Navigation

← Previous Changeset
Next Changeset →

Changeset 1555

Timestamp:

03/24/08 08:08:33 (8 months ago)

Author:

fumiakiy

Message:

Changed the way to handle many blog ids. Instead of putting everything in a cookie, it special cases if the user is a superuser, or if the user has assigned to more than 20 blogs. BugId:67996

Also added invalidation of commenter_url cookie value when logging out.

Also added a check to see if commenter is a TypeKey user, and redirect appropriately.

Files:

branches/enzo/default_templates/javascript.mtml (modified) (5 diffs)
branches/enzo/lib/MT/App.pm (modified) (3 diffs)
branches/enzo/lib/MT/App/Comments.pm (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/enzo/default_templates/javascript.mtml

r1118	r1555
27	27	</MTIfNonEmpty>
28	28
	29	var AUTHOR = 1;
	30	var COMMENTER = 2;
29	31	var commenter_name;
30		var commenter_blog_ids;
	32	var commenter_status;
	33	var commenter_id;
	34	var commenter_url
31	35	var is_preview;
32	36	var mtcmtmail;
…	…
45	49	<MTIfRegistrationAllowed>
46	50	<MTIfRegistrationRequired>
47		if ( commenter_name &&
48		( !commenter_id
49		\|\| commenter_blog_ids.indexOf("'<$MTBlogID$>'") > -1))
	51	if ( commenter_status == COMMENTER )
50	52	{
51	53	hideDocumentElement('comment-form-name');
…	…
60	62	<MTElse>
61	63	// comments are allowed but registration not required
62		if ( commenter_name &&
63		( !commenter_id
64		\|\| commenter_blog_ids.indexOf("'<$MTBlogID$>'") > -1))
	64	if ( commenter_status == COMMENTER )
65	65	{
66	66	hideDocumentElement('comment-form-name');
…	…
98	98	function writeCommenterGreeting(commenter_name, entry_id, blog_id, commenter_id, commenter_url) {
99	99	<MTIfRegistrationAllowed>
100		if ( commenter_name &&
101		( !commenter_id
102		\|\| commenter_blog_ids.indexOf("'" + blog_id + "'") > -1))
103		{
104		var url;
105		if (commenter_id) {
106		url = '<$MTCGIPath$><$MTCommentScript$>?__mode=edit_profile&commenter=' + commenter_id + '&blog_id=' + blog_id;
107		if (entry_id) {
108		url += '&entry_id=' + entry_id;
	100	if ( commenter_status > 0 ) {
	101	var commenter_link;
	102	if ( commenter_status == COMMENTER ) {
	103	if (commenter_url) {
	104	commenter_link = '<a href="' + commenter_url + '">' + commenter_name + '</a>';
109	105	} else {
110		~~url += '&static=1'~~;
	106	commenter_link = commenter_name;
111	107	}
112		} else if (commenter_url) {
113		url = commenter_url;
114		} else {
115		url = null;
	108	} else if ( commenter_status == AUTHOR ) {
	109	if (commenter_id) {
	110	commenter_link = '<a href="<$MTCGIPath$><$MTCommentScript$>?__mode=edit_profile&commenter=' + commenter_id + '&blog_id=' + blog_id;
	111	if (entry_id) {
	112	commenter_link += '&entry_id=' + entry_id;
	113	} else {
	114	commenter_link += '&static=1';
	115	}
	116	commenter_link += '">' + commenter_name + '</a>';
	117	}
	118
116	119	}
117		var content = '<__trans phrase="Thanks for signing in," escape="js"> ';
118		if (url) {
119		content += '<a href="' + url + '">' + commenter_name + '</a>';
120		} else {
121		content += commenter_name;
122		}
123		content += '<__trans phrase=". Now you can comment." escape="js"> (<a href="<$MTRemoteSignOutLink static="1"$>&entry_id=' + entry_id + '"><__trans phrase="sign out" escape="js"></a>)';
124		document.write(content);
	120	document.write(
	121	'<__trans phrase="Thanks for signing in, [_1]. Now you can comment. ([_2]sign out[_3])" params="' + commenter_link + '%%<a href="<$MTRemoteSignOutLink static="1"$>&entry_id=' + entry_id + '">%%</a>">'
	122	);
125	123	} else if (commenter_name) {
126		document.write('<__trans phrase="You do not have permission to comment on this blog." escape="js"> (<a href="<$MTRemoteSignOutLink static="1"$>&entry_id=' + entry_id + '"><__trans phrase="sign out" escape="js"></a>)');
	124	document.write('<__trans phrase="You do not have permission to comment on this blog. ([_1]sign out[_2])" params="<a href="<$MTRemoteSignOutLink static="1"$>&entry_id=' + entry_id + '">%%</a>">');
127	125	} else {
128	126	<MTIfRegistrationRequired>
129		document.write('<a href="<$MTCGIPath$><$MTCommentScript$>?__mode=login&entry_id=' + entry_id + '&blog_id=' + blog_id + '&static=1"><__trans phrase="Sign in" escape="js">' + '</a>' + '<__trans phrase=" to comment on this entry." escape="js">');
	127	var phrase = '<__trans phrase="[_1]Sign in[_2] to comment on this entry." params="<a href="<$MTCGIPath$><$MTCommentScript$>?__mode=login&entry_id=' + entry_id + '&blog_id=' + blog_id + '&static=1">%%</a>">';
130	128	<MTElse>
131		document.write('<a href="<$MTCGIPath$><$MTCommentScript$>?__mode=login&entry_id=' + entry_id + '&blog_id=' + blog_id + '&static=1"><__trans phrase="Sign in" escape="js">' + '</a>' + '<__trans phrase=" to comment on this entry," escape="js"> <__trans phrase="or " escape="js"><a href="javascript:void(0);" onclick="showAnonymousForm();"><__trans phrase="comment anonymously." escape="js"></a>');
	129	var phrase = '<__trans phrase="[_1]Sign in[_2] to comment on this entry, or [_3]comment anonymously[_2]." params="<a href="<$MTCGIPath$><$MTCommentScript$>?__mode=login&entry_id=' + entry_id + '&blog_id=' + blog_id + '&static=1">%%</a>%%<a href="javascript:void(0);" onclick="showAnonymousForm();">">';
132	130	</MTIfRegistrationRequired>
	131	document.write(phrase);
133	132	}
134	133	</MTIfRegistrationAllowed>
…	…
140	139	} else {
141	140	commenter_name = getCookie('commenter_name');
	141	commenter_url = getCookie('commenter_url');
142	142	ids = getCookie('commenter_id').split(':');
143	143	commenter_id = ids[0];
144		commenter_blog_ids = ids[1];
145		commenter_url = getCookie('commenter_url');
	144	if ( ids[1] == 'S' ) {
	145	commenter_status = AUTHOR;
	146	}
	147	else if ( ids[1] == 'N' ) {
	148	document.write('<script src="<$MTCGIPath$><$MTCommentScript$>?__mode=cmtr_status_js&blog_id=<$MTBlogID$>"></script>');
	149	}
	150	else if ( commenter_name && !commenter_id ) {
	151	commenter_status = COMMENTER;
	152	}
	153	else if ( commenter_name
	154	&& commenter_id
	155	&& ( ids[1].indexOf("'<$MTBlogID$>'") > -1 ) ) {
	156	commenter_status = AUTHOR;
	157	}
	158	else {
	159	commenter_status = 0;
	160	}
146	161	}
147	162	</MTIfRegistrationAllowed>

branches/enzo/lib/MT/App.pm

r1550	r1555
1001	1001	$app->bake_cookie(%name_kookee);
1002	1002	if (defined $id) {
1003		my ~~@blog~~s;
	1003	my $blog_ids;
1004	1004	if ($app->user && $app->user->is_superuser) {
1005		@blogs = $app->model('blog')->load( undef, {
1006		fetchonly => [ 'id' ],
1007		});
	1005	# Do not send blog ids in cookie because it may become huge.
	1006	$blog_ids = 'S';
1008	1007	}
1009	1008	else {
1010		@blogs = $app->model('blog')->load(undef,
	1009	my @blogs = $app->model('blog')->load(undef,
1011	1010	{
1012	1011	fetchonly => [ 'id' ],
…	…
1020	1019	}
1021	1020	);
1022		}
1023		my $blog_ids = @blogs ? "'" . join("','", map { $_->id } @blogs) . "'" : '';
1024
1025		my $perm = MT::Permission->load({ blog_id => $blog_id, author_id => $id });
1026		if ($perm) {
1027		# double-check to see if this user hasn't been denied commenting
1028		# permission. user has 'comment' permission through a role,
1029		# but check for a restriction to comment on this blog
1030		if ($perm->is_restricted('comment')) {
1031		$blog_ids =~ s/(,\|^)'$blog_id'(,\|$)//;
1032		}
1033
1034		# But if the permission carries a 'can administer' permission
1035		# they should be allowed
1036		if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
1037		if ($perm->can_administer_blog()) {
1038		# user is a blog administrator, so yes, they can comment too
1039		$blog_ids .= ($blog_ids ne '' ? ',' : '')
1040		. "'" . $blog_id . "'";
	1021
	1022	# Has permissions to 20+ blogs - do not send these ids in cookie.
	1023	$blog_ids = 20 < scalar(@blogs)
	1024	? 'N'
	1025	: @blogs
	1026	? "'" . join("','", map { $_->id } @blogs) . "'"
	1027	: '';
	1028	}
	1029
	1030	if ( $blog_ids ne 'S' && $blog_ids ne 'N' ) {
	1031	my $perm = MT::Permission->load({ blog_id => $blog_id, author_id => $id });
	1032	if ($perm) {
	1033	# double-check to see if this user hasn't been denied commenting
	1034	# permission. user has 'comment' permission through a role,
	1035	# but check for a restriction to comment on this blog
	1036	if ($perm->is_restricted('comment')) {
	1037	$blog_ids =~ s/(,\|^)'$blog_id'(,\|$)//;
1041	1038	}
1042		}
1043		}
1044		else {
1045		if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
1046		# extra check to see if this user can comment on requested
1047		# blog; this is specific to the Comment application, so
1048		# only do this if we're running the comments app.
1049		if ( $app->isa( 'MT::App::Comments' )) {
1050		if ( $app->_check_commenter_author($app->user, $blog_id) ) {
1051		# is this blog open to commenting from registered users?
1052		# if so, this user really can comment, even though they
1053		# don't have explicit permissions for it
	1039
	1040	# But if the permission carries a 'can administer' permission
	1041	# they should be allowed
	1042	if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
	1043	if ($perm->can_administer_blog()) {
	1044	# user is a blog administrator, so yes, they can comment too
1054	1045	$blog_ids .= ($blog_ids ne '' ? ',' : '')
1055	1046	. "'" . $blog_id . "'";
	1047	}
	1048	}
	1049	}
	1050	else {
	1051	if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
	1052	# extra check to see if this user can comment on requested
	1053	# blog; this is specific to the Comment application, so
	1054	# only do this if we're running the comments app.
	1055	if ( $app->isa( 'MT::App::Comments' )) {
	1056	if ( $app->_check_commenter_author($app->user, $blog_id) ) {
	1057	# is this blog open to commenting from registered users?
	1058	# if so, this user really can comment, even though they
	1059	# don't have explicit permissions for it
	1060	$blog_ids .= ($blog_ids ne '' ? ',' : '')
	1061	. "'" . $blog_id . "'";
	1062	}
1056	1063	}
1057	1064	}
…	…
1104	1111	-expires => "+${timeout}s");
1105	1112	$app->bake_cookie(%kookee);
	1113	my %url_kookee = (-name => 'commenter_url',
	1114	-value => '',
	1115	-path => '/',
	1116	-expires => "+${timeout}s");
	1117	$app->bake_cookie(%url_kookee);
1106	1118	my %name_kookee = (-name => 'commenter_name',
1107	1119	-value => '',

branches/enzo/lib/MT/App/Comments.pm

r1550	r1555
35	35	handle_sign_in => \&handle_sign_in,
36	36	cmtr_name_js => \&commenter_name_js,
	37	cmtr_status_js => \&commenter_status_js,
37	38	edit_profile => \&edit_commenter_profile,
38	39	save_profile => \&save_commenter_profile,
…	…
1372	1373	my %cookies = $app->cookies();
1373	1374	$app->_invalidate_commenter_session( \%cookies );
	1375	if ( $commenter && ( 'TypeKey' ne $commenter->auth_type ) ) {
	1376	# Remove logout parameter so MT does not go to TypeKey
	1377	# when unnecessary.
	1378	$app->param( 'logout', 0 );
	1379	}
1374	1380	$result = 1;
1375	1381	}
…	…
1430	1436	}
1431	1437
	1438	sub _commenter_status {
	1439	my $app = shift;
	1440	my ( $commenter_id ) = @_;
	1441	my $blog_id = $app->param('blog_id') \|\| 0;
	1442	my $commenter_status = '0';
	1443	my $user = $app->model('author')->load($commenter_id);
	1444	if ($user && $user->is_superuser) {
	1445	$commenter_status = 'AUTHOR';
	1446	}
	1447	else {
	1448	# FIXME: this may be incomplete since the user
	1449	# may in fact be able to comment on other blogs;
	1450	# they just haven't signed into them yet
	1451	my $perm = MT::Permission->load(
	1452	{
	1453	blog_id => $blog_id,
	1454	permissions => { like => "\%'comment'\%" },
	1455	author_id => $commenter_id
	1456	}
	1457	);
	1458	if ( $perm ) {
	1459	if ( $perm->is_restricted('comment')
	1460	&& !$perm->can_administer_blog() ) {
	1461	$commenter_status = '0';
	1462	}
	1463	else {
	1464	$commenter_status = 'AUTHOR';
	1465	}
	1466	}
	1467	elsif ( MT::Author::COMMENTER() == $user->type ) {
	1468	$commenter_status = 'COMMENTER';
	1469	}
	1470	elsif ( $app->_check_commenter_author($user, $blog_id) ) {
	1471	$commenter_status = 'AUTHOR';
	1472	}
	1473	}
	1474	$commenter_status;
	1475	}
	1476
	1477	sub commenter_status_js {
	1478	local $SIG{__WARN__} = sub { };
	1479	my $app = shift;
	1480	my $ids = $app->cookie_val('commenter_id') \|\| q();
	1481
	1482	my $commenter_id;
	1483	if ($ids) {
	1484	my @ids = split ':', $ids;
	1485	$commenter_id = $ids[0];
	1486	}
	1487
	1488	my $commenter_status = '0';
	1489	if ($commenter_id) {
	1490	$commenter_status = $app->_commenter_status( $commenter_id );
	1491	}
	1492	$commenter_status = encode_js( $commenter_status );
	1493	return <<JS;
	1494	commenter_status = $commenter_status;
	1495	JS
	1496	}
	1497
1432	1498	sub commenter_name_js {
1433	1499	local $SIG{__WARN__} = sub { };
…	…
1436	1502	my $ids = $app->cookie_val('commenter_id') \|\| q();
1437	1503	my $commenter_url = $app->cookie_val('commenter_url') \|\| q();
1438		~~my $blog_id = $app->param('blog_id') \|\| 0;~~
1439	1504
1440	1505	my $commenter_id;
…	…
1450	1515	$app->set_header( 'Expires' => '-1' );
1451	1516
1452		my $~~blog_ids = q()~~;
	1517	my $commenter_status = '0';
1453	1518	if ($commenter_id) {
1454		my @blogs;
1455		my $user = $app->model('author')->load($commenter_id);
1456		if ($user && $user->is_superuser) {
1457		@blogs = $app->model('blog')->load( undef, { fetchonly => [ 'id' ] } );
1458		}
1459		else {
1460		# FIXME: this may be incomplete since the user
1461		# may in fact be able to comment on other blogs;
1462		# they just haven't signed into them yet
1463		@blogs = $app->model('blog')->load(undef,
1464		{ fetchonly => [ 'id' ],
1465		join => MT::Permission->join_on('blog_id',
1466		{
1467		permissions => { like => "\%'comment'\%" },
1468		author_id => $commenter_id
1469		}
1470		)
1471		}
1472		);
1473		}
1474		$blog_ids = @blogs ? "'" . join("','", map { $_->id } @blogs) . "'" : '';
1475
1476		my $perm = MT::Permission->load({ blog_id => $blog_id, author_id => $commenter_id });
1477		if ($perm) {
1478		# double-check to see if this user hasn't been denied commenting
1479		# permission. user has 'comment' permission through a role,
1480		# but check for a restriction to comment on this blog
1481		if ($perm->is_restricted('comment')) {
1482		$blog_ids =~ s/(,\|^)'$blog_id'(,\|$)//;
1483		}
1484
1485		# But if the permission carries a 'can administer' permission
1486		# they should be allowed
1487		if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
1488		if ($perm->can_administer_blog()) {
1489		# user is a blog administrator, so yes, they can comment too
1490		$blog_ids .= ($blog_ids ne '' ? ',' : '')
1491		. "'" . $blog_id . "'";
1492		}
1493		}
1494		}
1495		else {
1496		if ($blog_id && ($blog_ids !~ m/(,\|^)'$blog_id'(,\|$)/)) {
1497		# extra check to see if this user can comment on requested
1498		# blog
1499		if ( $app->_check_commenter_author($user, $blog_id) ) {
1500		# is this blog open to commenting from registered users?
1501		# if so, this user really can comment, even though they
1502		# don't have explicit permissions for it
1503		$blog_ids .= ($blog_ids ne '' ? ',' : '')
1504		. "'" . $blog_id . "'";
1505		}
1506		}
1507		}
1508		}
1509		$commenter_name = encode_js( $commenter_name );
1510		$commenter_url = encode_js( $commenter_url );
1511		$commenter_id = encode_js( $commenter_id );
	1519	$commenter_status = $app->_commenter_status( $commenter_id );
	1520	}
	1521	elsif ($commenter_name) {
	1522	$commenter_status = 'COMMENTER';
	1523	}
	1524	$commenter_name = encode_js( $commenter_name );
	1525	$commenter_url = encode_js( $commenter_url );
	1526	$commenter_id = encode_js( $commenter_id );
	1527	$commenter_status = encode_js( $commenter_status );
1512	1528	return <<JS;
1513	1529	commenter_name = '$commenter_name';
1514	1530	commenter_id = '$commenter_id';
1515	1531	commenter_url = '$commenter_url';
1516		commenter_~~blog_ids = "$blog_ids"~~;
	1532	commenter_status = $commenter_status;
1517	1533	JS
1518	1534	}