Monday, October 10, 2011

Tips 13: Modifying List Submission on Article Object




If you enable the CMS or article features in TikiWiki, then every time you are done editing the articles that are submitted (via tiki-edit_submission.php), TikiWiki will inevitably redirect you to a list called List Submission (via tiki-list_submission.php). List submission contains articles that have been submitted and then still in approval process. During this process, a user can do the editing. In this case, the user that has the right to edit is the user that is authorized by the administrator to edit the submitted articles.
Problem will arise if there are two or more users, who have an equal right to do the editing, so that users who should only edit the article which they wrote, are able to edit articles written by other users. This can be overcome by giving users, access permissions to only edit the article that they wrote, not including articles of other authors- unless the users have been given the right as a CMS administrator, who can also edit the article to others. Once the problem is resolved, other problem arises. Submission list displays all the articles written by many users (i.e. authors), not limited to the same author with the current logon user. As a result, the list of submissions may contain articles written by user A, B, C, and so on. In fact, user A should only be featuring articles written by the user A, as well as to user B, C, and so on. Try doing the steps below.
  1. Open file /lib//articles/artlib.php and find "function list_submissions".
  2. Right before the script $query = "select * from `tiki_submissions` $mid order by " . $this->convertSortMode($sort_mode);, insert the script as follows:
    //additional procedure to control user, begin
    global $tiki_p_admin_cms, $user;
    if ($tiki_p_admin_cms !='y') {
         if ($mid) {
              $mid .= " AND `author` = ? ";
         } else {
              $mid = ' WHERE `author` = ? ';
         }
         $bindvars[]=$user;
    }
    //additional procedure to control user,  end
  3. Save and close file /lib//articles/artlib.php.
Explanation: the above procedures stated if a user who is currently logged on has the right (given the right) to become admin cms ($ tiki_p_admin_cms), then the user ($ user) is allowed to load and display all articles written by many authors. If a user who is currently logged on does not have the right to do that, then the user is only able to load display the list of submissions that he wrote only (stated with the command AND `author` = $ user).

In this way, the user's privacy will be maintained and secured.
By BVS - 11:58 AM
Labels: ,

2 comments:

  1. AnonymousNovember 8, 2011 at 10:47 AM

    This is a nice addition... you should add this to the code and get in included in the next release

    ReplyDelete
  2. BVSNovember 8, 2011 at 8:38 PM

    Hi Rick,

    Thanks for your comment. I appreciate that. But to be the truth, I do not know how to add the code in the next release.

    What I am doing is only develop TikiWIki on my website. I would be glad if you can help me how to do that.

    ReplyDelete

Subscribe to: Post Comments (Atom)