root/trunk/CommunityEdit/lib/MT/App/CommunityEdit.pm @ 814

package MT::App::CommunityEdit;

use strict;
use base qw( MT::App::Community );
use MT::Util qw( encode_url );
use CustomFields::Util qw( field_loop );

sub edit_entry {
        my $app      = shift;
    my $entry_id = $app->param('id');
    my $blog_id  = $app->param('blog_id') || 0;
    my $user     = $app->_login_user_commenter();
    
    if(!$user) { # Redirect them to log in so that we don't have to use the JS
        my $cfg = $app->config;
        my $signin_link = $cfg->CGIPath;
        $signin_link .= '/' unless $signin_link =~ m!/$!;
        $signin_link .= $cfg->CommunityScript . '?__mode=login&blog_id='.$blog_id;
        $signin_link .= '&return_to=' . encode_url($app->uri( mode => 'edit_entry', 
                                                        args => { id => $entry_id, blog_id => $blog_id}));
                                                        
        return $app->redirect($signin_link);
    }
    
    my $perms = $user->permissions($blog_id) if $blog_id && $user;
    
    require MT::Entry;
    my $entry;
    
    ## Can Create Entry?
    if ( !$entry_id ) {
        return $app->errtrans("Permission denied.")
          unless ( $perms && $perms->can_create_post );
          
        $entry = MT::Entry->new();
    } else {
        $entry = MT::Entry->load($entry_id);  
    }
        
        ## Can Edit Entry?
        if($entry_id && $entry) {
            return $app->error( $app->translate("Permission denied.") )
          unless $perms && $perms->can_edit_entry( $entry, $user );
        }

        my $tmpl = $app->load_global_tmpl('edit_entry')
      or return $app->error("No edit entry template defined");
        
    my %param = ();
    $param{blog_id}  = $blog_id;
    $param{field_loop} =
      field_loop( object_type => 'entry', ($entry) ? (object_id => $entry_id) : () );
        $param{entry_id} = $entry_id;
        $param{entry_status} = lc $entry->status_text;
        $param{magic_token} = $app->current_magic;

    my $ctx = $tmpl->context;
    $ctx->stash('author', $user);
    $ctx->stash('blog_id', $blog_id) if $blog_id;
    $ctx->stash('entry', $entry);
    $tmpl->param( \%param );
    $tmpl;
}

sub save_entry {
    my $app = shift;
    return
        unless $app->request_method eq 'POST';

    my $q   = $app->param;
    my $blog_id = $q->param('blog_id');
    return $app->errtrans("Invalid request") unless $blog_id;

    my $blog = $app->model('blog.community')->load($blog_id);
    return $app->errtrans("Invalid request") unless $blog;
    $app->blog($blog);

    my $user = $app->_login_user_commenter()
      or return $app->errtrans("Login required");
    $app->validate_magic;
    
    my $perms = $user->permissions($blog_id);
    my $entry_id = $q->param('id');
    
    require MT::Entry;
    my $entry;
    
    if ( !$entry_id ) {
        return $app->errtrans("Permission denied.")
          unless ( $perms && $perms->can_create_post );
    } else {
        $entry = MT::Entry->load($entry_id);
    }
    
    if($entry) {
        return $app->error( $app->translate("Permission denied.") )
              unless $perms->can_edit_entry( $entry, $user );
    } else {
        $entry = MT::Entry->new;
    }

    require MT::Sanitize;
    my $sanitize_spec = $blog->sanitize_spec
      || $app->config->GlobalSanitizeSpec;
    my $title = $q->param('title');
    $title = $title ? MT::Sanitize->sanitize( $title, $sanitize_spec ) : $title;
    my $text = $q->param('text');
    $text = $text ? MT::Sanitize->sanitize( $text, $sanitize_spec ) : $text;
    if ( $title && $text ) {
        # for custom fields
        $q->param('customfield_beacon', 1);
        $q->param('_type', 'entry');

        {
            require CustomFields::App::CMS;
            local $app->{component} = 'Commercial';
            CustomFields::App::CMS::CMSSaveFilter_customfield_objs( $app, $app )
                or return $app->error( $app->errstr() );
        }

        my $orig  = $entry->clone();
        $entry->title($title);
        $entry->text($text);
        $entry->blog_id($blog_id);
        $entry->author_id( $user->id );
        my $cb = $user->text_format || $blog->convert_paras || '__default__';

        # richtext is specifically disabled since we don't support
        # rich text editing blog-side yet.
        $cb = '__default__' if $cb eq 'richtext';

        $entry->convert_breaks($cb);
        $entry->allow_comments($blog->allow_comments_default);
        $entry->allow_pings($blog->allow_pings_default);
        
        # If it's published, updates remain published = trust!
        $entry->status(($entry->status == MT::Entry::RELEASE()) ? 
                                                    MT::Entry::RELEASE() : MT::Entry::REVIEW());

        # FIXME: This should be in MT::Util, not CMS.
        require MT::App::CMS;
        MT::App::CMS::_translate_naughty_words($app, $entry);

        $app->run_callbacks( 'api_pre_save.entry', $app, $entry, $orig )
          || return $app->error(
            $app->translate(
                "Saving [_1] failed: [_2]",
                $entry->class_label, $app->errstr
            )
          );

        $entry->save
          or return $app->error(
            $app->translate(
                "Saving [_1] failed: [_2]", $entry->class_label,
                $entry->errstr
            )
          );
          
        my $tags = $app->param('tags');
        if (defined $tags) {
            require MT::Tag;
            my $tag_delim = chr( $app->user->entry_prefs->{tag_delim} );
            my @tags = MT::Tag->split( $tag_delim, $tags );
            $entry->set_tags(@tags);
            $entry->save_tags;
        } 

        $app->run_callbacks( 'api_post_save.entry', $app, $entry, $orig );

        $app->log(
            {
                message => $app->translate(
                    "[_1] '[_2]' (ID:[_3]) added by user '[_4]'",
                    $entry->class_label, $entry->title,
                    $entry->id,          $user->name
                ),
                level    => MT::Log::INFO(),
                class    => 'entry',
                category => 'new',
                metadata => $entry->id
            }
        );

        # for custom field asset
        foreach my $p ( $q->param() ) {
            next if !$q->param($p);
            if ( $p =~ /^file_customfield_(.*?)$/ ) {
                if ( my $file_type = $q->param("type_customfield_$1") ) {
                    my $asset =
                      $app->_handle_upload( $p, require_type => $file_type );
                    if ( !defined($asset) && $app->errstr ) {
                        return $app->error( $app->errstr );
                    }
                    if ($asset) {
                        $q->param( "customfield_$1",
                            $asset->as_html( { include => 1 } ) );
                    }
                }
            }
        }

        my $cid = $q->param('category') || $q->param('category_id');
        my @add_cat;
            my @param = $q->param();
            foreach (@param) {
                if (m/^add_category_id_(\d+)$/) {
                    push @add_cat, $1;
                }
            }        
        
        require MT::Placement;
            my $place = MT::Placement->load({ entry_id => $entry->id, is_primary => 1 });
            if ($cid) {
                unless ($place) {
                    $place = MT::Placement->new;
                    $place->entry_id($entry->id);
                    $place->blog_id($entry->blog_id);
                    $place->is_primary(1);
                }
                $place->category_id($cid);
                $place->save;
            } else {
                if ((defined $cid) && ($place)) {
                    $place->remove;
                }
            }
            my @place = MT::Placement->load({ entry_id => $entry->id, is_primary => 0 });
            for my $place (@place) {
                $place->remove;
            }       
            
            for my $cid (@add_cat) {
                my $place = MT::Placement->new;
                $place->entry_id($entry->id);
                $place->blog_id($entry->blog_id);
                $place->is_primary(0);
                $place->category_id($cid);
                $place->save
                    or return $app->error($app->translate(
                        "Saving placement failed: [_1]", $place->errstr));
            }

        {
            local $app->{component} = 'Commercial';
            CustomFields::App::CMS::CMSPostSave_customfield_objs( $app, $app, $entry )
              or return $app->error( $app->errstr() );
        }

        if ( MT::Entry::RELEASE() == $entry->status ) {
            $app->rebuild_entry( Entry => $entry->id, BuildDependencies => 1, BuildIndexes => 0 )
              or return $app->error(
                $app->translate( "Publish failed: [_1]", $app->errstr ) );

            MT::Util::start_background_task(
                sub {
                    $app->rebuild_indexes( Blog => $blog )
                      or return $app->errtrans( "Publish failed: [_1]", $app->errstr );
                }
            );
        }

        ## Send notification email in the background.
        if ( my $registration = $app->config->CommenterRegistration ) {
            if ( my $ids = $registration->{Notify} ) {
                MT::Util::start_background_task(
                    sub {
                        $app->_send_entry_notification( $entry, $blog, $ids );
                    }
                );
            }
        }


        return $app->redirect($app->uri( mode => 'edit_entry', 
                                                        args => { id => $entry->id, blog_id => $blog_id}));
    }

    return $app->errtrans('Posting a new entry failed.');
}

1;