diff --git a/admin/addAppNote.php b/admin/addAppNote.php index e3a5213..88cb03f 100644 --- a/admin/addAppNote.php +++ b/admin/addAppNote.php @@ -10,76 +10,61 @@ require(BASE."include/mail.php"); $aClean = array(); //array of filtered user input -$aClean['versionId'] = makeSafe($_REQUEST['versionId']); -$aClean['appId'] = makeSafe( $_REQUEST['appId']); -$aClean['sub'] = makeSafe($_REQUEST['sub']); -$aClean['submit'] = makeSafe($_REQUEST['submit']); -$aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']); -$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']); +$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); +$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']); +$aClean['sSub'] = makeSafe($_REQUEST['sSub']); +$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); //FIXME: get rid of appId references everywhere, as version is enough. $sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'"; -$hResult = query_parameters($sQuery, $aClean['versionId']); +$hResult = query_parameters($sQuery, $aClean['iVersionId']); $oRow = mysql_fetch_object($hResult); $appId = $oRow->appId; //check for admin privs -if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($aClean['versionId']) && !$_SESSION['current']->isSuperMaintainer($aClean['appId'])) +if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->isMaintainer($aClean['iVersionId']) && + !$_SESSION['current']->isSuperMaintainer($aClean['iAppId'])) { util_show_error_page("Insufficient Privileges!"); exit; } //set link for version -if(is_numeric($aClean['versionId']) and !empty($aClean['versionId'])) +if(is_numeric($aClean['iVersionId']) and !empty($aClean['iVersionId'])) { - $versionLink = "versionId={$aClean['versionId']}"; + $sVersionLink = "versionId={$aClean['iVersionId']}"; } else exit; +$oNote = new Note(); +$oNote->GetOutputEditorValues(); -if($aClean['sub'] == "Submit") +if($aClean['sSub'] == "Submit") { - $oNote = new Note(); - $oNote->create($aClean['noteTitle'], $aClean['noteDesc'], $aClean['versionId']); - redirect(apidb_fullurl("appview.php?".$versionLink)); + $oNote->create(); + redirect(apidb_fullurl("appview.php?".$sVersionLink)); exit; } -else if($aClean['sub'] == 'Preview' OR empty($aClean['submit'])) +else if($aClean['sSub'] == 'Preview' OR empty($aClean['sSubmit'])) { - HtmlAreaLoaderScript(array("editor")); - - apidb_header("Add Application Note"); + // show form + apidb_header("Application Note"); + + if($aClean['sSub'] == 'Preview') + $oNote->show(true); echo "
\n"; - echo html_frame_start("Add Application Note", "90%","",0); - echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'"); - echo ""; - echo add_br($aClean['noteDesc']); + $oNote->OutputEditor(); - if ($aClean['noteTitle'] == "HOWTO" || $aClean['noteTitle'] == "WARNING") - { - echo ""; - echo "Type{$aClean['noteTitle']}\n"; - } - else - { - echo "Title\n"; - } - echo 'Description', "\n"; - if ( $aClean['noteDesc'] == "" ) $aClean['noteDesc']="

Enter note here

"; - echo '

', "\n"; - echo '',"\n"; - echo '

'; - echo '',"\n"; - echo ' ',"\n"; - echo '',"\n"; - echo html_table_end(); - echo html_frame_end(); + echo '
'; + echo ' ',"\n"; + echo '',"\n"; + echo '
'; - echo html_back_link(1,BASE."appview.php?".$versionLink); + echo html_back_link(1,BASE."appview.php?".$sVersionLink); apidb_footer(); } ?> diff --git a/admin/editAppNote.php b/admin/editAppNote.php index 4bca246..13ab4e6 100644 --- a/admin/editAppNote.php +++ b/admin/editAppNote.php @@ -10,22 +10,19 @@ require(BASE."include/mail.php"); $aClean = array(); //array of filtered user input -$aClean['noteId'] = makeSafe($_REQUEST['noteId']); -$aClean['sub'] = makeSafe($_REQUEST['sub']); -$aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']); -$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']); -$aClean['preview'] = makeSafe($_REQUEST['preview']); -$aClean['appId'] = makeSafe($_REQUEST['appId']); -$aClean['versionId'] = makeSafe($_REQUEST['versionId']); +$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']); +$aClean['sSub'] = makeSafe($_REQUEST['sSub']); +$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); +$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']); -if(!is_numeric($aClean['noteId'])) +if(!is_numeric($aClean['iNoteId'])) { util_show_error_page('Wrong note ID'); exit; } /* Get note data */ -$oNote = new Note($aClean['noteId']); +$oNote = new Note($aClean['iNoteId']); /* Check for privs */ if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($oNote->iVersionId) && !$_SESSION['current']->isSuperMaintainer($oNote->iAppId)) @@ -34,60 +31,41 @@ if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintaine exit; } -if(!empty($aClean['sub'])) +if(!empty($aClean['sSub'])) { - if ($aClean['sub'] == 'Delete') + $oNote->GetOutputEditorValues(); /* retrieve the updated values */ + + if ($aClean['sSub'] == 'Delete') { $oNote->delete(); } - else if ($aClean['sub'] == 'Update') + else if ($aClean['sSub'] == 'Update') { - $oNote->update($aClean['noteTitle'],$aClean['noteDesc']); + $oNote->update(); } redirect(apidb_fullurl("appview.php?versionId={$oNote->iVersionId}")); -} -else +} else /* display note */ { - if (empty($aClean['preview'])) - { - $aClean['noteTitle'] = $oNote->sTitle; - $aClean['noteDesc'] = $oNote->sDescription; - $aClean['appId'] = $oNote->iAppId; - $aClean['versionId'] = $oNote->iVersionId; - } - - HtmlAreaLoaderScript(array("editor")); - // show form - apidb_header("Edit Application Note"); + apidb_header("Application Note"); + + /* if preview is set display the note for review */ + if($aClean['sPreview']) + { + $oNote->GetOutputEditorValues(); /* retrieve the updated values */ + $oNote->show(true); + } echo "\n"; - echo html_frame_start("Edit Application Note {$aClean['noteId']}", "90%","",0); - echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'"); - echo add_br($aClean['noteDesc']); - - echo ''; - - if ($aClean['noteTitle'] == "HOWTO" || $aClean['noteTitle'] == "WARNING") - { - echo 'Title (Do not change)'; - echo '',"\n"; - } - else - { - echo 'Title',"\n"; - } - echo 'Description', "\n"; - echo '

', "\n"; - echo '',"\n"; - echo '

'; - echo '',"\n"; - echo ' ',"\n"; - echo ' ',"\n"; - echo '',"\n"; - echo html_table_end(); - echo html_frame_end(); + /* display the editor for this note */ + $oNote->OutputEditor(); + + echo '
'; + echo ' ',"\n"; + echo ' ',"\n"; + echo '',"\n"; + echo '
'; echo html_back_link(1,BASE."appview.php?versionId=".$oNote->iVersionId); } diff --git a/include/note.php b/include/note.php index a89993d..4e2769c 100644 --- a/include/note.php +++ b/include/note.php @@ -47,16 +47,16 @@ class Note { * Informs interested people about the creation. * Returns true on success, false on failure */ - function create($sTitle, $sDescription, $iVersionId) + function create() { $hResult = query_parameters("INSERT INTO appNotes (versionId, noteTitle, noteDesc) ". "VALUES('?', '?', '?')", - $iVersionId, $sTitle, $sDescription); + $this->iVersionId, $this->sTitle, $this->sDescription); if($hResult) { $this->note(mysql_insert_id()); - $sWhatChanged = "Description is:\n".$sDescription.".\n\n"; + $sWhatChanged = "Description is:\n".$this->sDescription.".\n\n"; $this->SendNotificationMail("add", $sWhatChanged); return true; } @@ -72,37 +72,44 @@ class Note { * Update note. * Returns true on success and false on failure. */ - function update($sTitle=null, $sDescription=null, $iVersionId=null) + function update() { $sWhatChanged = ""; + + /* create an instance of ourselves so we can see what has changed */ + $oNote = new Note($this->iNoteId); - if ($sTitle && $sTitle!=$this->sTitle) + if ($this->sTitle && $this->sTitle!=$oNote->sTitle) { if (!query_parameters("UPDATE appNotes SET noteTitle = '?' WHERE noteId = '?'", - $sTitle, $this->iNoteId)) + $this->sTitle, $this->iNoteId)) return false; - $sWhatChanged .= "Title was changed from ".$this->sTitle." to ".$sTitle.".\n\n"; - $this->sTitle = $sTitle; + $sWhatChanged .= "Title was changed from ".$oNote->sTitle." to ".$this->sTitle.".\n\n"; } - if ($sDescription && $sDescription!=$this->sDescription) + if ($this->sDescription && $this->sDescription!=$oNote->sDescription) { if (!query_parameters("UPDATE appNotes SET noteDesc = '?' WHERE noteId = '?'", - $sDescription, $this->iNoteId)) + $this->sDescription, $this->iNoteId)) return false; - $sWhatChanged .= "Description was changed from\n ".$this->sDescription."\n to \n".$sDescription.".\n\n"; - $this->sDescription = $sDescription; + $sWhatChanged .= "Description was changed from\n ".$oNote->sDescription."\n to \n".$this->sDescription.".\n\n"; } - if ($iVersionId && $iVersionId!=$this->iVersionId) + if ($this->iVersionId && $this->iVersionId!=$oNote->iVersionId) { if (!query_parameters("UPDATE appNotes SET versionId = '?' WHERE noteId = '?'", - $iVersionId, $this->iNoteId)) + $this->iVersionId, $this->iNoteId)) return false; - $oVersionBefore = new Version($this->iVersionId); - $oVersionAfter = new Version($iVersionId); - $sWhatChanged .= "Version was changed from ".$oVersionBefore->sName." to ".$oVersionAfter->sName.".\n\n"; + $sVersionBefore = Version::lookup_name($oNote->iVersionId); + $sVersionAfter = Version::lookup_name($this->iVersionId); + $sWhatChanged .= "Version was changed from ".$sVersionBefore." to ".$sVersionAfter.".\n\n"; $this->iVersionId = $iVersionId; + + //TODO: iAppId isn't in the appNotes table + // and we only use it for permissions checking in showNote() and in SendNotificationEmail + // we may be able to look it up on the fly if we had a more efficient way of doing so + // instead of having to construct a version object each time + $oVersionAfter = new Version($this->iVersionId); $this->iAppId = $oVersionAfter->iAppId; } if($sWhatChanged) @@ -160,7 +167,9 @@ class Note { } /* Show note */ - function show() + /* $bDisplayOnly means we should not display any editing controls, even if */ + /* the user has the ability to edit this note */ + function show($bDisplayOnly = false) { switch($this->sTitle) { @@ -191,14 +200,17 @@ class Note { $shOutput .= $this->sDescription; $shOutput .= "\n"; - if ($_SESSION['current']->hasPriv("admin") || - $_SESSION['current']->isMaintainer($this->iVersionId) || - $_SESSION['current']->isSuperMaintainer($this->iAppId)) + if(!$bDisplayOnly) { - $shOutput .= ""; - $shOutput .= "iNoteId}\">"; - $shOutput .= ''; - $shOutput .= '
'; + if ($_SESSION['current']->hasPriv("admin") || + $_SESSION['current']->isMaintainer($this->iVersionId) || + $_SESSION['current']->isSuperMaintainer($this->iAppId)) + { + $shOutput .= ""; + $shOutput .= "
iNoteId}\">"; + $shOutput .= ''; + $shOutput .= '
'; + } } $shOutput .= "\n"; @@ -206,5 +218,46 @@ class Note { echo $shOutput; } + + + function OutputEditor() + { + HtmlAreaLoaderScript(array("editor")); + + echo html_frame_start("Edit Application Note {$aClean['noteId']}", "90%","",0); + echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'"); + + echo ''; + echo ''; + echo ''; + + echo 'Title'."\n"; + echo ' ',"\n"; + echo 'Description', "\n"; + echo '

', "\n"; + echo '',"\n"; + echo '

'; + echo ''."\n"; + echo '',"\n"; + + echo html_table_end(); + echo html_frame_end(); + } + + /* retrieves values from $_REQUEST that were output by OutputEditor() */ + function GetOutputEditorValues() + { + $aClean = array(); //array of filtered user input + + $aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); + $aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']); + $aClean['sNoteTitle'] = makeSafe($_REQUEST['sNoteTitle']); + $aClean['sNoteDesc'] = makeSafe($_REQUEST['sNoteDesc']); + + $this->iVersionId = $aClean['iVersionId']; + $this->iAppId = $aClean['iAppId']; + $this->sTitle = $aClean['sNoteTitle']; + $this->sDescription = $aClean['sNoteDesc']; + } } ?> diff --git a/include/version.php b/include/version.php index 5d2438e..41d7d7f 100644 --- a/include/version.php +++ b/include/version.php @@ -773,15 +773,15 @@ class Version { echo ''; echo ''; echo '
'; - echo ''; + echo ''; echo ''; echo '
'; - echo '
iVersionId.'>'; - echo ''; + echo 'iVersionId.'>'; + echo ''; echo ''; echo '
'; - echo '
iVersionId.'>'; - echo ''; + echo 'iVersionId.'>'; + echo ''; echo ''; echo '
'; echo "";