diff --git a/controllers/EditTag.php b/controllers/EditTag.php index c3d1382..a26107f 100644 --- a/controllers/EditTag.php +++ b/controllers/EditTag.php @@ -10,14 +10,18 @@ class EditTag extends HTMLController { public function __construct() { - // Ensure it's just admins at this point. - if (!Registry::get('user')->isAdmin()) - throw new NotAllowedException(); - $id_tag = isset($_GET['id']) ? (int) $_GET['id'] : 0; if (empty($id_tag) && !isset($_GET['add'])) throw new UnexpectedValueException('Requested tag not found or not requesting a new tag.'); + if (!empty($id_tag)) + $tag = Tag::fromId($id_tag); + + // Are we allowed to edit this tag? + $user = Registry::get('user'); + if (!($user->isAdmin() || $user->getUserId() == $tag->id_user_owner)) + throw new NotAllowedException(); + // Adding an tag? if (isset($_GET['add'])) { @@ -29,7 +33,6 @@ class EditTag extends HTMLController elseif (isset($_GET['delete'])) { // So far so good? - $tag = Tag::fromId($id_tag); if (Session::validateSession('get') && $tag->kind !== 'Album' && $tag->delete()) { header('Location: ' . BASEURL . '/managetags/'); @@ -41,7 +44,6 @@ class EditTag extends HTMLController // Editing one, then, surely. else { - $tag = Tag::fromId($id_tag); if ($tag->kind === 'Album') trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR); @@ -65,11 +67,6 @@ class EditTag extends HTMLController 'request_url' => BASEURL . '/edittag/?' . ($id_tag ? 'id=' . $id_tag : 'add'), 'content_below' => $after_form, 'fields' => [ - 'id_asset_thumb' => [ - 'type' => 'numeric', - 'label' => 'Thumbnail asset ID', - 'is_optional' => true, - ], 'kind' => [ 'type' => 'select', 'label' => 'Kind of tag', @@ -116,6 +113,26 @@ class EditTag extends HTMLController $this->page->adopt(new FeaturedThumbnailManager($assets, $id_tag ? $tag->id_asset_thumb : 0)); } + if (isset($_POST['changeThumbnail'])) + $this->processThumbnail($tag); + elseif (!empty($_POST)) + $this->processTagDetails($form, $id_tag, $tag); + } + + private function processThumbnail($tag) + { + if (empty($_POST)) + return; + + $tag->id_asset_thumb = $_POST['featuredThumbnail']; + $tag->save(); + + header('Location: ' . BASEURL . '/edittag/?id=' . $tag->id_tag); + exit; + } + + private function processTagDetails($form, $id_tag, $tag) + { if (!empty($_POST)) { $form->verify($_POST); diff --git a/models/Tag.php b/models/Tag.php index e6b6f13..d5bbccc 100644 --- a/models/Tag.php +++ b/models/Tag.php @@ -11,6 +11,7 @@ class Tag public $id_tag; public $id_parent; public $id_asset_thumb; + public $id_user_owner; public $tag; public $slug; public $description; @@ -258,7 +259,8 @@ class Tag UPDATE tags SET id_parent = {int:id_parent}, - id_asset_thumb = {int:id_asset_thumb}, + id_asset_thumb = {int:id_asset_thumb},' . (isset($this->id_user_owner) ? ' + id_user_owner = {int:id_user_owner},' : '') . ' tag = {string:tag}, slug = {string:slug}, description = {string:description}, diff --git a/templates/FeaturedThumbnailManager.php b/templates/FeaturedThumbnailManager.php index 910ecdf..ffbe1c0 100644 --- a/templates/FeaturedThumbnailManager.php +++ b/templates/FeaturedThumbnailManager.php @@ -20,6 +20,8 @@ class FeaturedThumbnailManager extends SubTemplate protected function html_content() { echo ' +
'; } }