', $args, 3;
1000 if ($article->{id}) {
1002 return $templater->perform($acts, $func, $funcargs);
1005 my $value = $article->{$args};
1006 defined $value or $value = '';
1007 return escape_html($value, '<>&"');
1011 my $value = $self->default_value($req, $article, $col);
1012 defined $value or $value = '';
1013 return escape_html($value, '<>&"');
1023 sub tag_if_flag_set {
1024 my ($article, $arg, $acts, $funcname, $templater) = @_;
1026 my @args = DevHelp::Tags->get_parms($arg, $acts, $templater);
1029 return index($article->{flags}, $args[0]) >= 0;
1033 my ($article, $articles) = @_;
1036 my $temp = $article;
1037 defined($temp->{parentid}) or return;
1038 while ($temp->{parentid} > 0
1039 and my $crumb = $articles->getByPkey($temp->{parentid})) {
1040 unshift @crumbs, $crumb;
1048 my ($args, $acts, $funcname, $templater) = @_;
1050 exists $acts->{$args} or return "** need an article name **";
1051 my $generator = $templater->perform($acts, $args, 'generator');
1053 $generator =~ /^(?:BSE::)?Generate::(\w+)$/
1054 or return "** invalid generator $generator **";
1059 sub _get_thumbs_class {
1062 $self->{cfg}->entry('editor', 'allow_thumb', 0)
1065 my $class = $self->{cfg}->entry('editor', 'thumbs_class')
1068 (my $filename = "$class.pm") =~ s!::!/!g;
1069 eval { require $filename; };
1071 print STDERR "** Error loading thumbs_class $class ($filename): $@\n";
1075 eval { $obj = $class->new($self->{cfg}) };
1077 print STDERR "** Error creating thumbs objects $class: $@\n";
1084 sub tag_thumbimage {
1085 my ($cfg, $thumbs_obj, $current_image, $args) = @_;
1087 $thumbs_obj or return '';
1089 $$current_image or return '** no current image **';
1091 my $imagedir = cfg_image_dir($cfg);
1093 my $filename = "$imagedir/$$current_image->{image}";
1094 -e $filename or return "** image file missing **";
1096 defined $args && $args =~ /\S/
1097 or $args = "editor";
1099 my $image = $$current_image;
1100 return $image->thumb
1108 sub tag_file_display {
1109 my ($self, $files, $file_index) = @_;
1111 $$file_index >= 0 && $$file_index < @$files
1112 or return "* file_display only usable inside a files iterator *";
1113 my $file = $files->[$$file_index];
1115 my $disp_type = $self->cfg->entry("editor", "file_display", "");
1117 return $file->inline
1120 field => $disp_type,
1125 my ($self, $cfg, $rcurrent, $args) = @_;
1130 my ($align, $rest) = split ' ', $args, 2;
1132 if ($align && exists $im->{$align}) {
1133 if ($align eq 'src') {
1134 return escape_html($im->image_url($self->{cfg}));
1137 return escape_html($im->{$align});
1141 return $im->formatted
1151 my ($self, $article) = @_;
1156 return $article->tag_objects;
1159 my %base_custom_validation =
1220 require DevHelp::Validate;
1221 DevHelp::Validate->import;
1222 return DevHelp::Validate::dh_configure_fields
1224 \%base_custom_validation,
1226 ARTICLE_CUSTOM_FIELDS_CFG,
1227 BSE::DB->single->dbh,
1231 sub _custom_fields {
1234 my $fields = $self->custom_fields;
1236 for my $key (keys %$fields) {
1237 $fields->{$key}{description}
1238 and $active{$key} = $fields->{$key};
1245 my ($self, $acts, $request, $article, $articles, $msg, $errors) = @_;
1247 my $cgi = $request->cgi;
1248 my $show_full = $cgi->param('f_showfull');
1249 my $if_error = $msg || ($errors && keys %$errors) || $request->cgi->param("_e");
1250 #$msg ||= join "\n", map escape_html($_), $cgi->param('message'), $cgi->param('m');
1251 $msg .= $request->message($errors);
1253 if ($article->{id}) {
1254 if ($article->{parentid} > 0) {
1255 $parent = $article->parent;
1258 $parent = { title=>"No parent - this is a section", id=>-1 };
1262 $parent = { title=>"How did we get here?", id=>0 };
1264 $request->set_article(article => $article);
1265 $request->set_variable(ifnew => !$article->{id});
1266 my $cfg = $self->{cfg};
1267 my $mbcs = $cfg->entry('html', 'mbcs', 0);
1268 my $tag_hash = $mbcs ? \&tag_hash_mbcs : \&tag_hash;
1269 my $thumbs_obj_real = $self->_get_thumbs_class();
1270 my $thumbs_obj = $show_full ? undef : $thumbs_obj_real;
1281 my $stepparent_index;
1282 my @stepparent_targs;
1283 my @stepparentpossibles;
1288 my $it = BSE::Util::Iterate->new;
1289 my $ito = BSE::Util::Iterate::Objects->new;
1290 my $ita = BSE::Util::Iterate::Article->new(req => $request);
1292 my $custom = $self->_custom_fields;
1293 # only return the fields that are defined
1294 $request->set_variable(custom => $custom);
1295 $request->set_variable(errors => $errors || {});
1296 my $article_type = $cfg->entry('level names', $article->{level}, 'Article');
1297 $request->set_variable(article_type => $article_type);
1301 $request->admin_tags,
1302 article => sub { tag_article($article, $cfg, $_[0]) },
1303 old => [ \&tag_old, $article, $cgi ],
1304 default => [ \&tag_default, $self, $request, $article ],
1305 articleType => escape_html($article_type),
1306 parentType => [ \&tag_art_type, $article->{level}-1, $cfg ],
1307 ifNew => [ \&tag_if_new, $article ],
1308 list => [ \&tag_list, $self, $article, $articles, $cgi, $request ],
1309 script => $ENV{SCRIPT_NAME},
1310 level => $article->{level},
1311 checked => \&tag_checked,
1313 ([ \&iter_get_images, $self, $article ], 'image', 'images', \@images,
1314 \$image_index, undef, \$current_image),
1315 image => [ tag_image => $self, $cfg, \$current_image ],
1316 thumbimage => [ \&tag_thumbimage, $cfg, $thumbs_obj, \$current_image ],
1317 ifThumbs => defined($thumbs_obj),
1318 ifCanThumbs => defined($thumbs_obj_real),
1319 imgmove => [ \&tag_imgmove, $request, $article, \$image_index, \@images ],
1321 ifError => $if_error,
1324 code => [ \&iter_get_kids, $article, $articles ],
1326 plural => 'children',
1328 index => \$child_index,
1330 ifchildren => \&tag_if_children,
1331 childtype => [ \&tag_art_type, $article->{level}+1, $cfg ],
1332 ifHaveChildType => [ \&tag_if_have_child_type, $article->{level}, $cfg ],
1333 movechild => [ \&tag_movechild, $self, $request, $article, \@children,
1336 templates => [ \&tag_templates, $self, $article, $cfg, $cgi ],
1337 titleImages => [ \&tag_title_images, $self, $article, $cfg, $cgi ],
1338 editParent => [ \&tag_edit_parent, $article ],
1341 code => [ \&iter_allkids, $article ],
1345 index => \$allkid_index,
1348 [ \&tag_if_step_kid, $article, \@allkids, \$allkid_index, \%stepkids ],
1349 stepkid => [ \&tag_step_kid, $article, \@allkids, \$allkid_index,
1352 [ \&tag_move_stepkid, $self, $cgi, $request, $article, \@allkids,
1354 possible_stepkids =>
1355 [ \&tag_possible_stepkids, \%stepkids, $request, $article,
1356 \@possstepkids, $articles, $cgi ],
1358 [ \&tag_if_possible_stepkids, \%stepkids, $request, $article,
1359 \@possstepkids, $articles, $cgi ],
1362 code => [ \&iter_get_stepparents, $article ],
1363 single => 'stepparent',
1364 plural => 'stepparents',
1365 data => \@stepparents,
1366 index => \$stepparent_index,
1368 ifStepParents => \&tag_ifStepParents,
1370 [ \&tag_stepparent_targ, $article, \@stepparent_targs,
1371 \$stepparent_index ],
1373 [ \&tag_move_stepparent, $self, $cgi, $request, $article, \@stepparents,
1374 \$stepparent_index ],
1375 ifStepparentPossibles =>
1376 [ \&tag_if_stepparent_possibles, $request, $article, $articles,
1377 \@stepparent_targs, \@stepparentpossibles, ],
1378 stepparent_possibles =>
1379 [ \&tag_stepparent_possibles, $cgi, $request, $article, $articles,
1380 \@stepparent_targs, \@stepparentpossibles, ],
1383 code => [ iter_files => $self, $article ],
1387 index => \$file_index,
1390 [ \&tag_movefiles, $self, $request, $article, \@files, \$file_index ],
1393 code => [ iter_file_metas => $self, \@files, \$file_index ],
1394 plural => "file_metas",
1395 single => "file_meta",
1398 ifFileExists => sub {
1399 @files && $file_index >= 0 && $file_index < @files
1402 return -f ($files[$file_index]->full_filename($cfg));
1404 file_display => [ tag_file_display => $self, \@files, \$file_index ],
1405 DevHelp::Tags->make_iterator2
1406 (\&iter_admin_users, 'iadminuser', 'adminusers'),
1407 DevHelp::Tags->make_iterator2
1408 (\&iter_admin_groups, 'iadmingroup', 'admingroups'),
1409 edit => [ \&tag_edit_link, $cfg, $article ],
1410 error => [ $tag_hash, $errors ],
1411 error_img => [ \&tag_error_img, $cfg, $errors ],
1412 ifFieldPerm => [ \&tag_if_field_perm, $request, $article ],
1413 parent => [ \&tag_article, $parent, $cfg ],
1414 DevHelp::Tags->make_iterator2
1415 ([ \&iter_flags, $self ], 'flag', 'flags' ),
1416 ifFlagSet => [ \&tag_if_flag_set, $article ],
1417 DevHelp::Tags->make_iterator2
1418 ([ \&iter_crumbs, $article, $articles ], 'crumb', 'crumbs' ),
1419 typename => \&tag_typename,
1420 $it->make_iterator([ \&iter_groups, $request ],
1421 'group', 'groups', \@groups, undef, undef,
1423 $it->make_iterator([ iter_image_stores => $self],
1424 'image_store', 'image_stores'),
1425 $it->make_iterator([ iter_file_stores => $self],
1426 'file_store', 'file_stores'),
1427 ifGroupRequired => [ \&tag_ifGroupRequired, $article, \$current_group ],
1428 category => [ tag_category => $self, $articles, $article ],
1433 code => [ iter_tags => $self, $article ],
1438 sub iter_image_stores {
1441 my $mgr = $self->_image_manager;
1443 return map +{ name => $_->name, description => $_->description },
1450 require BSE::TB::ArticleFiles;
1452 return BSE::TB::ArticleFiles->file_manager($self->cfg);
1455 sub iter_file_stores {
1458 require BSE::TB::ArticleFiles;
1459 my $mgr = $self->_file_manager($self->cfg);
1461 return map +{ name => $_->name, description => $_->description },
1468 require BSE::TB::SiteUserGroups;
1469 BSE::TB::SiteUserGroups->admin_and_query_groups($req->cfg);
1472 sub tag_ifGroupRequired {
1473 my ($article, $rgroup) = @_;
1478 $$rgroup or return 0;
1480 $article->is_accessible_to($$rgroup);
1484 my ($self, $article, $cgi) = @_;
1486 my $base = $article->{level};
1487 my $t = $cgi->param('_t');
1488 if ($t && $t =~ /^\w+$/) {
1491 return $self->{cfg}->entry('admin templates', $base,
1492 "admin/edit_$base");
1496 my ($self, $article, $cgi) = @_;
1498 $self->edit_template($article, $cgi);
1502 my ($self, $request, $article, $articles, $msg, $errors) = @_;
1504 my $cgi = $request->cgi;
1506 %acts = $self->low_edit_tags(\%acts, $request, $article, $articles, $msg,
1508 my $template = $article->{id} ?
1509 $self->edit_template($article, $cgi) : $self->add_template($article, $cgi);
1511 return $request->response($template, \%acts);
1515 my ($self, $request, $article, $articles, $msg, $errors) = @_;
1517 return $self->low_edit_form($request, $article, $articles, $msg, $errors);
1520 sub _dummy_article {
1521 my ($self, $req, $articles, $rmsg) = @_;
1524 my $cgi = $req->cgi;
1525 my $parentid = $cgi->param('parentid');
1527 if ($parentid =~ /^\d+$/) {
1528 if (my $parent = $self->get_parent($parentid, $articles)) {
1529 $level = $parent->{level}+1;
1535 elsif ($parentid eq "-1") {
1539 unless (defined $level) {
1540 $level = $cgi->param('level');
1541 undef $level unless defined $level && $level =~ /^\d+$/
1542 && $level > 0 && $level < 100;
1543 defined $level or $level = 3;
1547 my @cols = BSE::TB::Article->columns;
1548 @article{@cols} = ('') x @cols;
1550 $article{parentid} = $parentid;
1551 $article{level} = $level;
1552 $article{body} = '<maximum of 64Kb>';
1553 $article{listed} = 1;
1554 $article{generator} = $self->generator;
1556 my ($values, $labels) = $self->possible_parents(\%article, $articles, $req);
1558 $$rmsg = "You can't add children to any article at that level";
1562 return $self->_make_dummy_article(\%article);
1565 sub _make_dummy_article {
1566 my ($self, $article) = @_;
1568 require BSE::DummyArticle;
1569 return bless $article, "BSE::DummyArticle";
1573 my ($self, $req, $article, $articles, $msg, $errors) = @_;
1575 return $self->low_edit_form($req, $article, $articles, $msg, $errors);
1578 sub generator { 'BSE::Generate::Article' }
1583 my $gen = $self->generator;
1585 ($gen =~ /(\w+)$/)[0] || 'Article';
1588 sub _validate_common {
1589 my ($self, $data, $articles, $errors, $article) = @_;
1591 # if (defined $data->{parentid} && $data->{parentid} =~ /^(?:-1|\d+)$/) {
1592 # unless ($data->{parentid} == -1 or
1593 # $articles->getByPkey($data->{parentid})) {
1594 # $errors->{parentid} = "Selected parent article doesn't exist";
1598 # $errors->{parentid} = "You need to select a valid parent";
1600 if (exists $data->{title} && $data->{title} !~ /\S/) {
1601 $errors->{title} = "Please enter a title";
1604 if (exists $data->{template} && $data->{template} =~ /\.\./) {
1605 $errors->{template} = "Please only select templates from the list provided";
1607 if (exists $data->{linkAlias}
1608 && length $data->{linkAlias}) {
1609 unless ($data->{linkAlias} =~ /\A[a-zA-Z0-9-_]+\z/
1610 && $data->{linkAlias} =~ /[A-Za-z]/) {
1611 $errors->{linkAlias} = "Link alias must contain only alphanumerics and contain at least one letter";
1615 if (defined $data->{category}) {
1616 unless (first { $_->{id} eq $data->{category} } $self->categories($articles)) {
1617 $errors->{category} = "msg:bse/admin/edit/category/unknown";
1621 require DevHelp::Validate;
1622 DevHelp::Validate->import('dh_validate_hash');
1623 dh_validate_hash($data, $errors,
1625 fields => $self->_custom_fields,
1627 dbh => BSE::DB->single->dbh,
1629 $self->cfg, ARTICLE_CUSTOM_FIELDS_CFG);
1633 my ($self, $data, $articles, $errors) = @_;
1635 $self->_validate_common($data, $articles, $errors);
1636 if (!$errors->{linkAlias} && defined $data->{linkAlias} && length $data->{linkAlias}) {
1637 my $other = $articles->getBy(linkAlias => $data->{linkAlias});
1639 and $errors->{linkAlias} =
1640 "Duplicate link alias - already used by article $other->{id}";
1642 custom_class($self->{cfg})
1643 ->article_validate($data, undef, $self->typename, $errors);
1645 return !keys %$errors;
1649 my ($self, $article, $data, $articles, $errors, $ajax) = @_;
1651 $self->_validate_common($data, $articles, $errors, $article);
1652 custom_class($self->{cfg})
1653 ->article_validate($data, $article, $self->typename, $errors);
1655 if (exists $data->{release}) {
1656 if ($ajax && !dh_parse_sql_date($data->{release})
1657 || !$ajax && !dh_parse_date($data->{release})) {
1658 $errors->{release} = "Invalid release date";
1662 if (!$errors->{linkAlias}
1663 && defined $data->{linkAlias}
1664 && length $data->{linkAlias}
1665 && $data->{linkAlias} ne $article->{linkAlias}) {
1666 my $other = $articles->getBy(linkAlias => $data->{linkAlias});
1667 $other && $other->{id} != $article->{id}
1668 and $errors->{linkAlias} = "Duplicate link alias - already used by article $other->{id}";
1671 return !keys %$errors;
1674 sub validate_parent {
1679 my ($self, $req, $data, $articles) = @_;
1681 my $custom = $self->_custom_fields;
1682 for my $key (keys %$custom) {
1683 my ($value) = $req->cgi->param($key);
1684 if (defined $value) {
1685 if ($key =~ /^customDate/) {
1686 require DevHelp::Date;
1688 if (my ($year, $month, $day) =
1689 DevHelp::Date::dh_parse_date($value, \$msg)) {
1690 $data->{$key} = sprintf("%04d-%02d-%02d", $year, $month, $day);
1693 $data->{$key} = undef;
1696 elsif ($key =~ /^customInt/) {
1697 if ($value =~ /\S/) {
1698 $data->{$key} = $value;
1701 $data->{$key} = undef;
1705 $data->{$key} = $value;
1710 custom_class($self->{cfg})
1711 ->article_fill_new($data, $self->typename);
1717 my ($self, $article) = @_;
1719 # check the config for the article and any of its ancestors
1720 my $work_article = $article;
1721 my $path = $self->{cfg}->entry('article uris', $work_article->{id});
1723 last if $work_article->{parentid} == -1;
1724 $work_article = $work_article->parent;
1725 $path = $self->{cfg}->entry('article uris', $work_article->{id});
1727 return $path if $path;
1729 $self->default_link_path($article);
1732 sub default_link_path {
1733 my ($self, $article) = @_;
1735 $self->{cfg}->entry('uri', 'articles', '/a');
1739 my ($self, $article) = @_;
1744 my $title = $article->title;
1745 if ($article->is_dynamic) {
1746 (my $extra = $title) =~ tr/A-Za-z0-9/-/sc;
1747 return "/cgi-bin/page.pl?page=$article->{id}&title=".escape_uri($extra);
1750 my $article_uri = $self->link_path($article);
1751 my $link = "$article_uri/$article->{id}.html";
1752 my $link_titles = $self->{cfg}->entryBool('basic', 'link_titles', 0);
1754 (my $extra = $title) =~ tr/A-Za-z0-9/-/sc;
1755 $link .= "/" . $extra . "_html";
1762 my ($self, $table_object) = @_;
1764 my @columns = $table_object->rowClass->columns;
1770 sub _validate_tags {
1771 my ($self, $tags, $errors) = @_;
1775 for my $tag (@$tags) {
1778 && !BSE::TB::Tags->valid_name($tag, \$error)) {
1779 push @errors, "msg:bse/admin/edit/tags/invalid/$error";
1780 $errors->{tags} = \@errors;
1784 push @errors, undef;
1792 my ($self, $req, $article, $articles) = @_;
1794 $req->check_csrf("admin_add_article")
1795 or return $self->csrf_error($req, undef, "admin_add_article", "Add Article");
1797 my $cgi = $req->cgi;
1799 my $table_object = $self->table_object($articles);
1800 my @columns = $self->save_columns($table_object);
1801 $self->save_thumbnail($cgi, undef, \%data);
1802 for my $name (@columns) {
1803 $data{$name} = $cgi->param($name)
1804 if defined $cgi->param($name);
1806 $data{flags} = join '', sort $cgi->param('flags');
1810 if (!defined $data{parentid} || $data{parentid} eq '') {
1811 $errors{parentid} = "Please select a parent";
1813 elsif ($data{parentid} !~ /^(?:-1|\d+)$/) {
1814 $errors{parentid} = "Invalid parent selection (template bug)";
1816 $self->validate(\%data, $articles, \%errors);
1818 my $save_tags = $cgi->param("_save_tags");
1821 @tags = $cgi->param("tags");
1822 $self->_validate_tags(\@tags, \%errors);
1826 if ($cgi->param("_save_meta")) {
1827 require BSE::ArticleMetaMeta;
1828 $meta = BSE::ArticleMetaMeta->retrieve($req, $article, \%errors);
1832 if ($req->is_ajax) {
1833 return $req->json_content
1837 error_code => "FIELD",
1838 message => $req->message(\%errors),
1842 return $self->add_form($req, $article, $articles, $msg, \%errors);
1849 if ($data{parentid} > 0) {
1850 $parent = $articles->getByPkey($data{parentid}) or die;
1851 if ($req->user_can('edit_add_child', $parent)) {
1852 for my $name (@columns) {
1853 if (exists $data{$name} &&
1854 !$req->user_can("edit_add_field_$name", $parent)) {
1855 delete $data{$name};
1860 $parent_msg = "You cannot add a child to that article";
1861 $parent_code = "ACCESS";
1865 if ($req->user_can('edit_add_child')) {
1866 for my $name (@columns) {
1867 if (exists $data{$name} &&
1868 !$req->user_can("edit_add_field_$name")) {
1869 delete $data{$name};
1874 $parent_msg = "You cannot create a top-level article";
1875 $parent_code = "ACCESS";
1879 $self->validate_parent(\%data, $articles, $parent, \$parent_msg)
1880 or $parent_code = "PARENT";
1883 if ($req->is_ajax) {
1884 return $req->json_content
1887 message => $parent_msg,
1888 error_code => $parent_code,
1893 return $self->add_form($req, $article, $articles, $parent_msg);
1897 my $level = $parent ? $parent->{level}+1 : 1;
1898 $data{level} = $level;
1899 $data{displayOrder} = time;
1901 $data{admin} ||= '';
1902 $data{generator} = $self->generator;
1903 $data{lastModified} = now_sqldatetime();
1904 $data{listed} = 1 unless defined $data{listed};
1907 $data{pageTitle} = '' unless defined $data{pageTitle};
1908 my $user = $req->getuser;
1909 $data{createdBy} = $user ? $user->{logon} : '';
1910 $data{lastModifiedBy} = $user ? $user->{logon} : '';
1911 $data{created} = now_sqldatetime();
1914 $data{force_dynamic} = 0;
1915 $data{cached_dynamic} = 0;
1916 $data{inherit_siteuser_rights} = 1;
1919 $data{metaDescription} = '' unless defined $data{metaDescription};
1920 $data{metaKeywords} = '' unless defined $data{metaKeywords};
1923 $self->fill_new_data($req, \%data, $articles);
1924 for my $col (qw(titleImage imagePos template keyword menu titleAlias linkAlias body author summary category)) {
1926 or $data{$col} = $self->default_value($req, \%data, $col);
1929 for my $col (qw/force_dynamic inherit_siteuser_rights/) {
1930 if ($req->user_can("edit_add_field_$col", $parent)
1931 && $cgi->param("save_$col")) {
1932 $data{$col} = $cgi->param($col) ? 1 : 0;
1935 $data{$col} = $self->default_value($req, \%data, $col);
1939 unless ($req->is_ajax) {
1940 for my $col (qw(release expire)) {
1941 $data{$col} = sql_date($data{$col});
1945 # these columns are handled a little differently
1946 for my $col (qw(release expire threshold summaryLength )) {
1948 or $data{$col} = $self->default_value($req, \%data, $col);
1951 my @cols = $table_object->rowClass->columns;
1954 # fill out anything else from defaults
1955 for my $col (@columns) {
1957 or $data{$col} = $self->default_value($req, \%data, $col);
1960 $article = $table_object->add(@data{@cols});
1962 $self->save_new_more($req, $article, \%data);
1964 # we now have an id - generate the links
1966 $article->update_dynamic($self->{cfg});
1967 my $cgi_uri = $self->{cfg}->entry('uri', 'cgi', '/cgi-bin');
1968 $article->setAdmin("$cgi_uri/admin/admin.pl?id=$article->{id}");
1969 $article->setLink($self->make_link($article));
1972 my ($after_id) = $cgi->param("_after");
1973 if (defined $after_id) {
1974 BSE::TB::Articles->reorder_child($article->{parentid}, $article->{id}, $after_id);
1975 # reload, the displayOrder probably changed
1976 $article = $articles->getByPkey($article->{id});
1981 $article->set_tags([ grep /\S/, @tags ], \$error);
1985 BSE::ArticleMetaMeta->save($article, $meta);
1988 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
1990 if ($req->is_ajax) {
1991 return $req->json_content
1995 article => $self->_article_data($req, $article),
2000 my $r = $cgi->param('r');
2002 $r .= ($r =~ /\?/) ? '&' : '?';
2003 $r .= "id=$article->{id}";
2006 $r = admin_base_url($req->cfg) . $article->{admin};
2008 return BSE::Template->get_refresh($r, $self->{cfg});
2012 my ($self, $req, $article, $data) = @_;
2014 if (exists $data->{body}) {
2015 $data->{body} =~ s/\x0D\x0A/\n/g;
2016 $data->{body} =~ tr/\r/\n/;
2018 for my $col (BSE::TB::Article->columns) {
2019 next if $col =~ /^custom/;
2020 $article->{$col} = $data->{$col}
2021 if exists $data->{$col} && $col ne 'id' && $col ne 'parentid';
2023 my $custom = $self->_custom_fields;
2024 for my $key (keys %$custom) {
2025 if (exists $data->{$key}) {
2026 if ($key =~ /^customDate/) {
2027 require DevHelp::Date;
2029 if (my ($year, $month, $day) =
2030 DevHelp::Date::dh_parse_date($data->{$key}, \$msg)) {
2031 $article->set($key, sprintf("%04d-%02d-%02d", $year, $month, $day));
2034 $article->set($key => undef);
2037 elsif ($key =~ /^customInt/) {
2038 if ($data->{$key} =~ /\S/) {
2039 $article->set($key => $data->{$key});
2042 $article->set($key => undef);
2046 $article->set($key => $data->{$key});
2050 custom_class($self->{cfg})
2051 ->article_fill_old($article, $data, $self->typename);
2057 my ($self, $req, $article) = @_;
2059 my $article_data = $article->data_only;
2060 $article_data->{link} = $article->link($req->cfg);
2061 $article_data->{images} =
2063 map $self->_image_data($req->cfg, $_), $article->images
2065 $article_data->{files} =
2067 map $_->data_only, $article->files,
2069 $article_data->{tags} =
2071 $article->tags, # just the names
2074 return $article_data;
2078 my ($self, $req, $article, $data) = @_;
2079 # nothing to do here
2083 my ($self, $req, $article, $data) = @_;
2084 # nothing to do here
2095 ACCESS - user doesn't have access to this article.
2099 LASTMOD - lastModified value doesn't match that in the article
2103 PARENT - invalid parentid specified
2110 my ($self, $req, $article, $articles) = @_;
2112 $req->check_csrf("admin_save_article")
2113 or return $self->csrf_error($req, $article, "admin_save_article", "Save Article");
2115 $req->user_can(edit_save => $article)
2116 or return $self->_service_error
2117 ($req, $article, $articles, "You don't have access to save this article",
2120 my $old_dynamic = $article->is_dynamic;
2121 my $cgi = $req->cgi;
2123 my $table_object = $self->table_object($articles);
2124 my @save_cols = $self->save_columns($table_object);
2125 for my $name (@save_cols) {
2126 $data{$name} = $cgi->param($name)
2127 if defined($cgi->param($name)) and $name ne 'id' && $name ne 'parentid'
2128 && $req->user_can("edit_field_edit_$name", $article);
2132 # checks editor lastModified against record lastModified
2133 if ($self->{cfg}->entry('editor', 'check_modified')) {
2134 if ($article->{lastModified} ne $cgi->param('lastModified')) {
2135 my $whoModified = '';
2136 my $timeModified = ampm_time($article->{lastModified});
2137 if ($article->{lastModifiedBy}) {
2138 $whoModified = "by '$article->{lastModifiedBy}'";
2140 print STDERR "non-matching lastModified, article not saved\n";
2141 my $msg = "Article changes not saved, this article was modified $whoModified at $timeModified since this editor was loaded";
2142 return $self->_service_error($req, $article, $articles, $msg, {}, "LASTMOD");
2147 # possibly this needs tighter error checking
2148 $data{flags} = join '', sort $cgi->param('flags')
2149 if $req->user_can("edit_field_edit_flags", $article);
2151 if (exists $article->{template} &&
2152 $article->{template} =~ m|\.\.|) {
2153 $errors{template} = "Please only select templates from the list provided";
2157 if ($cgi->param("_save_meta")) {
2158 require BSE::ArticleMetaMeta;
2159 $meta = BSE::ArticleMetaMeta->retrieve($req, $article, \%errors);
2162 my $save_tags = $cgi->param("_save_tags");
2165 @tags = $cgi->param("tags");
2166 $self->_validate_tags(\@tags, \%errors);
2168 $self->validate_old($article, \%data, $articles, \%errors, scalar $req->is_ajax)
2169 or return $self->_service_error($req, $article, $articles, undef, \%errors, "FIELD");
2170 $self->save_thumbnail($cgi, $article, \%data)
2171 if $req->user_can('edit_field_edit_thumbImage', $article);
2172 if (exists $data{flags} && $data{flags} =~ /D/) {
2173 $article->remove_html;
2175 $self->fill_old_data($req, $article, \%data);
2178 my $newparentid = $cgi->param('parentid');
2180 && $req->user_can('edit_field_edit_parentid', $article)
2181 && $newparentid != $article->{parentid}) {
2184 if ($newparentid == -1) {
2185 require BSE::Edit::Site;
2186 $newparent = BSE::TB::Site->new;
2187 $parent_editor = BSE::Edit::Site->new(cfg => $req->cfg);
2190 $newparent = $articles->getByPkey($newparentid);
2191 ($parent_editor, $newparent) = $self->article_class($newparent, $articles, $req->cfg);
2195 if ($self->can_reparent_to($article, $newparent, $parent_editor, $articles, \$msg)
2196 && $self->reparent($article, $newparentid, $articles, \$msg)) {
2197 # nothing to do here
2200 return $self->_service_error($req, $article, $articles, $msg, {}, "PARENT");
2204 return $self->_service_error($req, $article, $articles, "No such parent article", {}, "PARENT");
2208 $article->{listed} = $cgi->param('listed')
2209 if defined $cgi->param('listed') &&
2210 $req->user_can('edit_field_edit_listed', $article);
2212 if ($req->user_can('edit_field_edit_release', $article)) {
2213 my $release = $cgi->param("release");
2214 if (defined $release && $release =~ /\S/) {
2215 if ($req->is_ajax) {
2216 $article->{release} = $release;
2219 $article->{release} = sql_date($release)
2224 $article->{expire} = sql_date($cgi->param('expire')) || $Constants::D_99
2225 if defined $cgi->param('expire') &&
2226 $req->user_can('edit_field_edit_expire', $article);
2227 for my $col (qw/force_dynamic inherit_siteuser_rights/) {
2228 if ($req->user_can("edit_field_edit_$col", $article)
2229 && $cgi->param("save_$col")) {
2230 $article->{$col} = $cgi->param($col) ? 1 : 0;
2234 $article->mark_modified(actor => $req->getuser || "U");
2236 my @save_group_ids = $cgi->param('save_group_id');
2237 if ($req->user_can('edit_field_edit_group_id')
2238 && @save_group_ids) {
2239 require BSE::TB::SiteUserGroups;
2240 my %groups = map { $_->{id} => $_ }
2241 BSE::TB::SiteUserGroups->admin_and_query_groups($self->{cfg});
2242 my %set = map { $_ => 1 } $cgi->param('group_id');
2243 my %current = map { $_ => 1 } $article->group_ids;
2245 for my $group_id (@save_group_ids) {
2246 $groups{$group_id} or next;
2247 if ($current{$group_id} && !$set{$group_id}) {
2248 $article->remove_group_id($group_id);
2250 elsif (!$current{$group_id} && $set{$group_id}) {
2251 $article->add_group_id($group_id);
2256 my $old_link = $article->{link};
2257 # this need to go last
2258 $article->update_dynamic($self->{cfg});
2259 if (!$self->{cfg}->entry('protect link', $article->{id})) {
2260 my $article_uri = $self->make_link($article);
2261 $article->setLink($article_uri);
2268 $article->set_tags([ grep /\S/, @tags ], \$error);
2272 print STDERR Dumper($meta);
2274 BSE::ArticleMetaMeta->save($article, $meta);
2279 @extra_regen = $self->update_child_dynamic($article, $articles, $req);
2281 if ($article->is_dynamic || $old_dynamic) {
2282 if (!$old_dynamic and $old_link) {
2283 unlink $article->link_to_filename($self->{cfg}, $old_link);
2285 elsif (!$article->is_dynamic) {
2286 unlink $article->cached_filename($self->{cfg});
2290 my ($after_id) = $cgi->param("_after");
2291 if (defined $after_id) {
2292 BSE::TB::Articles->reorder_child($article->{parentid}, $article->{id}, $after_id);
2293 # reload, the displayOrder probably changed
2294 $article = $articles->getByPkey($article->{id});
2297 if ($Constants::AUTO_GENERATE) {
2298 generate_article($articles, $article);
2299 for my $regen_id (@extra_regen) {
2300 my $regen = $articles->getByPkey($regen_id);
2301 BSE::Regen::generate_low($articles, $regen, $self->{cfg});
2305 $self->save_more($req, $article, \%data);
2307 if ($req->is_ajax) {
2308 return $req->json_content
2312 article => $self->_article_data($req, $article),
2317 return $self->refresh($article, $cgi, undef, 'Article saved');
2320 sub can_reparent_to {
2321 my ($self, $article, $newparent, $parent_editor, $articles, $rmsg) = @_;
2323 my @child_types = $parent_editor->child_types;
2324 if (!grep $_ eq ref $self, @child_types) {
2325 my ($child_type) = (ref $self) =~ /(\w+)$/;
2326 my ($parent_type) = (ref $parent_editor) =~ /(\w+)$/;
2328 $$rmsg = "A $child_type cannot be a child of a $parent_type";
2332 # the article cannot become a child of itself or one of it's
2334 if ($article->{id} == $newparent->id
2335 || $self->is_descendant($article->id, $newparent->id, $articles)) {
2336 $$rmsg = "Cannot become a child of itself or of a descendant";
2340 my $shopid = $self->{cfg}->entryErr('articles', 'shop');
2341 if ($self->shop_article) { # if this article belongs in the shop
2342 unless ($newparent->id == $shopid
2343 || $self->is_descendant($shopid, $newparent->{id}, $articles)) {
2344 $$rmsg = "This article belongs in the shop";
2349 if ($newparent->id == $shopid
2350 || $self->is_descendant($shopid, $newparent->id, $articles)) {
2351 $$rmsg = "This article doesn't belong in the shop";
2359 sub shop_article { 0 }
2361 sub update_child_dynamic {
2362 my ($self, $article, $articles, $req) = @_;
2364 my $cfg = $req->cfg;
2365 my @stack = $article->children;
2368 my $workart = pop @stack;
2369 my $old_dynamic = $workart->is_dynamic; # before update
2370 my $old_link = $workart->{link};
2372 ($editor, $workart) = $self->article_class($workart, $articles, $cfg);
2374 $workart->update_dynamic($cfg);
2375 if ($old_dynamic != $workart->is_dynamic) {
2377 if ($article->{link} && !$cfg->entry('protect link', $workart->{id})) {
2378 my $uri = $editor->make_link($workart);
2379 $workart->setLink($uri);
2381 !$old_dynamic && $old_link
2382 and unlink $workart->link_to_filename($cfg, $old_link);
2383 $workart->is_dynamic
2384 or unlink $workart->cached_filename($cfg);
2387 # save dynamic cache change and link if that changed
2390 push @stack, $workart->children;
2391 push @regen, $workart->{id};
2399 my ($year, $month, $day);
2402 if (($day, $month, $year) = ($str =~ m!(\d+)/(\d+)/(\d+)!)) {
2403 $year += 2000 if $year < 100;
2405 return sprintf("%04d-%02d-%02d", $year, $month, $day);
2411 # Converts 24hr time to 12hr AM/PM time
2414 my ($hour, $minute, $second, $ampm);
2417 if (($hour, $minute, $second) = ($str =~ m!(\d+):(\d+):(\d+)!)) {
2423 $hour = 12 if $hour == 0;
2426 return sprintf("%02d:%02d:%02d $ampm", $hour, $minute, $second);
2433 my ($self, $article, $newparentid, $articles, $rmsg) = @_;
2436 if ($newparentid == -1) {
2440 my $parent = $articles->getByPkey($newparentid);
2442 $$rmsg = "Cannot get new parent article";
2445 $newlevel = $parent->{level} + 1;
2447 # the caller will save this one
2448 $article->{parentid} = $newparentid;
2449 $article->{level} = $newlevel;
2450 $article->{displayOrder} = time;
2452 my @change = ( [ $article->{id}, $newlevel ] );
2454 my $this = shift @change;
2455 my ($art, $level) = @$this;
2457 my @kids = $articles->getBy(parentid=>$art);
2458 push @change, map { [ $_->{id}, $level+1 ] } @kids;
2460 for my $kid (@kids) {
2461 $kid->{level} = $level+1;
2469 # tests if $desc is a descendant of $art
2470 # where both are article ids
2472 my ($self, $art, $desc, $articles) = @_;
2476 my $parent = shift @check;
2477 $parent == $desc and return 1;
2478 my @kids = $articles->getBy(parentid=>$parent);
2479 push @check, map $_->{id}, @kids;
2485 sub save_thumbnail {
2486 my ($self, $cgi, $original, $newdata) = @_;
2488 unless ($original) {
2489 @$newdata{qw/thumbImage thumbWidth thumbHeight/} = ('', 0, 0);
2491 my $imagedir = cfg_image_dir($self->{cfg});
2492 if ($cgi->param('remove_thumb') && $original && $original->{thumbImage}) {
2493 unlink("$imagedir/$original->{thumbImage}");
2494 @$newdata{qw/thumbImage thumbWidth thumbHeight/} = ('', 0, 0);
2496 my $image_name = $cgi->param('thumbnail');
2497 my $image = $cgi->upload('thumbnail');
2498 if ($image_name && -s $image) {
2499 # where to put it...
2501 $image_name =~ /([\w.-]+)$/ and $name = $1;
2502 my $filename = time . "_" . $name;
2506 $filename = time . '_' . $counter . '_' . $name
2507 until sysopen( OUTPUT, "$imagedir/$filename",
2508 O_WRONLY| O_CREAT| O_EXCL)
2509 || ++$counter > 100;
2511 fileno(OUTPUT) or die "Could not open image file: $!";
2517 # read the image in from the browser and output it to our
2519 print STDERR "\$image ",ref $image,"\n";
2521 print OUTPUT $buffer while sysread $image, $buffer, 1024;
2524 or die "Could not close image output file: $!";
2526 require BSE::ImageSize;
2528 if ($original && $original->{thumbImage}) {
2529 #unlink("$imagedir/$original->{thumbImage}");
2531 @$newdata{qw/thumbWidth thumbHeight/} =
2532 BSE::ImageSize::imgsize("$imagedir/$filename");
2533 $newdata->{thumbImage} = $filename;
2538 my ($self, $article) = @_;
2540 my $shopid = $self->{cfg}->entryErr('articles', 'shop');
2541 if ($article && $article->{id} && $article->{id} == $shopid) {
2542 return ( 'BSE::Edit::Catalog' );
2544 return ( 'BSE::Edit::Article' );
2549 Add a step child to an article.
2557 id - parent article id (required)
2561 stepkid - child article id (required)
2565 _after - id of the allkid of id to position the stepkid after
2570 Returns a FIELD error for an invalid stepkid.
2572 Returns an ACCESS error for insufficient access.
2574 Return an ADD error for a general add failure.
2580 relationship: { childId: I<childid>, parentId: I<parentid> }
2588 my ($self, $req, $article, $articles) = @_;
2590 $req->check_csrf("admin_add_stepkid")
2591 or return $self->csrf_error($req, $article, "admin_add_stepkid", "Add Stepkid");
2593 $req->user_can(edit_stepkid_add => $article)
2594 or return $self->_service_error($req, $article, $articles,
2595 "You don't have access to add step children to this article", {}, "ACCESS");
2597 my $cgi = $req->cgi;
2598 require BSE::Admin::StepParents;
2601 my $childId = $cgi->param('stepkid');
2603 or $errors{stepkid} = "No stepkid supplied to add_stepkid";
2604 unless ($errors{stepkid}) {
2606 or $errors{stepkid} = "Invalid stepkid supplied to add_stepkid";
2609 unless ($errors{stepkid}) {
2610 $child = $articles->getByPkey($childId)
2611 or $errors{stepkid} = "Article $childId not found";
2614 and return $self->_service_error
2615 ($req, $article, $articles, $errors{stepkid}, \%errors, "FIELD");
2617 $req->user_can(edit_stepparent_add => $child)
2618 or return $self->_service_error($req, $article, $articles, "You don't have access to add a stepparent to that article", {}, "ACCESS");
2623 my $release = $cgi->param('release');
2624 dh_parse_date($release) or $release = undef;
2625 my $expire = $cgi->param('expire');
2626 dh_parse_date($expire) or $expire = undef;
2629 BSE::Admin::StepParents->add($article, $child, $release, $expire);
2632 return $self->_service_error($req, $article, $articles, $@, {}, "ADD");
2635 my $after_id = $cgi->param("_after");
2636 if (defined $after_id) {
2637 BSE::TB::Articles->reorder_child($article->id, $child->id, $after_id);
2640 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
2642 if ($req->is_ajax) {
2643 return $req->json_content
2646 relationship => $new_entry->data_only,
2650 $self->refresh($article, $cgi, 'step', 'Stepchild added');
2656 Remove a stepkid relationship.
2664 id - parent article id (required)
2668 stepkid - child article id (required)
2672 Returns a FIELD error for an invalid stepkid.
2674 Returns an ACCESS error for insufficient access.
2676 Return a DELETE error for a general delete failure.
2681 my ($self, $req, $article, $articles) = @_;
2683 $req->check_csrf("admin_remove_stepkid")
2684 or return $self->csrf_error($req, $article, "admin_del_stepkid", "Delete Stepkid");
2685 $req->user_can(edit_stepkid_delete => $article)
2686 or return $self->_service_error($req, $article, $articles,
2687 "You don't have access to delete stepchildren from this article", {}, "ACCESS");
2689 my $cgi = $req->cgi;
2692 my $childId = $cgi->param('stepkid');
2694 or $errors{stepkid} = "No stepkid supplied to add_stepkid";
2695 unless ($errors{stepkid}) {
2697 or $errors{stepkid} = "Invalid stepkid supplied to add_stepkid";
2700 unless ($errors{stepkid}) {
2701 $child = $articles->getByPkey($childId)
2702 or $errors{stepkid} = "Article $childId not found";
2705 and return $self->_service_error
2706 ($req, $article, $articles, $errors{stepkid}, \%errors, "FIELD");
2708 $req->user_can(edit_stepparent_delete => $child)
2709 or return _service_error($req, $article, $article, "You cannot remove stepparents from that article", {}, "ACCESS");
2712 require BSE::Admin::StepParents;
2714 BSE::Admin::StepParents->del($article, $child);
2718 return $self->_service_error($req, $article, $articles, $@, {}, "DELETE");
2720 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
2722 if ($req->is_ajax) {
2723 return $req->json_content(success => 1);
2726 return $self->refresh($article, $cgi, 'step', 'Stepchild deleted');
2731 my ($self, $req, $article, $articles) = @_;
2733 $req->check_csrf("admin_save_stepkids")
2734 or return $self->csrf_error($req, $article, "admin_save_stepkids", "Save Stepkids");
2736 $req->user_can(edit_stepkid_save => $article)
2737 or return $self->edit_form($req, $article, $articles,
2738 "No access to save stepkid data for this article");
2740 my $cgi = $req->cgi;
2741 require 'BSE/Admin/StepParents.pm';
2742 my @stepcats = BSE::TB::OtherParents->getBy(parentId=>$article->{id});
2743 my %stepcats = map { $_->{parentId}, $_ } @stepcats;
2744 my %datedefs = ( release => '2000-01-01', expire=>'2999-12-31' );
2745 for my $stepcat (@stepcats) {
2746 $req->user_can(edit_stepparent_save => $stepcat->{childId})
2748 for my $name (qw/release expire/) {
2749 my $date = $cgi->param($name.'_'.$stepcat->{childId});
2750 if (defined $date) {
2752 $date = $datedefs{$name};
2754 elsif (dh_parse_date($date)) {
2755 use BSE::Util::SQL qw/date_to_sql/;
2756 $date = date_to_sql($date);
2759 return $self->refresh($article, $cgi, '', "Invalid date '$date'");
2761 $stepcat->{$name} = $date;
2767 $@ and return $self->refresh($article, $cgi, '', $@);
2769 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
2771 return $self->refresh($article, $cgi, 'step', 'Stepchild information saved');
2776 Moves a stepkid from one parent to another, and sets the order within
2777 that new stepparent.
2785 id - id of the step kid to move (required)
2789 parentid - id of the parent in the stepkid relationship (required)
2793 newparentid - the new parent for the stepkid relationship (optional)
2797 _after - id of the allkid under newparentid (or parentid if
2798 newparentid isn't supplied) to place the stepkid after (0 to place at
2809 NOPARENTID - parentid parameter not supplied
2813 BADPARENTID - non-numeric parentid supplied
2817 NOTFOUND - no stepkid relationship from parentid was found
2821 BADNEWPARENT - newparentid is non-numeric
2825 UNKNOWNNEWPARENT - no article id newparentid found
2829 NEWPARENTDUP - there's already a stepkid relationship between
2837 my ($self, $req, $article, $articles) = @_;
2839 # first, identify the stepkid link
2840 my $cgi = $req->cgi;
2841 require BSE::TB::OtherParents;
2842 my $parentid = $cgi->param("parentid");
2844 or return $self->_service_error($req, $article, $articles, "Missing parentid", {}, "NOPARENTID");
2845 $parentid =~ /^\d+$/
2846 or return $self->_service_error($req, $article, $articles, "Invalid parentid", {}, "BADPARENTID");
2848 my ($step) = BSE::TB::OtherParents->getBy(parentId => $parentid, childId => $article->id)
2849 or return $self->_service_error($req, $article, $articles, "Unknown relationship", {}, "NOTFOUND");
2851 my $newparentid = $cgi->param("newparentid");
2853 $newparentid =~ /^\d+$/
2854 or return $self->_service_error($req, $article, $articles, "Bad new parent id", {}, "BADNEWPARENT");
2855 my $new_parent = BSE::TB::Articles->getByPkey($newparentid)
2856 or return $self->_service_error($req, $article, $articles, "Unknown new parent id", {}, "UNKNOWNNEWPARENT");
2858 BSE::TB::OtherParents->getBy(parentId=>$newparentid, childId=>$article->id)
2859 and return $self->_service_error($req, $article, $articles, "New parent is duplicate", {}, "NEWPARENTDUP");
2861 $step->{parentId} = $newparentid;
2865 my $after_id = $cgi->param("_after");
2866 if (defined $after_id) {
2867 BSE::TB::Articles->reorder_child($step->{parentId}, $article->id, $after_id);
2870 if ($req->is_ajax) {
2871 return $req->json_content
2874 relationshop => $step->data_only,
2878 return $self->refresh($article, $cgi, 'step', "Stepchild moved");
2882 sub add_stepparent {
2883 my ($self, $req, $article, $articles) = @_;
2885 $req->check_csrf("admin_add_stepparent")
2886 or return $self->csrf_error($req, $article, "admin_add_stepparent", "Add Stepparent");
2888 $req->user_can(edit_stepparent_add => $article)
2889 or return $self->edit_form($req, $article, $articles,
2890 "You don't have access to add stepparents to this article");
2892 my $cgi = $req->cgi;
2893 require 'BSE/Admin/StepParents.pm';
2895 my $step_parent_id = $cgi->param('stepparent');
2896 defined($step_parent_id)
2897 or die "No stepparent supplied to add_stepparent";
2898 int($step_parent_id) eq $step_parent_id
2899 or die "Invalid stepcat supplied to add_stepcat";
2900 my $step_parent = $articles->getByPkey($step_parent_id)
2901 or die "Parent $step_parent_id not found\n";
2903 $req->user_can(edit_stepkid_add => $step_parent)
2904 or die "You don't have access to add a stepkid to that article\n";
2906 my $release = $cgi->param('release');
2908 or $release = "01/01/2000";
2909 $release eq '' or dh_parse_date($release)
2910 or die "Invalid release date";
2911 my $expire = $cgi->param('expire');
2913 or $expire = '31/12/2999';
2914 $expire eq '' or dh_parse_date($expire)
2915 or die "Invalid expire data";
2918 BSE::Admin::StepParents->add($step_parent, $article, $release, $expire);
2920 $@ and return $self->refresh($article, $cgi, 'step', $@);
2922 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
2924 return $self->refresh($article, $cgi, 'stepparents', 'Stepparent added');
2927 sub del_stepparent {
2928 my ($self, $req, $article, $articles) = @_;
2930 $req->check_csrf("admin_remove_stepparent")
2931 or return $self->csrf_error($req, $article, "admin_del_stepparent", "Delete Stepparent");
2933 $req->user_can(edit_stepparent_delete => $article)
2934 or return $self->edit_form($req, $article, $articles,
2935 "You cannot remove stepparents from that article");
2937 my $cgi = $req->cgi;
2938 require 'BSE/Admin/StepParents.pm';
2939 my $step_parent_id = $cgi->param('stepparent');
2940 defined($step_parent_id)
2941 or return $self->refresh($article, $cgi, 'stepparents',
2942 "No stepparent supplied to add_stepcat");
2943 int($step_parent_id) eq $step_parent_id
2944 or return $self->refresh($article, $cgi, 'stepparents',
2945 "Invalid stepparent supplied to add_stepparent");
2946 my $step_parent = $articles->getByPkey($step_parent_id)
2947 or return $self->refresh($article, $cgi, 'stepparent',
2948 "Stepparent $step_parent_id not found");
2950 $req->user_can(edit_stepkid_delete => $step_parent)
2951 or die "You don't have access to remove the stepkid from that article\n";
2954 BSE::Admin::StepParents->del($step_parent, $article);
2956 $@ and return $self->refresh($article, $cgi, 'stepparents', $@);
2958 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
2960 return $self->refresh($article, $cgi, 'stepparents', 'Stepparent deleted');
2963 sub save_stepparents {
2964 my ($self, $req, $article, $articles) = @_;
2966 $req->check_csrf("admin_save_stepparents")
2967 or return $self->csrf_error($req, $article, "admin_save_stepparents", "Save Stepparents");
2968 $req->user_can(edit_stepparent_save => $article)
2969 or return $self->edit_form($req, $article, $articles,
2970 "No access to save stepparent data for this artice");
2972 my $cgi = $req->cgi;
2974 require 'BSE/Admin/StepParents.pm';
2975 my @stepparents = BSE::TB::OtherParents->getBy(childId=>$article->{id});
2976 my %stepparents = map { $_->{parentId}, $_ } @stepparents;
2977 my %datedefs = ( release => '2000-01-01', expire=>'2999-12-31' );
2978 for my $stepparent (@stepparents) {
2979 $req->user_can(edit_stepkid_save => $stepparent->{parentId})
2981 for my $name (qw/release expire/) {
2982 my $date = $cgi->param($name.'_'.$stepparent->{parentId});
2983 if (defined $date) {
2985 $date = $datedefs{$name};
2987 elsif (dh_parse_date($date)) {
2988 use BSE::Util::SQL qw/date_to_sql/;
2989 $date = date_to_sql($date);
2992 return $self->refresh($article, $cgi, "Invalid date '$date'");
2994 $stepparent->{$name} = $date;
2998 $stepparent->save();
3000 $@ and return $self->refresh($article, $cgi, '', $@);
3003 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3005 return $self->refresh($article, $cgi, 'stepparents',
3006 'Stepparent information saved');
3010 my ($self, $article, $cgi, $name, $message, $extras) = @_;
3012 my $url = $cgi->param('r');
3014 if ($url !~ /[?&](m|message)=/ && $message) {
3015 # add in messages if none in the provided refresh
3016 my @msgs = ref $message ? @$message : $message;
3017 my $sep = $url =~ /\?/ ? "&" : "?";
3018 for my $msg (@msgs) {
3019 $url .= $sep . "m=" . CGI::escape($msg);
3024 my $urlbase = admin_base_url($self->{cfg});
3025 $url = "$urlbase$ENV{SCRIPT_NAME}?id=$article->{id}";
3027 my @msgs = ref $message ? @$message : $message;
3028 for my $msg (@msgs) {
3029 $url .= "&m=" . CGI::escape($msg);
3032 if ($cgi->param('_t')) {
3033 $url .= "&_t=".CGI::escape($cgi->param('_t'));
3035 $url .= $extras if defined $extras;
3036 my $cgiextras = $cgi->param('e');
3037 $url .= "#$name" if $name;
3044 my ($self, $article, $cgi, $name, $message, $extras) = @_;
3046 my $url = $self->refresh_url($article, $cgi, $name, $message, $extras);
3048 return BSE::Template->get_refresh($url, $self->{cfg});
3052 my ($self, $req, $article, $articles, $msg, $errors) = @_;
3055 %acts = $self->low_edit_tags(\%acts, $req, $article, $articles, $msg, $errors);
3056 my $template = 'admin/article_img';
3058 return $req->dyn_response($template, \%acts);
3061 sub save_image_changes {
3062 my ($self, $req, $article, $articles) = @_;
3064 $req->check_csrf("admin_save_images")
3065 or return $self->csrf_error($req, $article, "admin_save_images", "Save Images");
3067 $req->user_can(edit_images_save => $article)
3068 or return $self->edit_form($req, $article, $articles,
3069 "You don't have access to save image information for this article");
3071 my $image_dir = cfg_image_dir($req->cfg);
3073 my $cgi = $req->cgi;
3074 my $image_pos = $cgi->param('imagePos');
3076 && $image_pos =~ /^(?:tl|tr|bl|br|xx)$/
3077 && $image_pos ne $article->{imagePos}) {
3078 $article->{imagePos} = $image_pos;
3081 my @images = $self->get_images($article);
3084 return $self->refresh($article, $cgi, undef, 'No images to save information for');
3091 for my $image (@images) {
3092 my $id = $image->{id};
3094 my $alt = $cgi->param("alt$id");
3095 if ($alt ne $image->{alt}) {
3096 $changes{$id}{alt} = $alt;
3099 my $url = $cgi->param("url$id");
3100 if (defined $url && $url ne $image->{url}) {
3101 $changes{$id}{url} = $url;
3104 my $name = $cgi->param("name$id");
3105 if (defined $name && $name ne $image->{name}) {
3107 $changes{$id}{name} = '';
3109 elsif ($name =~ /^[a-z_]\w*$/i) {
3111 if ($self->validate_image_name($name, \$msg)) {
3112 # check for duplicates after the loop
3113 push @{$names{lc $name}}, $image->{id}
3115 $changes{$id}{name} = $name;
3118 $errors{"name$id"} = $msg;
3122 $errors{"name$id"} = 'Image name must be empty or alphanumeric and unique to the article';
3126 push @{$names{lc $image->{name}}}, $image->{id}
3127 if length $image->{name};
3130 my $filename = $cgi->param("image$id");
3131 if (defined $filename && length $filename) {
3132 my $in_fh = $cgi->upload("image$id");
3136 my ($width, $height, $type) = $self->_validate_image
3137 ($filename, $in_fh, \$basename, \$image_error);
3140 $errors{"image$id"} = $image_error;
3143 unless ($errors{"image$id"}) {
3144 # work out where to put it
3145 require DevHelp::FileUpload;
3147 my ($image_name, $out_fh) = DevHelp::FileUpload->make_img_filename
3148 ($image_dir, $basename, \$msg);
3152 while ($data = <$in_fh>) {
3153 print $out_fh $data;
3157 my $full_filename = "$image_dir/$image_name";
3161 image => $image->{image},
3162 storage => $image->{storage}
3164 push @new_images, $image_name;
3166 $changes{$id}{image} = $image_name;
3167 $changes{$id}{storage} = 'local';
3168 $changes{$id}{src} = cfg_image_uri() . "/" . $image_name;
3169 $changes{$id}{width} = $width;
3170 $changes{$id}{height} = $height;
3171 $changes{$id}{ftype} = $self->_image_ftype($type);
3175 $errors{"image$id"} = $msg;
3181 $errors{"image$id"} = "No image file received";
3185 # look for duplicate names
3186 for my $name (keys %names) {
3187 if (@{$names{$name}} > 1) {
3188 for my $id (@{$names{$name}}) {
3189 $errors{"name$id"} = 'Image name must be unique to the article';
3194 # remove files that won't be stored because validation failed
3195 unlink map "$image_dir/$_", @new_images;
3197 return $self->edit_form($req, $article, $articles, undef,
3201 my $mgr = $self->_image_manager($req->cfg);
3202 $req->flash('Image information saved');
3203 my $changes_found = 0;
3204 my $auto_store = $cgi->param('auto_storage');
3205 for my $image (@images) {
3206 my $id = $image->{id};
3208 if ($changes{$id}) {
3209 my $changes = $changes{$id};
3212 for my $field (keys %$changes) {
3213 $image->{$field} = $changes->{$field};
3218 my $old_storage = $image->{storage};
3219 my $new_storage = $auto_store ? '' : $cgi->param("storage$id");
3220 defined $new_storage or $new_storage = $image->{storage};
3221 $new_storage = $mgr->select_store($image->{image}, $new_storage, $image);
3222 if ($new_storage ne $old_storage) {
3224 $image->{src} = $mgr->store($image->{image}, $new_storage, $image);
3225 $image->{storage} = $new_storage;
3229 if ($old_storage ne 'local') {
3230 $mgr->unstore($image->{image}, $old_storage);
3235 # delete any image files that were replaced
3236 for my $old_image (values %old_images) {
3237 my ($image, $storage) = @$old_image{qw/image storage/};
3238 if ($storage ne 'local') {
3239 $mgr->unstore($image->{image}, $storage);
3241 unlink "$image_dir/$image";
3244 if ($changes_found) {
3245 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3248 return $self->refresh($article, $cgi);
3251 =item _service_error
3253 This function is called on various errors.
3255 If a _service parameter was supplied, returns text like:
3261 Field-Error: I<field-name1> - I<message1>
3263 Field-Error: I<field-name2> - I<message2>
3267 If the request is detected as an ajax request or a _ parameter is
3268 supplied, return JSON like:
3270 { error: I<message> }
3272 Otherwise display the normal edit page with the error.
3276 sub _service_error {
3277 my ($self, $req, $article, $articles, $msg, $error, $code, $method) = @_;
3281 $article = $self->_dummy_article($req, $articles, \$mymsg);
3284 map $_ => '', BSE::TB::Article->columns
3288 if ($req->cgi->param('_service')) {
3290 $body .= "Result: failure\n";
3292 for my $field (keys %$error) {
3293 my $text = $error->{$field};
3295 $body .= "Field-Error: $field - $text\n";
3297 my $text = join ('/', values %$error);
3299 $body .= "Error: $text\n";
3302 $body .= "Error: $msg\n";
3305 $body .= "Error: $error\n";
3309 type => 'text/plain',
3313 elsif ((() = $req->cgi->param('_')) ||
3314 (exists $ENV{HTTP_X_REQUESTED_WITH}
3315 && $ENV{HTTP_X_REQUESTED_WITH} =~ /XMLHttpRequest/)) {
3322 $msg and $result->{message} = $msg;
3323 $code and $result->{error_code} = $code;
3324 my $json_result = $req->json_content($result);
3326 if (!exists $ENV{HTTP_X_REQUESTED_WITH}
3327 || $ENV{HTTP_X_REQUESTED_WITH} !~ /XMLHttpRequest/) {
3328 $json_result->{type} = "text/plain";
3331 return $json_result;
3334 $method ||= "edit_form";
3335 return $self->$method($req, $article, $articles, $msg, $error);
3339 sub _service_success {
3340 my ($self, $results) = @_;
3342 my $body = "Result: success\n";
3343 for my $field (keys %$results) {
3344 $body .= "$field: $results->{$field}\n";
3348 type => 'text/plain',
3353 # FIXME: eliminate this method and call get_ftype directly
3355 my ($self, $type) = @_;
3357 require BSE::TB::Images;
3358 return BSE::TB::Images->get_ftype($type);
3365 pnm => "pbm,pgm,ppm",
3368 sub _validate_image {
3369 my ($self, $filename, $fh, $rbasename, $error) = @_;
3373 $$error = 'Image file is empty';
3378 $$error = 'Please enter an image filename';
3381 my $imagename = $filename;
3382 $imagename .= ''; # force it into a string
3383 (my $basename = $imagename) =~ tr/A-Za-z0-9_./-/cs;
3385 require BSE::ImageSize;
3387 my ($width,$height, $type) = BSE::ImageSize::imgsize($fh);
3389 unless (defined $width) {
3390 $$error = "Unknown image file type";
3394 my $lctype = lc $type;
3395 my @valid_exts = split /,/,
3396 BSE::Cfg->single->entry("valid image extensions", $lctype,
3397 $valid_exts{$lctype} || $lctype);
3399 my ($ext) = $basename =~ /\.(\w+)\z/;
3400 if (!$ext || !grep $_ eq lc $ext, @valid_exts) {
3401 $basename .= ".$valid_exts[0]";
3403 $$rbasename = $basename;
3405 return ($width, $height, $type);
3408 my $last_display_order = 0;
3411 my ($self, $cfg, $article, $image, %opts) = @_;
3413 my $errors = $opts{errors}
3414 or die "No errors parameter";
3416 my $imageref = $opts{name};
3417 if (defined $imageref && $imageref ne '') {
3418 if ($imageref =~ /^[a-z_]\w+$/i) {
3419 # make sure it's unique
3420 my @images = $self->get_images($article);
3421 for my $img (@images) {
3422 if (defined $img->{name} && lc $img->{name} eq lc $imageref) {
3423 $errors->{name} = 'Image name must be unique to the article';
3429 $errors->{name} = 'Image name must be empty or alphanumeric beginning with an alpha character';
3435 unless ($errors->{name}) {
3437 $self->validate_image_name($imageref, \$workmsg)
3438 or $errors->{name} = $workmsg;
3443 my ($width, $height, $type) =
3444 $self->_validate_image($opts{filename} || $image, $image, \$basename,
3447 $errors->{image} = $image_error;
3453 # for the sysopen() constants
3456 my $imagedir = cfg_image_dir($cfg);
3458 require DevHelp::FileUpload;
3460 my ($filename, $fh) =
3461 DevHelp::FileUpload->make_img_filename($imagedir, $basename, \$msg);
3462 unless ($filename) {
3463 $errors->{image} = $msg;
3473 # read the image in from the browser and output it to our output filehandle
3474 print $fh $buffer while read $image, $buffer, 1024;
3478 or die "Could not close image file $filename: $!";
3480 my $display_order = time;
3481 if ($display_order <= $last_display_order) {
3482 $display_order = $last_display_order + 1;
3484 $last_display_order = $display_order;
3486 my $alt = $opts{alt};
3487 defined $alt or $alt = '';
3488 my $url = $opts{url};
3489 defined $url or $url = '';
3492 articleId => $article->{id},
3498 displayOrder => $display_order,
3501 src => cfg_image_uri() . '/' . $filename,
3502 ftype => $self->_image_ftype($type),
3504 require BSE::TB::Images;
3505 my @cols = BSE::TB::Image->columns;
3507 my $imageobj = BSE::TB::Images->add(@image{@cols});
3509 my $storage = $opts{storage};
3510 defined $storage or $storage = 'local';
3511 my $image_manager = $self->_image_manager($cfg);
3512 local $SIG{__DIE__};
3515 $storage = $image_manager->select_store($filename, $storage, $imageobj);
3516 $src = $image_manager->store($filename, $storage, $imageobj);
3519 $imageobj->{src} = $src;
3520 $imageobj->{storage} = $storage;
3525 $errors->{flash} = $@;
3532 my ($self, $cfg, $image) = @_;
3534 my $data = $image->data_only;
3535 $data->{src} = $image->image_url($cfg);
3541 my ($self, $req, $article, $articles) = @_;
3543 $req->check_csrf("admin_add_image")
3544 or return $self->csrf_error($req, $article, "admin_add_image", "Add Image");
3545 $req->user_can(edit_images_add => $article)
3546 or return $self->_service_error($req, $article, $articles,
3547 "You don't have access to add new images to this article");
3549 my $cgi = $req->cgi;
3553 my $save_tags = $cgi->param("_save_tags");
3556 @tags = $cgi->param("tags");
3557 $self->_validate_tags(\@tags, \%errors);
3565 scalar($cgi->upload('image')),
3566 name => scalar($cgi->param('name')),
3567 alt => scalar($cgi->param('altIn')),
3568 url => scalar($cgi->param('url')),
3569 storage => scalar($cgi->param('storage')),
3571 filename => scalar($cgi->param("image")),
3575 or return $self->_service_error($req, $article, $articles, undef, \%errors);
3579 $imageobj->set_tags([ grep /\S/, @tags ], \$error);
3582 # typically a soft failure from the storage
3584 and $req->flash($errors{flash});
3586 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3588 if ($cgi->param('_service')) {
3589 return $self->_service_success
3592 image => $imageobj->{id},
3596 elsif ($cgi->param("_") || $req->is_ajax) {
3597 my $resp = $req->json_content
3600 image => $self->_image_data($req->cfg, $imageobj),
3603 # the browser handles this directly, tell it that it's text
3604 $resp->{type} = "text/plain";
3609 return $self->refresh($article, $cgi, undef, 'New image added');
3613 sub _image_manager {
3616 require BSE::TB::Images;
3617 return BSE::TB::Images->storage_manager;
3622 my ($self, $req, $article, $articles, $imageid) = @_;
3624 $req->check_csrf("admin_remove_image")
3625 or return $self->csrf_error($req, $article, "admin_remove_image", "Remove Image");
3627 $req->user_can(edit_images_delete => $article)
3628 or return $self->_service_error($req, $article, $articles,
3629 "You don't have access to delete images from this article", {}, "ACCESS");
3633 my @images = $self->get_images($article);
3634 my ($image) = grep $_->{id} == $imageid, @images;
3636 if ($req->want_json_response) {
3637 return $self->_service_error($req, $article, $articles, "No such image", {}, "NOTFOUND");
3640 return $self->show_images($req, $article, $articles, "No such image");
3644 if ($image->{storage} ne 'local') {
3645 my $mgr = $self->_image_manager($req->cfg);
3646 $mgr->unstore($image->{image}, $image->{storage});
3649 my $imagedir = cfg_image_dir($req->cfg);
3652 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3654 if ($req->want_json_response) {
3655 return $req->json_content
3661 return $self->refresh($article, $req->cgi, undef, 'Image removed');
3665 my ($self, $req, $article, $articles) = @_;
3667 $req->check_csrf("admin_move_image")
3668 or return $self->csrf_error($req, $article, "admin_move_image", "Move Image");
3669 $req->user_can(edit_images_reorder => $article)
3670 or return $self->edit_form($req, $article, $articles,
3671 "You don't have access to reorder images in this article");
3673 my $imageid = $req->cgi->param('imageid');
3674 my @images = $self->get_images($article);
3675 my ($imgindex) = grep $images[$_]{id} == $imageid, 0..$#images
3676 or return $self->edit_form($req, $article, $articles, "No such image");
3678 or return $self->edit_form($req, $article, $articles, "Image is already at the top");
3679 my ($to, $from) = @images[$imgindex-1, $imgindex];
3680 ($to->{displayOrder}, $from->{displayOrder}) =
3681 ($from->{displayOrder}, $to->{displayOrder});
3685 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3687 return $self->refresh($article, $req->cgi, undef, 'Image moved');
3691 my ($self, $req, $article, $articles) = @_;
3693 $req->check_csrf("admin_move_image")
3694 or return $self->csrf_error($req, $article, "admin_move_image", "Move Image");
3695 $req->user_can(edit_images_reorder => $article)
3696 or return $self->edit_form($req, $article, $articles,
3697 "You don't have access to reorder images in this article");
3699 my $imageid = $req->cgi->param('imageid');
3700 my @images = $self->get_images($article);
3701 my ($imgindex) = grep $images[$_]{id} == $imageid, 0..$#images
3702 or return $self->edit_form($req, $article, $articles, "No such image");
3703 $imgindex < $#images
3704 or return $self->edit_form($req, $article, $articles, "Image is already at the end");
3705 my ($to, $from) = @images[$imgindex+1, $imgindex];
3706 ($to->{displayOrder}, $from->{displayOrder}) =
3707 ($from->{displayOrder}, $to->{displayOrder});
3711 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
3713 return $self->refresh($article, $req->cgi, undef, 'Image moved');
3717 my ($self, $req, $article) = @_;
3719 my $cgi = $req->cgi;
3720 my $cfg = $req->cfg;
3721 my $im_id = $cgi->param('im');
3723 if (defined $im_id && $im_id =~ /^\d+$/) {
3724 ($image) = grep $_->{id} == $im_id, $self->get_images($article);
3726 my $thumb_obj = $self->_get_thumbs_class();
3728 if ($image && $thumb_obj) {
3729 my $geometry_id = $cgi->param('g');
3730 defined $geometry_id or $geometry_id = 'editor';
3731 my $geometry = $cfg->entry('thumb geometries', $geometry_id, 'scale(200x200)');
3732 my $imagedir = cfg_image_dir();
3735 ($data, $type) = $thumb_obj->thumb_data
3737 filename => "$imagedir/$image->{image}",
3738 geometry => $geometry,
3743 type => 'text/plain',
3744 content => 'Error: '.$error
3748 if ($type && $data) {
3755 "Content-Length: ".length($data),
3756 "Cache-Control: max-age=3600",
3761 # grab the nothumb image
3762 my $uri = $cfg->entry('editor', 'default_thumbnail', cfg_dist_image_uri() . '/admin/nothumb.png');
3763 my $filebase = $cfg->content_base_path;
3764 if (open IMG, "<$filebase/$uri") {
3766 my $data = do { local $/; <IMG> };
3768 my $type = $uri =~ /\.(\w+)$/ ? $1 : 'png';
3771 type => "image/$type",
3773 headers => [ "Content-Length: ".length($data) ],
3780 content => "<html><body>Cannot make thumb or default image</body></html>",
3788 Display a form to allow editing an image.
3796 eimage - the image being edited
3800 normal article edit tags.
3806 eimage - the image being edited.
3810 sub req_edit_image {
3811 my ($self, $req, $article, $articles, $errors) = @_;
3813 my $cgi = $req->cgi;
3815 my $id = $cgi->param('image_id');
3817 my ($image) = grep $_->{id} == $id, $self->get_images($article)
3818 or return $self->edit_form($req, $article, $articles,
3820 $req->user_can(edit_images_save => $article)
3821 or return $self->edit_form($req, $article, $articles,
3822 "You don't have access to save image information for this article");
3824 $req->set_variable(eimage => $image);
3829 $self->low_edit_tags(\%acts, $req, $article, $articles, undef,
3831 eimage => [ \&tag_hash, $image ],
3832 error_img => [ \&tag_error_img, $req->cfg, $errors ],
3835 return $req->response('admin/image_edit', \%acts);
3840 Save changes to an image.
3856 alt, url, name - text fields to update
3860 image - replacement image data (if any)
3866 sub req_save_image {
3867 my ($self, $req, $article, $articles) = @_;
3869 $req->check_csrf("admin_save_image")
3870 or return $self->csrf_error($req, $article, "admin_save_image", "Save Image");
3871 my $cgi = $req->cgi;
3873 my $id = $cgi->param('image_id');
3875 my @images = $self->get_images($article);
3876 my ($image) = grep $_->{id} == $id, @images
3877 or return $self->_service_error($req, $article, $articles, "No such image",
3879 $req->user_can(edit_images_save => $article)
3880 or return $self->_service_error($req, $article, $articles,
3881 "You don't have access to save image information for this article", {}, "ACCESS");
3883 my $image_dir = cfg_image_dir($req->cfg);
3885 my $old_storage = $image->{storage};
3889 my $alt = $cgi->param('alt');
3890 defined $alt and $image->{alt} = $alt;
3891 my $url = $cgi->param('url');
3892 defined $url and $image->{url} = $url;
3893 my @other_images = grep $_->{id} != $id, @images;
3894 my $name = $cgi->param('name');
3895 if (defined $name) {
3897 if ($name !~ /^[a-z_]\w*$/i) {
3898 $errors{name} = 'Image name must be empty or alphanumeric and unique to the article';
3900 elsif (grep $name eq $_->{name}, @other_images) {
3901 $errors{name} = 'Image name must be unique to the article';
3904 $image->{name} = $name;
3908 $image->{name} = '';
3911 my $filename = $cgi->param('image');
3912 if (defined $filename && length $filename) {
3913 my $in_fh = $cgi->upload('image');
3917 my ($width, $height, $type) = $self->_validate_image
3918 ($filename, $in_fh, \$basename, \$image_error);
3920 require DevHelp::FileUpload;
3922 my ($image_name, $out_fh) = DevHelp::FileUpload->make_img_filename
3923 ($image_dir, $basename, \$msg);
3928 while ($data = <$in_fh>) {
3929 print $out_fh $data;
3934 my $full_filename = "$image_dir/$image_name";
3935 $delete_file = $image->{image};
3936 $image->{image} = $image_name;
3937 $image->{width} = $width;
3938 $image->{height} = $height;
3939 $image->{storage} = 'local'; # not on the remote store yet
3940 $image->{src} = cfg_image_uri() . '/' . $image_name;
3941 $image->{ftype} = $self->_image_ftype($type);
3944 $errors{image} = $msg;
3948 $errors{image} = $image_error;
3952 $errors{image} = "No image file received";
3955 my $save_tags = $cgi->param("_save_tags");
3958 @tags = $cgi->param("tags");
3959 $self->_validate_tags(\@tags, \%errors);
3962 if ($req->want_json_response) {
3963 return $self->_service_error($req, $article, $articles, undef,
3967 return $self->req_edit_image($req, $article, $articles, \%errors);
3971 my $new_storage = $cgi->param('storage');
3972 defined $new_storage or $new_storage = $image->{storage};
3976 $image->set_tags([ grep /\S/, @tags ], \$error);
3978 my $mgr = $self->_image_manager($req->cfg);
3980 if ($old_storage ne 'local') {
3981 $mgr->unstore($delete_file, $old_storage);
3983 unlink "$image_dir/$delete_file";
3985 $req->flash("Image saved");
3988 $mgr->select_store($image->{image}, $new_storage);
3989 if ($image->{storage} ne $new_storage) {
3990 # handles both new images (which sets storage to local) and changing
3991 # the storage for old images
3992 my $old_storage = $image->{storage};
3993 my $src = $mgr->store($image->{image}, $new_storage, $image);
3994 $image->{src} = $src;
3995 $image->{storage} = $new_storage;
3999 $@ and $req->flash("There was a problem adding it to the new storage: $@");
4000 if ($image->{storage} ne $old_storage && $old_storage ne 'local') {
4002 $mgr->unstore($image->{image}, $old_storage);
4004 $@ and $req->flash("There was a problem removing if from the old storage: $@");
4007 if ($req->want_json_response) {
4008 return $req->json_content
4011 image => $self->_image_data($req->cfg, $image),
4015 return $self->refresh($article, $cgi);
4018 =item a_order_images
4020 Change the order of images for an article (or global images).
4028 id - id of the article to change the image order for (-1 for global
4033 order - comma-separated list of image ids in the new order.
4039 sub req_order_images {
4040 my ($self, $req, $article, $articles) = @_;
4043 or return $self->_service_error($req, $article, $articles, "The function only permitted from Ajax", {}, "AJAXONLY");
4045 my $order = $req->cgi->param("order");
4047 or return $self->_service_error($req, $article, $articles, "order not supplied", {}, "NOORDER");
4048 $order =~ /^\d+(,\d+)*$/
4049 or return $self->_service_error($req, $article, $articles, "order not supplied", {}, "BADORDER");
4051 my @order = split /,/, $order;
4053 my @images = $article->set_image_order(\@order);
4055 return $req->json_content
4060 map $self->_image_data($req->cfg, $_), @images
4066 my ($self, $articles, $article) = @_;
4072 my ($self, $articles) = @_;
4077 sub _refresh_filelist {
4078 my ($self, $req, $article, $msg) = @_;
4080 return $self->refresh($article, $req->cgi, undef, $msg);
4084 my ($self, $req, $article, $articles, $msg, $errors) = @_;
4087 %acts = $self->low_edit_tags(\%acts, $req, $article, $articles, $msg, $errors);
4088 my $template = 'admin/filelist';
4090 return BSE::Template->get_response($template, $req->cfg, \%acts);
4097 maxlength => MAX_FILE_DISPLAYNAME_LENGTH,
4098 description => 'Filename'
4102 rules => 'dh_one_line',
4104 description => 'Description',
4108 description => 'Identifier',
4113 description => "Category",
4119 my ($self, $req, $article, $articles) = @_;
4121 $req->check_csrf("admin_add_file")
4122 or return $self->csrf_error($req, $article, "admin_add_file", "Add File");
4123 $req->user_can(edit_files_add => $article)
4124 or return $self->_service_error($req, $article, $articles,
4125 "You don't have access to add files to this article");
4128 my $cgi = $req->cgi;
4129 require BSE::TB::ArticleFiles;
4130 my @cols = BSE::TB::ArticleFile->columns;
4132 for my $col (@cols) {
4133 if (defined $cgi->param($col)) {
4134 $file{$col} = $cgi->param($col);
4140 $req->validate(errors => \%errors,
4141 fields => \%file_fields,
4142 section => $article->{id} == -1 ? 'Global File Validation' : 'Article File Validation');
4145 my $file = $cgi->upload('file');
4146 my $filename = $cgi->param("file");
4148 $errors{file} = 'Please enter a filename';
4150 if ($file && -z $file) {
4151 $errors{file} = 'File is empty';
4154 $file{forSale} = 0 + exists $file{forSale};
4155 $file{articleId} = $article->{id};
4156 $file{download} = 0 + exists $file{download};
4157 $file{requireUser} = 0 + exists $file{requireUser};
4158 $file{hide_from_list} = 0 + exists $file{hide_from_list};
4159 $file{category} ||= '';
4161 defined $file{name} or $file{name} = '';
4162 if (!$errors{name} && length $file{name} && $file{name} !~/^\w+$/) {
4163 $errors{name} = "Identifier must be a single word";
4165 if (!$errors{name} && length $file{name}) {
4166 my @files = $self->get_files($article);
4167 if (grep lc $_->{name} eq lc $file{name}, @files) {
4168 $errors{name} = "Duplicate file identifier $file{name}";
4173 and return $self->_service_error($req, $article, $articles, undef, \%errors);
4176 my $workfile = $filename;
4177 $workfile =~ s![^\w.:/\\-]+!_!g;
4178 $workfile =~ tr/_/_/s;
4179 $workfile =~ /([ \w.-]+)$/ and $basename = $1;
4180 $basename =~ tr/ /_/;
4181 $file{displayName} = $basename;
4182 $file{file} = $file;
4184 local $SIG{__DIE__};
4187 $article->add_file($self->cfg, %file);
4191 or return $self->_service_error($req, $article, $articles, $@);
4193 unless ($req->is_ajax) {
4194 $req->flash("New file added");
4200 file => $fileobj->data_only,
4203 my $storage = $cgi->param("storage") || "";
4207 $article->apply_storage($self->cfg, $fileobj, $storage, \$msg);
4210 if ($req->is_ajax) {
4211 push @{$json->{warnings}}, $msg;
4214 $req->flash_error($msg);
4219 if ($req->is_ajax) {
4220 push @{$json->{warnings}}, $@;
4223 $req->flash_error($@);
4227 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
4229 if ($req->is_ajax) {
4230 return $req->json_content($json);
4233 $self->_refresh_filelist($req, $article);
4238 my ($self, $req, $article, $articles) = @_;
4240 $req->check_csrf("admin_move_file")
4241 or return $self->csrf_error($req, $article, "admin_move_file", "Move File");
4243 $req->user_can('edit_files_reorder', $article)
4244 or return $self->edit_form($req, $article, $articles,
4245 "You don't have access to reorder files in this article");
4247 my $cgi = $req->cgi;
4248 my $id1 = $cgi->param('file1');
4249 my $id2 = $cgi->param('file2');
4252 my @files = $self->get_files($article);
4254 my ($file1) = grep $_->{id} == $id1, @files;
4255 my ($file2) = grep $_->{id} == $id2, @files;
4257 if ($file1 && $file2) {
4258 ($file1->{displayOrder}, $file2->{displayOrder})
4259 = ($file2->{displayOrder}, $file1->{displayOrder});
4265 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
4267 $self->refresh($article, $req->cgi, undef, 'File moved');
4271 my ($self, $req, $article, $articles) = @_;
4273 $req->check_csrf("admin_remove_file")
4274 or return $self->csrf_error($req, $article, "admin_remove_file", "Delete File");
4275 $req->user_can('edit_files_delete', $article)
4276 or return $self->edit_form($req, $article, $articles,
4277 "You don't have access to delete files from this article");
4279 my $cgi = $req->cgi;
4280 my $fileid = $cgi->param('file');
4282 my @files = $self->get_files($article);
4284 my ($file) = grep $_->{id} == $fileid, @files;
4287 if ($file->{storage} ne 'local') {
4288 my $mgr = $self->_file_manager($self->cfg);
4289 $mgr->unstore($file->{filename}, $file->{storage});
4292 $file->remove($req->cfg);
4296 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
4298 $self->_refresh_filelist($req, $article, 'File deleted');
4302 my ($self, $req, $article, $articles) = @_;
4304 $req->check_csrf("admin_save_files")
4305 or return $self->csrf_error($req, $article, "admin_save_files", "Save Files");
4307 $req->user_can('edit_files_save', $article)
4308 or return $self->edit_form($req, $article, $articles,
4309 "You don't have access to save file information for this article");
4310 my @files = $self->get_files($article);
4312 my $download_path = BSE::TB::ArticleFiles->download_path($self->{cfg});
4314 my $cgi = $req->cgi;
4320 my $change_count = 0;
4321 my @content_changed;
4322 for my $file (@files) {
4323 my $id = $file->{id};
4324 my $orig = $file->data_only;
4325 my $desc = $cgi->param("description_$id");
4326 defined $desc and $file->{description} = $desc;
4327 my $type = $cgi->param("contentType_$id");
4328 if (defined $type and $type ne $file->{contentType}) {
4329 ++$store_anyway{$id};
4330 $file->{contentType} = $type;
4332 my $notes = $cgi->param("notes_$id");
4333 defined $notes and $file->{notes} = $notes;
4334 my $category = $cgi->param("category_$id");
4335 defined $category and $file->{category} = $category;
4336 my $name = $cgi->param("name_$id");
4337 if (defined $name) {
4338 $file->{name} = $name;
4340 if ($name =~ /^\w+$/) {
4341 push @{$names{$name}}, $id;
4344 $errors{"name_$id"} = "Invalid file identifier $name";
4349 push @{$names{$file->{name}}}, $id
4350 if length $file->{name};
4352 if ($cgi->param('save_file_flags')) {
4353 my $download = 0 + defined $cgi->param("download_$id");
4354 if ($download != $file->{download}) {
4355 ++$store_anyway{$file->{id}};
4356 $file->{download} = $download;
4358 $file->{forSale} = 0 + defined $cgi->param("forSale_$id");
4359 $file->{requireUser} = 0 + defined $cgi->param("requireUser_$id");
4360 $file->{hide_from_list} = 0 + defined $cgi->param("hide_from_list_$id");
4363 my $filex = $cgi->param("file_$id");
4364 my $in_fh = $cgi->upload("file_$id");
4365 if (defined $filex && length $filex) {
4366 if (length $filex <= MAX_FILE_DISPLAYNAME_LENGTH) {
4369 require DevHelp::FileUpload;
4371 my ($file_name, $out_fh) = DevHelp::FileUpload->make_img_filename
4372 ($download_path, $filex . '', \$msg);
4377 while ($data = <$in_fh>) {
4378 print $out_fh $data;
4382 my $display_name = $filex;
4383 $display_name =~ s!.*[\\:/]!!;
4384 $display_name =~ s/[^\w._-]+/_/g;
4385 my $full_name = "$download_path/$file_name";
4386 push @old_files, [ $file->{filename}, $file->{storage} ];
4387 push @new_files, $file_name;
4389 $file->{filename} = $file_name;
4390 $file->{storage} = 'local';
4391 $file->{sizeInBytes} = -s $full_name;
4392 $file->{whenUploaded} = now_sqldatetime();
4393 $file->{displayName} = $display_name;
4394 push @content_changed, $file;
4397 $errors{"file_$id"} = $msg;
4401 $errors{"file_$id"} = "File is empty";
4405 $errors{"file_$id"} = "No file data received";
4409 $errors{"file_$id"} = "Filename too long";
4413 my $new = $file->data_only;
4415 for my $col ($file->columns) {
4416 if ($new->{$col} ne $orig->{$col}) {
4422 for my $name (keys %names) {
4423 if (@{$names{$name}} > 1) {
4424 for my $id (@{$names{$name}}) {
4425 $errors{"name_$id"} = 'File identifier must be unique to the article';
4430 # remove the uploaded replacements
4431 unlink map "$download_path/$_", @new_files;
4433 return $self->edit_form($req, $article, $articles, undef, \%errors);
4435 if ($change_count) {
4436 $req->flash("msg:bse/admin/edit/file/save/success_count", [ $change_count ]);
4439 $req->flash("msg:bse/admin/edit/file/save/success_none");
4441 my $mgr = $self->_file_manager($self->cfg);
4442 for my $file (@files) {
4445 my $storage = $cgi->param("storage_$file->{id}");
4446 defined $storage or $storage = 'local';
4448 $storage = $article->select_filestore($mgr, $file, $storage, \$msg);
4449 $msg and $req->flash($msg);
4450 if ($storage ne $file->{storage} || $store_anyway{$file->{id}}) {
4451 my $old_storage = $file->{storage};
4453 $file->{src} = $mgr->store($file->{filename}, $storage, $file);
4454 $file->{storage} = $storage;
4457 if ($old_storage ne $storage) {
4458 $mgr->unstore($file->{filename}, $old_storage);
4462 and $req->flash("Could not move $file->{displayName} to $storage: $@");
4466 # remove the replaced files
4467 for my $file (@old_files) {
4468 my ($filename, $storage) = @$file;
4471 $mgr->unstore($filename, $storage);
4474 and $req->flash("Error removing $filename from $storage: $@");
4476 unlink "$download_path/$filename";
4479 # update file type metadatas
4480 for my $file (@content_changed) {
4481 $file->set_handler($self->{cfg});
4485 generate_article($articles, $article) if $Constants::AUTO_GENERATE;
4487 $self->_refresh_filelist($req, $article);
4491 my ($self, $req, $article, $articles, $errors) = @_;
4493 my $cgi = $req->cgi;
4495 my $id = $cgi->param('file_id');
4497 my ($file) = grep $_->{id} == $id, $self->get_files($article)
4498 or return $self->edit_form($req, $article, $articles,
4500 $req->user_can(edit_files_save => $article)
4501 or return $self->edit_form($req, $article, $articles,
4502 "You don't have access to save file information for this article");
4504 my $name = $cgi->param('name');
4505 $name && $name =~ /^\w+$/
4506 or return $self->edit_form($req, $article, $articles,
4507 "Missing or invalid metadata name");
4509 my $meta = $file->meta_by_name($name)
4510 or return $self->edit_form($req, $article, $articles,
4511 "Metadata $name not defined for this file");
4515 type => $meta->content_type,
4516 content => $meta->value,
4520 sub tag_old_checked {
4521 my ($errors, $cgi, $file, $key) = @_;
4523 return $errors ? $cgi->param($key) : $file->{$key};
4526 sub tag_filemeta_value {
4527 my ($file, $args, $acts, $funcname, $templater) = @_;
4529 my ($name) = DevHelp::Tags->get_parms($args, $acts, $templater)
4530 or return "* no meta name supplied *";
4532 my $meta = $file->meta_by_name($name)
4535 $meta->content_type eq "text/plain"
4536 or return "* $name has type " . $meta->content_type . " and cannot be displayed inline *";
4538 return escape_html($meta->value);
4541 sub tag_ifFilemeta_set {
4542 my ($file, $args, $acts, $funcname, $templater) = @_;
4544 my ($name) = DevHelp::Tags->get_parms($args, $acts, $templater)
4545 or return "* no meta name supplied *";
4547 my $meta = $file->meta_by_name($name)
4553 sub tag_filemeta_source {
4554 my ($file, $args, $acts, $funcname, $templater) = @_;
4556 my ($name) = DevHelp::Tags->get_parms($args, $acts, $templater)
4557 or return "* no meta name supplied *";
4559 return "$ENV{SCRIPT_NAME}?a_filemeta=1&id=$file->{articleId}&file_id=$file->{id}&name=$name";
4562 sub tag_filemeta_select {
4563 my ($cgi, $allmeta, $rcurr_meta, $file, $args, $acts, $funcname, $templater) = @_;
4566 if ($args =~ /\S/) {
4567 my ($name) = DevHelp::Tags->get_parms($args, $acts, $templater)
4568 or return "* cannot parse *";
4569 ($meta) = grep $_->name eq $name, @$allmeta
4570 or return "* cannot find meta field *";
4572 elsif ($$rcurr_meta) {
4573 $meta = $$rcurr_meta;
4576 return "* use in filemeta iterator or supply a name *";
4579 $meta->type eq "enum"
4580 or return "* can only use filemeta_select on enum metafields&
projects / bse.git / blob