Show unpublished on main news when user has privs

Author: carlbennett

controllers/News.php

@@ -7,6 +7,7 @@
 use \BNETDocs\Libraries\Exceptions\UnspecifiedViewException;
 use \BNETDocs\Libraries\NewsPost;
 use \BNETDocs\Libraries\Router;
+use \BNETDocs\Libraries\User;
 use \BNETDocs\Libraries\UserSession;
 use \BNETDocs\Models\News as NewsModel;
 use \BNETDocs\Views\NewsHtml as NewsHtmlView;
@@ -29,6 +30,16 @@ public function run(Router &$router) {
     }
     $model = new NewsModel();
     $model->user_session = UserSession::load($router);
+    $model->user         = (isset($model->user_session) ?
+                            new User($model->user_session->user_id) :
+                            null);
+    $model->acl_allowed  = ($model->user &&
+      $model->user->getOptionsBitmask() & (
+        User::OPTION_ACL_NEWS_CREATE |
+        User::OPTION_ACL_NEWS_MODIFY |
+        User::OPTION_ACL_NEWS_DELETE
+      )
+    );
     $this->getNews($model);
     ob_start();
     $view->render($model);
@@ -43,7 +54,7 @@ protected function getNews(NewsModel &$model) {
     $model->news_posts = NewsPost::getAllNews(true);
 
     // Remove news posts that are not published
-    if ($model->news_posts) {
+    if (!$model->acl_allowed && $model->news_posts) {
       $i = count($model->news_posts) - 1;
       while ($i >= 0) {
         if (!($model->news_posts[$i]->getOptionsBitmask()

models/News.php

@@ -6,12 +6,16 @@
 
 class News extends Model {
 
+  public $acl_allowed;
   public $news_posts;
+  public $user;
   public $user_session;
 
   public function __construct() {
     parent::__construct();
+    $this->acl_allowed  = null;
     $this->news_posts   = [];
+    $this->user         = null;
     $this->user_session = null;
   }
 

templates/News.phtml

@@ -3,6 +3,7 @@ namespace BNETDocs\Templates;
 
 use \BNETDocs\Libraries\Common;
 use \BNETDocs\Libraries\Gravatar;
+use \BNETDocs\Libraries\NewsPost;
 use \BNETDocs\Libraries\Pair;
 use \BNETDocs\Libraries\User;
 
@@ -35,6 +36,9 @@ foreach ($this->context->news_posts as $news_post) {
         <a href="https://twitter.com/share?text=<?php echo urlencode($news_post->getTitle()); ?>&amp;url=<?php echo urlencode($url); ?>" rel="external" data-popup="1"><img class="social-btn float-right" src="<?php echo Common::relativeUrlToAbsolute("/a/social-twitter-24px.png"); ?>"/></a>
         <a href="https://facebook.com/sharer/sharer.php?u=<?php echo urlencode($url); ?>" rel="external" data-popup="1"><img class="social-btn float-right" src="<?php echo Common::relativeUrlToAbsolute("/a/social-facebook-24px.png"); ?>"/></a>
         <header><a href="<?php echo $url; ?>"><?php echo $news_post->getTitle(); ?></a></header>
+<?php if (!($news_post->getOptionsBitmask() & NewsPost::OPTION_PUBLISHED)) { ?>
+        <section class="red"><p><strong>Warning:</strong> This news post is not yet published. You can view this because you are allowed to create, modify, or delete news posts.</p></section>
+<?php } ?>
         <section class="news"><img class="category" alt="<?php echo $news_post->getCategory()->getLabel(); ?>" title="<?php echo $news_post->getCategory()->getLabel(); ?>" src="<?php echo Common::relativeUrlToAbsolute("/a/news_categories/" . $news_post->getCategory()->getFilename()); ?>"/><?php echo $news_post->getContent(true); ?></section>
         <footer>
           <span class="float-left"><a href="<?php echo Common::relativeUrlToAbsolute("/user/" . urlencode($user_id) . "/" . Common::sanitizeForUrl($users[$user_id]->getName(), true)); ?>"><img class="avatar" src="<?php echo $avatar; ?>"/> <?php echo htmlspecialchars($users[$user_id]->getName(), ENT_HTML5, "UTF-8"); ?></a></span>