From 0792a75deaa6514762f6b3e6fa916d90cb256ee0 Mon Sep 17 00:00:00 2001
From: Caaaaarrrrlll <carl@bnetdocs.org>
Date: Wed, 7 Jul 2021 01:54:21 -0500
Subject: [PATCH] Convert news edit form to bootstrap

---
 src/controllers/News/Edit.php     | 60 +++++++++++++++++--------------
 src/templates/Document/Edit.phtml |  4 ++-
 src/templates/News/Edit.phtml     |  4 ++-
 src/templates/News/Form.inc.phtml |  9 +++--
 4 files changed, 43 insertions(+), 34 deletions(-)

diff --git a/src/controllers/News/Edit.php b/src/controllers/News/Edit.php
index b39c4712..606a6854 100644
--- a/src/controllers/News/Edit.php
+++ b/src/controllers/News/Edit.php
@@ -1,5 +1,4 @@
-<?php
-
+<?php /* vim: set colorcolumn= expandtab shiftwidth=2 softtabstop=2 tabstop=4 smarttab: */
 namespace BNETDocs\Controllers\News;
 
 use \BNETDocs\Libraries\Authentication;
@@ -21,8 +20,10 @@
 use \DateTimeZone;
 use \InvalidArgumentException;
 
-class Edit extends Controller {
-  public function &run(Router &$router, View &$view, array &$args) {
+class Edit extends Controller
+{
+  public function &run(Router &$router, View &$view, array &$args)
+  {
     $data                   = $router->getRequestQueryArray();
     $model                  = new NewsEditModel();
     $model->active_user     = Authentication::$user;
@@ -41,6 +42,14 @@ public function &run(Router &$router, View &$view, array &$args) {
       User::OPTION_ACL_NEWS_MODIFY
     ));
 
+    if (!$model->acl_allowed)
+    {
+      $model->_responseCode = 403;
+      $model->error = 'ACL_NOT_SET';
+      $view->render($model);
+      return $model;
+    }
+
     try { $model->news_post = new NewsPost($model->news_post_id); }
     catch (NewsPostNotFoundException $e) { $model->news_post = null; }
     catch (InvalidArgumentException $e) { $model->news_post = null; }
@@ -75,12 +84,16 @@ public function &run(Router &$router, View &$view, array &$args) {
     return $model;
   }
 
-  protected function handlePost(Router &$router, NewsEditModel &$model) {
-    if (!$model->acl_allowed) {
+  protected function handlePost(Router &$router, NewsEditModel &$model)
+  {
+    if (!$model->acl_allowed)
+    {
       $model->error = 'ACL_NOT_SET';
       return;
     }
-    if (!isset(Common::$database)) {
+
+    if (!isset(Common::$database))
+    {
       Common::$database = DatabaseDriver::getDatabaseObject();
     }
 
@@ -99,16 +112,12 @@ protected function handlePost(Router &$router, NewsEditModel &$model) {
     $model->content    = $content;
     $model->rss_exempt = $rss_exempt;
 
-    if (empty($title)) {
-      $model->error = 'EMPTY_TITLE';
-    } else if (empty($content)) {
-      $model->error = 'EMPTY_CONTENT';
-    }
-
-    $user_id = $model->active_user->getId();
+    $model->error = (empty($title) ? 'EMPTY_TITLE' : (empty($content) ? 'EMPTY_CONTENT' : null));
 
-    try {
+    if ($model->error) return;
 
+    try
+    {
       $model->news_post->setCategoryId($model->category);
       $model->news_post->setTitle($model->title);
       $model->news_post->setMarkdown($model->markdown);
@@ -124,28 +133,25 @@ protected function handlePost(Router &$router, NewsEditModel &$model) {
       );
 
       $success = $model->news_post->save();
-
-    } catch (QueryException $e) {
-
+      $model->error = false;
+    }
+    catch (QueryException $e)
+    {
       // SQL error occurred. We can show a friendly message to the user while
       // also notifying this problem to staff.
       Logger::logException($e);
 
       $success = false;
-
-    }
-
-    if (!$success) {
       $model->error = 'INTERNAL_ERROR';
-    } else {
-      $model->error = false;
     }
 
-    Logger::logEvent(
+    Logger::logEvent
+    (
       EventTypes::NEWS_EDITED,
-      $user_id,
+      ($model->active_user ? $model->active_user->getId() : null),
       getenv('REMOTE_ADDR'),
-      json_encode([
+      json_encode
+      ([
         'error'           => $model->error,
         'news_post_id'    => $model->news_post_id,
         'category_id'     => $model->news_post->getCategoryId(),
diff --git a/src/templates/Document/Edit.phtml b/src/templates/Document/Edit.phtml
index 250970bd..2d37ba81 100644
--- a/src/templates/Document/Edit.phtml
+++ b/src/templates/Document/Edit.phtml
@@ -25,6 +25,7 @@ $form_markdown = $this->getContext()->markdown;
 $form_title = filter_var($this->getContext()->title, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 require('./header.inc.phtml'); ?>
 <div class="container">
+<? if ($this->getContext()->acl_allowed) { ?>
   <h1><?=$title?></h1>
   <p><?=$description?></p>
 <?  if (is_null($error) || $error == 'NOT_FOUND') {
@@ -41,6 +42,7 @@ require('./header.inc.phtml'); ?>
   <div class="text-center">
     <a class="btn btn-primary" href="<?=Common::relativeUrlToAbsolute('/document/' . rawurlencode($document_id))?>"><img class="float-left" src="<?=Common::relativeUrlToAbsolute('/a/svg/chevron-right-white.svg' . $_unique_asset)?>"/> Return to Document</a>
   </div>
-<?  } ?>
+<?  }
+  } else { require('./LoginRequired.inc.phtml'); } ?>
 </div>
 <? require('./footer.inc.phtml'); ?>
diff --git a/src/templates/News/Edit.phtml b/src/templates/News/Edit.phtml
index 9a37a573..c616b7a4 100644
--- a/src/templates/News/Edit.phtml
+++ b/src/templates/News/Edit.phtml
@@ -26,6 +26,7 @@ $news_post = $this->getContext()->news_post;
 $news_post_id = filter_var($this->getContext()->news_post_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 require('./header.inc.phtml'); ?>
 <div class="container">
+<? if ($this->getContext()->acl_allowed) { ?>
   <h1><?=$title?></h1>
   <p><?=$description?></p>
 <?  if ($error !== false) {
@@ -39,6 +40,7 @@ require('./header.inc.phtml'); ?>
   <div class="alert alert-success">
     <p class="mb-0">Your news post has been edited successfully!</p>
   </div>
-<?  } ?>
+<?  }
+  } else { require('./LoginRequired.inc.phtml'); } ?>
 </div>
 <? require('./footer.inc.phtml'); ?>
diff --git a/src/templates/News/Form.inc.phtml b/src/templates/News/Form.inc.phtml
index d561bf2f..d8045740 100644
--- a/src/templates/News/Form.inc.phtml
+++ b/src/templates/News/Form.inc.phtml
@@ -1,13 +1,12 @@
 <?php /* vim: set colorcolumn= expandtab shiftwidth=2 softtabstop=2 tabstop=4 smarttab: */
-namespace BNETDocs\Templates\Document; ?>
+namespace BNETDocs\Templates\News; ?>
   <form method="POST" action="?<?=($news_post_id ? 'id=' . filter_var($news_post_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '')?>">
     <div class="form-group">
       <label class="font-weight-bold" for="category">Category:</label><br/>
       <select class="border border-primary custom-select bg-dark text-light" name="category" id="category" tabindex="1" required autofocus="autofocus" size="1">
-<?php $category = $this->getContext()->category;
-foreach ($this->getContext()->news_categories as $item) { ?>
-        <option value="<?php echo htmlspecialchars($item->getId(), ENT_HTML5, "UTF-8"); ?>"<?php if ($category === $item->getId()) { ?> selected="selected"<?php } ?>><?php echo htmlspecialchars($item->getLabel(), ENT_HTML5, "UTF-8"); ?></option>
-<?php } ?>
+<? $category = $this->getContext()->category; foreach ($this->getContext()->news_categories as $item) { ?>
+        <option value="<?=filter_var($item->getId(), FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"<?=($category === $item->getId() ? ' selected="selected"' : '')?>><?=filter_var($item->getLabel(), FILTER_SANITIZE_FULL_SPECIAL_CHARS)?></option>
+<? } ?>
       </select>
     </div>
     <div class="form-group">