Fossil SCM
Merge trunk and add a todo which requires refactoring.
Commit
032d684d9b94e18a6c05ade28e8dfe0d032923cc2e4fd35851d6ef67a27aeb05
Parent
f850be30ff91896…
4 files changed
+19
-2
+19
-2
+2
-4
+2
-4
+19
-2
| --- src/attach.c | ||
| +++ src/attach.c | ||
| @@ -1095,12 +1095,29 @@ | ||
| 1095 | 1095 | @ <blockquote> |
| 1096 | 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | 1098 | @ Delete this attachment</label><br> |
| 1099 | 1099 | if( isModerator ){ |
| 1100 | - @ <label><input type="radio" name="modaction" value="approve"> | |
| 1101 | - @ Approve this attachment</label><br> | |
| 1100 | +#if 0 | |
| 1101 | + /* TODO: only allow approval of an attachment if its target has | |
| 1102 | + ** been approved. Without this, we can end up with stale | |
| 1103 | + ** attachments which refer to rejected targets. We need a | |
| 1104 | + ** type-specific RID/UUID here, which requires refactoring | |
| 1105 | + ** above to get it. */ | |
| 1106 | + const int tgtid = 0; | |
| 1107 | + if( moderation_pending(tgtid) ){ | |
| 1108 | + @ <label><input type="radio" name="modaction" disabled value="approve"> | |
| 1109 | + @ <span class='modpending'>Cannot approve: | |
| 1110 | + @ target is pending moderation</span>\ | |
| 1111 | + @ </label><br> | |
| 1112 | + }else | |
| 1113 | +#else | |
| 1114 | + { | |
| 1115 | + @ <label><input type="radio" name="modaction" value="approve"> | |
| 1116 | + @ Approve this attachment</label><br> | |
| 1117 | + } | |
| 1118 | +#endif | |
| 1102 | 1119 | } |
| 1103 | 1120 | @ <input type="submit" value="Submit"> |
| 1104 | 1121 | login_insert_csrf_secret(); |
| 1105 | 1122 | @ </form> |
| 1106 | 1123 | @ </blockquote> |
| 1107 | 1124 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -1095,12 +1095,29 @@ | |
| 1095 | @ <blockquote> |
| 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | @ Delete this attachment</label><br> |
| 1099 | if( isModerator ){ |
| 1100 | @ <label><input type="radio" name="modaction" value="approve"> |
| 1101 | @ Approve this attachment</label><br> |
| 1102 | } |
| 1103 | @ <input type="submit" value="Submit"> |
| 1104 | login_insert_csrf_secret(); |
| 1105 | @ </form> |
| 1106 | @ </blockquote> |
| 1107 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -1095,12 +1095,29 @@ | |
| 1095 | @ <blockquote> |
| 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | @ Delete this attachment</label><br> |
| 1099 | if( isModerator ){ |
| 1100 | #if 0 |
| 1101 | /* TODO: only allow approval of an attachment if its target has |
| 1102 | ** been approved. Without this, we can end up with stale |
| 1103 | ** attachments which refer to rejected targets. We need a |
| 1104 | ** type-specific RID/UUID here, which requires refactoring |
| 1105 | ** above to get it. */ |
| 1106 | const int tgtid = 0; |
| 1107 | if( moderation_pending(tgtid) ){ |
| 1108 | @ <label><input type="radio" name="modaction" disabled value="approve"> |
| 1109 | @ <span class='modpending'>Cannot approve: |
| 1110 | @ target is pending moderation</span>\ |
| 1111 | @ </label><br> |
| 1112 | }else |
| 1113 | #else |
| 1114 | { |
| 1115 | @ <label><input type="radio" name="modaction" value="approve"> |
| 1116 | @ Approve this attachment</label><br> |
| 1117 | } |
| 1118 | #endif |
| 1119 | } |
| 1120 | @ <input type="submit" value="Submit"> |
| 1121 | login_insert_csrf_secret(); |
| 1122 | @ </form> |
| 1123 | @ </blockquote> |
| 1124 |
+19
-2
| --- src/attach.c | ||
| +++ src/attach.c | ||
| @@ -1095,12 +1095,29 @@ | ||
| 1095 | 1095 | @ <blockquote> |
| 1096 | 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | 1098 | @ Delete this attachment</label><br> |
| 1099 | 1099 | if( isModerator ){ |
| 1100 | - @ <label><input type="radio" name="modaction" value="approve"> | |
| 1101 | - @ Approve this attachment</label><br> | |
| 1100 | +#if 0 | |
| 1101 | + /* TODO: only allow approval of an attachment if its target has | |
| 1102 | + ** been approved. Without this, we can end up with stale | |
| 1103 | + ** attachments which refer to rejected targets. We need a | |
| 1104 | + ** type-specific RID/UUID here, which requires refactoring | |
| 1105 | + ** above to get it. */ | |
| 1106 | + const int tgtid = 0; | |
| 1107 | + if( moderation_pending(tgtid) ){ | |
| 1108 | + @ <label><input type="radio" name="modaction" disabled value="approve"> | |
| 1109 | + @ <span class='modpending'>Cannot approve: | |
| 1110 | + @ target is pending moderation</span>\ | |
| 1111 | + @ </label><br> | |
| 1112 | + }else | |
| 1113 | +#else | |
| 1114 | + { | |
| 1115 | + @ <label><input type="radio" name="modaction" value="approve"> | |
| 1116 | + @ Approve this attachment</label><br> | |
| 1117 | + } | |
| 1118 | +#endif | |
| 1102 | 1119 | } |
| 1103 | 1120 | @ <input type="submit" value="Submit"> |
| 1104 | 1121 | login_insert_csrf_secret(); |
| 1105 | 1122 | @ </form> |
| 1106 | 1123 | @ </blockquote> |
| 1107 | 1124 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -1095,12 +1095,29 @@ | |
| 1095 | @ <blockquote> |
| 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | @ Delete this attachment</label><br> |
| 1099 | if( isModerator ){ |
| 1100 | @ <label><input type="radio" name="modaction" value="approve"> |
| 1101 | @ Approve this attachment</label><br> |
| 1102 | } |
| 1103 | @ <input type="submit" value="Submit"> |
| 1104 | login_insert_csrf_secret(); |
| 1105 | @ </form> |
| 1106 | @ </blockquote> |
| 1107 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -1095,12 +1095,29 @@ | |
| 1095 | @ <blockquote> |
| 1096 | form_begin(0, "%R/ainfo/%s", zUuid); |
| 1097 | @ <label><input type="radio" name="modaction" value="delete"> |
| 1098 | @ Delete this attachment</label><br> |
| 1099 | if( isModerator ){ |
| 1100 | #if 0 |
| 1101 | /* TODO: only allow approval of an attachment if its target has |
| 1102 | ** been approved. Without this, we can end up with stale |
| 1103 | ** attachments which refer to rejected targets. We need a |
| 1104 | ** type-specific RID/UUID here, which requires refactoring |
| 1105 | ** above to get it. */ |
| 1106 | const int tgtid = 0; |
| 1107 | if( moderation_pending(tgtid) ){ |
| 1108 | @ <label><input type="radio" name="modaction" disabled value="approve"> |
| 1109 | @ <span class='modpending'>Cannot approve: |
| 1110 | @ target is pending moderation</span>\ |
| 1111 | @ </label><br> |
| 1112 | }else |
| 1113 | #else |
| 1114 | { |
| 1115 | @ <label><input type="radio" name="modaction" value="approve"> |
| 1116 | @ Approve this attachment</label><br> |
| 1117 | } |
| 1118 | #endif |
| 1119 | } |
| 1120 | @ <input type="submit" value="Submit"> |
| 1121 | login_insert_csrf_secret(); |
| 1122 | @ </form> |
| 1123 | @ </blockquote> |
| 1124 |
+2
-4
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -866,12 +866,11 @@ | ||
| 866 | 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | 867 | ** fpid's status. |
| 868 | 868 | */ |
| 869 | 869 | static int forum_may_set_status(int fpid){ |
| 870 | 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | - return | |
| 872 | - g.perm.Admin | |
| 871 | + return g.perm.Admin | |
| 873 | 872 | || g.perm.ModForum |
| 874 | 873 | || (login_is_individual() |
| 875 | 874 | && forumpost_is_owner(fpid, 0)); |
| 876 | 875 | } |
| 877 | 876 | |
| @@ -1261,11 +1260,11 @@ | ||
| 1261 | 1260 | login_insert_csrf_secret(); |
| 1262 | 1261 | @ </form> |
| 1263 | 1262 | |
| 1264 | 1263 | if( bSelect ){ |
| 1265 | 1264 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1266 | - if( forumpost_may_close() && iClosed>=0 ){ | |
| 1265 | + if( !bPrivate && forumpost_may_close() && iClosed>=0 ){ | |
| 1267 | 1266 | @ <form method="post" \ |
| 1268 | 1267 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1269 | 1268 | login_insert_csrf_secret(); |
| 1270 | 1269 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1271 | 1270 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | ||
| 1280 | 1279 | /* When an admin edits someone else's post, the admin |
| 1281 | 1280 | ** effectively takes over ownership of it (and we currently |
| 1282 | 1281 | ** have no way of passing it back). Because of this, we |
| 1283 | 1282 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | 1283 | attach_emit_attachadd_button(pHead->zUuid); |
| 1285 | - moderation_pending_www(p->fpid); | |
| 1286 | 1284 | } |
| 1287 | 1285 | } |
| 1288 | 1286 | @ </div> |
| 1289 | 1287 | } |
| 1290 | 1288 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1291 | 1289 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -866,12 +866,11 @@ | |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | return |
| 872 | g.perm.Admin |
| 873 | || g.perm.ModForum |
| 874 | || (login_is_individual() |
| 875 | && forumpost_is_owner(fpid, 0)); |
| 876 | } |
| 877 | |
| @@ -1261,11 +1260,11 @@ | |
| 1261 | login_insert_csrf_secret(); |
| 1262 | @ </form> |
| 1263 | |
| 1264 | if( bSelect ){ |
| 1265 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1266 | if( forumpost_may_close() && iClosed>=0 ){ |
| 1267 | @ <form method="post" \ |
| 1268 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1269 | login_insert_csrf_secret(); |
| 1270 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1271 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | |
| 1280 | /* When an admin edits someone else's post, the admin |
| 1281 | ** effectively takes over ownership of it (and we currently |
| 1282 | ** have no way of passing it back). Because of this, we |
| 1283 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | attach_emit_attachadd_button(pHead->zUuid); |
| 1285 | moderation_pending_www(p->fpid); |
| 1286 | } |
| 1287 | } |
| 1288 | @ </div> |
| 1289 | } |
| 1290 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1291 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -866,12 +866,11 @@ | |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | return g.perm.Admin |
| 872 | || g.perm.ModForum |
| 873 | || (login_is_individual() |
| 874 | && forumpost_is_owner(fpid, 0)); |
| 875 | } |
| 876 | |
| @@ -1261,11 +1260,11 @@ | |
| 1260 | login_insert_csrf_secret(); |
| 1261 | @ </form> |
| 1262 | |
| 1263 | if( bSelect ){ |
| 1264 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1265 | if( !bPrivate && forumpost_may_close() && iClosed>=0 ){ |
| 1266 | @ <form method="post" \ |
| 1267 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1268 | login_insert_csrf_secret(); |
| 1269 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1270 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | |
| 1279 | /* When an admin edits someone else's post, the admin |
| 1280 | ** effectively takes over ownership of it (and we currently |
| 1281 | ** have no way of passing it back). Because of this, we |
| 1282 | ** check the ownership of `p` instead of `pHead`. */ |
| 1283 | attach_emit_attachadd_button(pHead->zUuid); |
| 1284 | } |
| 1285 | } |
| 1286 | @ </div> |
| 1287 | } |
| 1288 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1289 |
+2
-4
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -866,12 +866,11 @@ | ||
| 866 | 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | 867 | ** fpid's status. |
| 868 | 868 | */ |
| 869 | 869 | static int forum_may_set_status(int fpid){ |
| 870 | 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | - return | |
| 872 | - g.perm.Admin | |
| 871 | + return g.perm.Admin | |
| 873 | 872 | || g.perm.ModForum |
| 874 | 873 | || (login_is_individual() |
| 875 | 874 | && forumpost_is_owner(fpid, 0)); |
| 876 | 875 | } |
| 877 | 876 | |
| @@ -1261,11 +1260,11 @@ | ||
| 1261 | 1260 | login_insert_csrf_secret(); |
| 1262 | 1261 | @ </form> |
| 1263 | 1262 | |
| 1264 | 1263 | if( bSelect ){ |
| 1265 | 1264 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1266 | - if( forumpost_may_close() && iClosed>=0 ){ | |
| 1265 | + if( !bPrivate && forumpost_may_close() && iClosed>=0 ){ | |
| 1267 | 1266 | @ <form method="post" \ |
| 1268 | 1267 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1269 | 1268 | login_insert_csrf_secret(); |
| 1270 | 1269 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1271 | 1270 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | ||
| 1280 | 1279 | /* When an admin edits someone else's post, the admin |
| 1281 | 1280 | ** effectively takes over ownership of it (and we currently |
| 1282 | 1281 | ** have no way of passing it back). Because of this, we |
| 1283 | 1282 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | 1283 | attach_emit_attachadd_button(pHead->zUuid); |
| 1285 | - moderation_pending_www(p->fpid); | |
| 1286 | 1284 | } |
| 1287 | 1285 | } |
| 1288 | 1286 | @ </div> |
| 1289 | 1287 | } |
| 1290 | 1288 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1291 | 1289 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -866,12 +866,11 @@ | |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | return |
| 872 | g.perm.Admin |
| 873 | || g.perm.ModForum |
| 874 | || (login_is_individual() |
| 875 | && forumpost_is_owner(fpid, 0)); |
| 876 | } |
| 877 | |
| @@ -1261,11 +1260,11 @@ | |
| 1261 | login_insert_csrf_secret(); |
| 1262 | @ </form> |
| 1263 | |
| 1264 | if( bSelect ){ |
| 1265 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1266 | if( forumpost_may_close() && iClosed>=0 ){ |
| 1267 | @ <form method="post" \ |
| 1268 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1269 | login_insert_csrf_secret(); |
| 1270 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1271 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | |
| 1280 | /* When an admin edits someone else's post, the admin |
| 1281 | ** effectively takes over ownership of it (and we currently |
| 1282 | ** have no way of passing it back). Because of this, we |
| 1283 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | attach_emit_attachadd_button(pHead->zUuid); |
| 1285 | moderation_pending_www(p->fpid); |
| 1286 | } |
| 1287 | } |
| 1288 | @ </div> |
| 1289 | } |
| 1290 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1291 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -866,12 +866,11 @@ | |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | return g.perm.Admin |
| 872 | || g.perm.ModForum |
| 873 | || (login_is_individual() |
| 874 | && forumpost_is_owner(fpid, 0)); |
| 875 | } |
| 876 | |
| @@ -1261,11 +1260,11 @@ | |
| 1260 | login_insert_csrf_secret(); |
| 1261 | @ </form> |
| 1262 | |
| 1263 | if( bSelect ){ |
| 1264 | const ForumPost *pHead = p->pEditHead ? p->pEditHead : p; |
| 1265 | if( !bPrivate && forumpost_may_close() && iClosed>=0 ){ |
| 1266 | @ <form method="post" \ |
| 1267 | @ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'> |
| 1268 | login_insert_csrf_secret(); |
| 1269 | @ <input type="hidden" name="fpid" value="%s(p->zUuid)" /> |
| 1270 | if( moderation_pending(p->fpid)==0 ){ |
| @@ -1280,11 +1279,10 @@ | |
| 1279 | /* When an admin edits someone else's post, the admin |
| 1280 | ** effectively takes over ownership of it (and we currently |
| 1281 | ** have no way of passing it back). Because of this, we |
| 1282 | ** check the ownership of `p` instead of `pHead`. */ |
| 1283 | attach_emit_attachadd_button(pHead->zUuid); |
| 1284 | } |
| 1285 | } |
| 1286 | @ </div> |
| 1287 | } |
| 1288 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1289 |