Only StandardPages support locking.
Fix permission check when editing pages.
Allow editing for the owner of the lock without having to unlock first.
if (($pagePerms & Horde_Perms::EDIT) == 0) {
return false;
}
-
- /* Locked page. */
- if ($this->isLocked()) {
- return false;
- }
break;
case WICKED_MODE_REMOVE:
}
break;
- case WICKED_MODE_LOCKING:
- if ($browser->isRobot()) {
- return false;
- }
-
- if (Horde_Auth::isAdmin()) {
- return true;
- }
-
- if (($pagePerms & Horde_Perms::EDIT) == 0) {
- return false;
- }
- break;
-
- case WICKED_MODE_UNLOCKING:
- if (Horde_Auth::isAdmin()) {
- return true;
- }
-
- return false;
-
// All other modes require READ permissions.
default:
if (Horde_Auth::isAdmin()) {
{
if ($mode == WICKED_MODE_EDIT) {
$page = Page::getPage($this->referrer());
- if ($page->isLocked(Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress())) {
+ if ($page->isLocked(Wicked::lockUser())) {
return false;
}
}
}
if ($this->allows(WICKED_MODE_LOCKING)) {
$page = Page::getPage($this->referrer());
+ if ($page->isLocked()) {
+ $page->unlock();
+ }
$result = $page->lock();
if (is_a($result, 'PEAR_Error')) {
$GLOBALS['notification']->push(sprintf(_("Page failed to lock: %s"), $result->getMessage()), 'horde.error');
}
}
- if ($this->allows(WICKED_MODE_UNLOCKING)) {
+ if ($page->allows(WICKED_MODE_UNLOCKING)) {
$result = $page->unlock();
if (is_a($result, 'PEAR_Error')) {
$GLOBALS['notification']->push(sprintf(_("Page failed to unlock: %s"), $result->getMessage()), 'horde.error');
*/
function allows($mode)
{
- if ($mode == WICKED_MODE_UNLOCKING && $this->_lock &&
- (Horde_Auth::getAuth() && Horde_Auth::getAuth() == $this->_lock['lock_owner']) ||
- (!Horde_Auth::getAuth() && $GLOBALS['browser']->getIPAddress() == $this->_lock['lock_owner'])) {
- return true;
+ switch ($mode) {
+ case WICKED_MODE_EDIT:
+ if ($this->isLocked()) {
+ return Wicked::lockUser() == $this->_lock['lock_owner'];
+ }
+ break;
+
+ case WICKED_MODE_LOCKING:
+ if ($GLOBALS['browser']->isRobot()) {
+ return false;
+ }
+ if (Horde_Auth::isAdmin()) {
+ return true;
+ }
+ if (($this->getPermissions() & PERMS_EDIT) == 0) {
+ return false;
+ }
+ break;
+
+ case WICKED_MODE_UNLOCKING:
+ if (Horde_Auth::isAdmin()) {
+ return true;
+ }
+ if ($this->_lock) {
+ return Wicked::lockUser() == $this->_lock['lock_owner'];
+ }
+ return false;
}
return parent::allows($mode);
}
function lock()
{
if ($this->_locks) {
- $owner = Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress();
- $id = $this->_locks->setLock($owner, 'wicked', $this->pageName(), $GLOBALS['conf']['wicked']['lock']['time'] * 60, Horde_Lock::TYPE_EXCLUSIVE);
+ $id = $this->_locks->setLock(Wicked::lockUser(), 'wicked', $this->pageName(), $GLOBALS['conf']['wicked']['lock']['time'] * 60, Horde_Lock::TYPE_EXCLUSIVE);
if ($id) {
$this->_lock = $this->_locks->getLockInfo($id);
} else {
return $_SESSION['wickedSession']['CAPTCHA'];
}
+ /**
+ * Returns the user name that is used for locking, either the current user
+ * or the current IP address.
+ *
+ * @return string The user name used for locking.
+ */
+ function lockUser()
+ {
+ return Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress();
+ }
+
}
projects / horde.git / commitdiff