cmCalendar Module "event owned by user" enhancement

[thoblerone]

Hello everyone,

thanks "breitsch" for a really great cmCalendar mod and that he already put the neccessary table fields into the DB! Today I finished pushing the module a step forward by adding some backend user security features:

a) Only users from the Admin group may create, edit or delete cmCalender categories
b) Any events is assigned an owner (creator). Only the owner and users from the admin group may edit or delete a given cmCalendar event

Using this modification it is possible to have various standard backend users sharing the same calendar but they are not able to change each others entries.

Required changes are only a few and pretty easy. Important notice: line numbers specified are referring to the unchanged files, even if after the first changes you may have added a few lines! Anyhow most of the times I specified the old lines which are quite unique around their place.

a) Event categories only for admins just needs two changes in mod_cm_calendar\inc\listing.cal.inc.php

line 115ff change this

Code: Select all

<div class="navBarLeft imgButton chatlist" style="float:left">
	&nbsp;&nbsp;
	<a href="<?php echo cm_map_url('controller=cal') ?>&edit=0" title="<?php echo $BLM['create_new_cal'] ?>"><img src="<?php echo $phpwcms['modules'][$module]['dir'].'img/'; ?>cal_add.gif" alt="Add" border="0" /><span><?php echo $BLM['create_new_cal'] ?></span></a>
</div>

to (must be admin to add category)

Code: Select all

<?php // TB Modification: only admins may create calendar categories
	if ($_SESSION["wcs_user_admin"] == 1) {
		echo '<div class="navBarLeft imgButton chatlist" style="float:left">'.LF;
		echo '&nbsp;&nbsp;'.LF;
		echo '<a href="' . cm_map_url('controller=cal') .'&edit=0" title="'. $BLM['create_new_cal'] .'">';
		echo '<img src="'. $phpwcms['modules'][$module]['dir'].'img/' . 'cal_add.gif" alt="Add" border="0" />';
		echo '<span>' . $BLM['create_new_cal'] .'</span></a>'.LF;
		echo '</div>'.LF;
	}
?>

line 203 (as in the unchanged file!!!) insert (only admins my change or delete categories)
old line 203:

Code: Select all

echo '<a href="'.$controller_link.'&edit='.$row["cm_cat_id"].'">';

new lines 203/204:

Code: Select all

	if ($_SESSION["wcs_user_admin"] == 1) {
		echo '<a href="'.$controller_link.'&edit='.$row["cm_cat_id"].'">';	

after line 213 add

Code: Select all

	   // }  <-- this is the old line 213: commented out bracket 
	}
	else
	{
		echo '&nbsp;';
	}

Thats all for the category thing.

b) Some more work is needed for event user management.

mod_cm_calendar\lang\de.lang.php
add this line, best fitting at line 69

Code: Select all

$BLM['entry_uid']             = 'Termin Besitzer';

mod_cm_calendar\lang\en.lang.php
add this line, best fitting at line 69

Code: Select all

$BLM['entry_uid']             = Event Owner';

mod_cm_calendar\inc\edit.events.inc.php
line191 ff replace

Code: Select all

  <!-- end teaser -->
	<tr><td colspan="3"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr>
  <!-- image -->

with (display and edit event owner in clear text)

Code: Select all

  <!-- end teaser -->
	<tr><td colspan="3"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr>
  	<tr><!-- @TB owner userID-->
        <td align="right" class="chatlist">&nbsp;&nbsp;<?php echo $BLM['entry_uid']; ?></td>
        <td align="left">
					
			<table border="0" cellpadding="0" cellspacing="0" summary="">
				<tr>
					<td><select name="cm_events_userId" id="cm_events_userId" style="width: 300px" class="f11b">
				<?php
				$u_sql = "SELECT usr_id, usr_name, usr_login, usr_admin FROM ".DB_PREPEND."phpwcms_user WHERE usr_aktiv=1 ORDER BY usr_admin DESC, usr_name";
				if($u_result = mysql_query($u_sql, $db)) {
					while($u_row = mysql_fetch_row($u_result)) {
						echo '<option value="'.$u_row[0].'"';
						if (
							$u_row[0] == $plugin['data']['cm_events_userId'] ||
							 ( $plugin['data']['cm_events_userId'] == 0 &&
							   $u_row[0] == $_SESSION['wcs_user_id']
							 )
						 )
						{
							echo ' selected';
						}	
						if(intval($u_row[3])) echo ' style="background-color: #FFC299;"';
						echo '>'.html_specialchars(($u_row[1]) ? $u_row[1] : $u_row[2]).'</option>'."\n";
					}
					mysql_free_result($u_result);
				}
				
				?></select></td>
				<td>&nbsp;&nbsp;&nbsp;</td>
				<td bgcolor="#FFC299"><img src="img/leer.gif" alt="" width="15" height="10" /></td>
				<td class="chatlist">&nbsp;<?php echo $BL['be_article_adminuser'] ?></td>
				</tr></table>			
			
		</td>
	</tr>
	<!-- image -->

mod_cm_calendar\inc\listing.events.inc.php
lines 350-352 change td width = 25% to td width= 24% and after that add some code

Code: Select all

    echo '<td width="24%">'.$BLM['entry_date'].': '.date($BLM['entry_dateformat'], strtotime($row["cm_events_date"])).'</td>'.LF;
    echo '<td width="24%">'.$BLM['entry_time'].': '.$row["cm_events_time"].'</td>'.LF;
    echo '<td width="24%">'.$BLM['entry_span'].': '.$row["cm_events_span"].'</td>'.LF;
	// TB show event owner user id
    echo '<td width="24%">'.$BLM['entry_uid'].': '.$row["cm_events_userId"] . "<br />".LF;
	// TB get clear text user name from ID
	{
		$usr_sql = "SELECT usr_id, usr_name, usr_login FROM ".DB_PREPEND."phpwcms_user WHERE usr_id=".$row["cm_events_userId"];
		if($usr_result = mysql_query($usr_sql, $db)) {
			if ($usr_row = mysql_fetch_row($usr_result)) {
				echo $usr_row[2].'<br />'.$usr_row[1];
			}
			mysql_free_result($usr_result);
		}
	}
    echo '</td>'.LF;
    echo '<td width="4%" align="right">';

put lines 409-419 in curly braket and prepend the statement if current user is event owner or admin

Code: Select all

	// TB Edit functions only, if this is user's own event or current user is admin
	if ($_SESSION['wcs_user_id'] == $row["cm_events_userId"] ||
	    $_SESSION["wcs_user_admin"] == 1)
	{
		echo '<a href="'.$controller_link.'&edit='.$row["cm_events_id"].'">';		
		echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/edit_22x13.gif" border="0" alt="" /></a>';
	   //if ($row["cm_events_id"]!=1) {	
		echo '<a href="'.$controller_link.'&verify=' . $row["cm_events_id"] . '-' . $row["cm_events_status"] .'">';		
		echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/aktiv_12x13_'.$row["cm_events_status"].'.gif" border="0" alt="" /></a>';
		echo '<a href="'.$controller_link.'&delete='.$row["cm_events_id"];
		echo '" title="delete: '.html_specialchars($row["cm_events_title"]).'"';
		echo ' onclick="return confirm(\''.$BLM['delete_entry'].' '.html_specialchars(addslashes($row["cm_events_title"])).'\');">';
		echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/trash_13x13_1.gif" border="0" alt=""></a>';
	   //} 
	}
  	echo '</td></tr></table>'.LF;
	echo '</td>'.LF; 

mod_cm_calendar\inc\processing.events.inc.php
line 60 remove comments

Code: Select all

      'cm_events_userId' => intval($_POST['cm_events_userId']), //int(11) NOT NULL default '0', --used by TB mod—

line120 remove comment and add apostrophe near the end

Code: Select all

	$sql .= "cm_events_userId = '".$plugin['data']['cm_events_userId']."', ";

line 164 small change; insert insert cm_events_userId after cm_events_setid

Code: Select all

  		$sql .= 'cm_events_created, cm_events_changed, cm_events_date, cm_events_span,
	cm_events_time, cm_events_title, cm_events_image, cm_events_location,
	cm_events_description, cm_events_extrainfo, cm_events_setid, cm_events_userId, 
	cm_events_article, cm_events_dat_undef, cm_events_allcals, cm_events_status';

line 179 remove comment and add apostrophe near the end

Code: Select all

	$sql .= "'".$plugin['data']['cm_events_userId']."', ";

Zeile 217 remove comment

Code: Select all

	'cm_events_userId' => intval($_POST['cm_events_userId']), //int(11) NOT NULL default '0', --used by TB mod--

Zeile 262 remove comment and add apostrophe near the end

Code: Select all

	$sql .= "cm_events_userId = '".$plugin['data']['cm_events_userId']."', ";

Thats it with the required changes in the backend. But I found that changing two templates adds further comfort in the frontend.

mod_cm_calendar\template\print\frontend_listing_print.tmpl (complete code here. Picture formatting was changed to keep aspect)

Code: Select all

<!--CALENDAR_LIST_ENTRY_START//-->

	<div class="cmCalListingEntry">
  	<div class="cmCalListingDetail">
      [CALENDAR_DATE]{CALENDAR_DATE}[/CALENDAR_DATE]
      [CALENDAR_TITLE]<h2>[LANG_TITLE]{LANG_TITLE}: [/LANG_TITLE]{CALENDAR_TITLE}</h2>[/CALENDAR_TITLE]
    	[CALENDAR_TIME]<br />[LANG_TIME]{LANG_TIME}: [/LANG_TIME]{CALENDAR_TIME}[/CALENDAR_TIME][CALENDAR_SPAN] - {CALENDAR_SPAN}[/CALENDAR_SPAN]
    	[CALENDAR_LOCATION]<br />[LANG_LOCATION]{LANG_LOCATION}: [/LANG_LOCATION]{CALENDAR_LOCATION}[/CALENDAR_LOCATION]
    	[CALENDAR_DESCRIPTION]<br />[LANG_DESCRIPTION]{LANG_DESCRIPTION}: [/LANG_DESCRIPTION]{CALENDAR_DESCRIPTION}[/CALENDAR_DESCRIPTION]
    	    		[IMAGE]
		[ZOOM_ELSE]
			[IMAGE_URL]<a href="{IMAGE_URL}"{IMAGE_URL_TARGET}>[/IMAGE_URL]
				<img src="../../../img/cmsimage.php/150x150/{IMAGE_ID}" alt="{IMAGE}" border="0" />
			[IMAGE_URL]</a>[/IMAGE_URL]
			[CAPTION]<p>{CAPTION}</p>[/CAPTION]
		[/ZOOM_ELSE]
		[ZOOM]
			<a href="../../../img/cmsimage.php/600x400/{IMAGE_ID}" target="_blank"{LIGHTBOX}[LIGHTBOX_CAPTION] title="{LIGHTBOX_CAPTION}"[/LIGHTBOX_CAPTION]>
				<img src="../../../img/cmsimage.php/100x100/{IMAGE_ID}" alt="{IMAGE}" border="0" />
			</a>
		[/ZOOM]		
	[/IMAGE]
    </div>
	</div>
	
<!--CALENDAR_LIST_ENTRY_END//-->

<!--CALENDAR_LIST_ENTRY_SPACE_START//-->

	<!-- space between CALENDAR items -->
	<div class="cmCalListingSpace"></div>
	
<!--CALENDAR_LIST_ENTRY_SPACE_END//-->

<!--CALENDAR_LIST_TOP_START//-->
  <div class="cmCalListing">
    <div class="cmCalListingHead"></div>
[CALENDAR_ENTRIES]{CALENDAR_ENTRIES}[/CALENDAR_ENTRIES]

<!--CALENDAR_LIST_TOP_END//-->

<!--CALENDAR_LIST_BOTTOM_START//-->

  </div>
  <div style="clear:both;"></div>

<!--CALENDAR_LIST_BOTTOM_END//-->

mod_cm_calendar\template\cntpart\ tb_event_listing.tmpl Enhanced template for the event listing. Calender entries are completely depending on css entries which (can) eliminates some fixed div positioning which lead to ugly overlapping displays, e.g. at event day and day details.

Code: Select all

<!--CALENDAR_LIST_ENTRY_START//-->
	<div class="cmCalListingEntry">
		<div class="cmCalListingDate">
			<div class="cmCalListingDate_day">
				{FORMAT_DATE:j}
			</div>
			<div class="cmCalListingDate_detail">
				{FORMAT_DATE:l}, [CALENDAR_DATE]{CALENDAR_DATE}[/CALENDAR_DATE]
			</div>
		</div>
		<div class="cmCalListingDetail">
			[CALENDAR_ICAL]
				<div class="cmCalListingiCal">
					{CALENDAR_ICAL}
				</div>
			[/CALENDAR_ICAL]
			[CALENDAR_TITLE]
				<h2 class="cmCalListingDetail_Title">
					<!-- [LANG_TITLE]
						{LANG_TITLE}: 
					[/LANG_TITLE] -->
					{CALENDAR_TITLE}
				</h2>
			[/CALENDAR_TITLE]
			<div class=class="cmCalListingDetail_Time">[CALENDAR_TIME][LANG_TIME]{LANG_TIME}: [/LANG_TIME]{CALENDAR_TIME}[/CALENDAR_TIME][CALENDAR_SPAN] - {CALENDAR_SPAN}[/CALENDAR_SPAN]</div>
			[CALENDAR_LOCATION]<div class=class="cmCalListingDetail_Location">[LANG_LOCATION]{LANG_LOCATION}: [/LANG_LOCATION]{CALENDAR_LOCATION}</div>[/CALENDAR_LOCATION]
			[CALENDAR_DESCRIPTION]<div class=class="cmCalListingDetail_Description"><br /><!--[LANG_DESCRIPTION]{LANG_DESCRIPTION}: [/LANG_DESCRIPTION]-->{CALENDAR_DESCRIPTION}</div>[/CALENDAR_DESCRIPTION]
		  [IMAGE]
			[ZOOM_ELSE]
				[IMAGE_URL]<a href="{IMAGE_URL}"{IMAGE_URL_TARGET}>[/IMAGE_URL]
					<img src="img/cmsimage.php/150x150/{IMAGE_ID}" alt="{IMAGE}" border="0" />
				[IMAGE_URL]</a>[/IMAGE_URL]
				[CAPTION]<p>{CAPTION}</p>[/CAPTION]
			[/ZOOM_ELSE]
			[ZOOM]
				<a href="img/cmsimage.php/600x400/{IMAGE_ID}" target="_blank"{LIGHTBOX}[LIGHTBOX_CAPTION] title="{LIGHTBOX_CAPTION}"[/LIGHTBOX_CAPTION]>
					<img src="img/cmsimage.php/100x100/{IMAGE_ID}" alt="{IMAGE}" border="0" />
				</a>
			[/ZOOM]		
		[/IMAGE]
		  [CALENDAR_ARTICLELINK]<br>{CALENDAR_ARTICLELINK}[/CALENDAR_ARTICLELINK]
		</div>
	</div>
	
<!--CALENDAR_LIST_ENTRY_END//-->

<!--CALENDAR_LIST_ENTRY_SPACE_START//-->

	<!-- space between CALENDAR items -->
	<div class="cmCalListingSpace"></div>
	
<!--CALENDAR_LIST_ENTRY_SPACE_END//-->

<!--CALENDAR_LIST_TOP_START//-->

  <div class="cmCalListing">
    <div class="cmCalListingHead">
      <div style="float:left;">{PRINT_LINK} {ICAL_LINK}</div><div style="float:right;"> [LANG_SELECTION]{LANG_SELECTION}:[/LANG_SELECTION] {SELECTION_DROPDOWN}</div><div style="clear:left;"></div>
    </div>
[CALENDAR_ENTRIES]{CALENDAR_ENTRIES}[/CALENDAR_ENTRIES]

<!--CALENDAR_LIST_TOP_END//-->

<!--CALENDAR_LIST_BOTTOM_START//-->

  </div><div style="clear:both;"></div>

<!--CALENDAR_LIST_BOTTOM_END//-->

To get this template working, please add to the standard css

Code: Select all

/* TB cmCalendar styles */
div.cmCalListingDate {
   font-weight: bold;
}

div.cmCalListingDate_day {
   font-size: 40px;
   color: #969696;
}

div.cmCalListingDate_detail {
}

div.cmCalListingDetail {
   margin:15px 0 0 20px;
}

div.cmCalListingDetail_Time {
}

div.cmCalListingDetail_Location {
}

div.cmCalListingDetail_Description {
}

[baklavoni]

Great work!
Will surely use it!

Thank you

[thoblerone]

I have included some minor but recommended changes in the event edit form (around mod_cm_calendar\inc\edit.events.inc.php line191 ff) into the original posting.

Thomas

[breitsch]

eventually added to the module with some minor changes
Thanks @thoblerone!!
see: http://code.google.com/p/phpwcms-modules/

There will be more updates to this module within the next days, the Doku will be added in the wiki-site, stay tuned!

[thoblerone]

Hello breitsch,
I'm pleased to hear I could contribute something useful.
Thomas