cmCalendar Module "event owned by user" enhancement
Posted: Mon 1. Nov 2010, 19:43
Hello everyone,
thanks "breitsch" for a really great cmCalendar mod and that he already put the neccessary table fields into the DB! Today I finished pushing the module a step forward by adding some backend user security features:
a) Only users from the Admin group may create, edit or delete cmCalender categories
b) Any events is assigned an owner (creator). Only the owner and users from the admin group may edit or delete a given cmCalendar event
Using this modification it is possible to have various standard backend users sharing the same calendar but they are not able to change each others entries.
Required changes are only a few and pretty easy. Important notice: line numbers specified are referring to the unchanged files, even if after the first changes you may have added a few lines! Anyhow most of the times I specified the old lines which are quite unique around their place.
a) Event categories only for admins just needs two changes in mod_cm_calendar\inc\listing.cal.inc.php
line 115ff change this
to (must be admin to add category)
line 203 (as in the unchanged file!!!) insert (only admins my change or delete categories)
old line 203:
new lines 203/204:
after line 213 add
Thats all for the category thing.
b) Some more work is needed for event user management.
mod_cm_calendar\lang\de.lang.php
add this line, best fitting at line 69
mod_cm_calendar\lang\en.lang.php
add this line, best fitting at line 69
mod_cm_calendar\inc\edit.events.inc.php
line191 ff replace
with (display and edit event owner in clear text)
mod_cm_calendar\inc\listing.events.inc.php
lines 350-352 change td width = 25% to td width= 24% and after that add some code
put lines 409-419 in curly braket and prepend the statement if current user is event owner or admin
mod_cm_calendar\inc\processing.events.inc.php
line 60 remove comments
line120 remove comment and add apostrophe near the end
line 164 small change; insert insert cm_events_userId after cm_events_setid
line 179 remove comment and add apostrophe near the end
Zeile 217 remove comment
Zeile 262 remove comment and add apostrophe near the end
Thats it with the required changes in the backend. But I found that changing two templates adds further comfort in the frontend.
mod_cm_calendar\template\print\frontend_listing_print.tmpl (complete code here. Picture formatting was changed to keep aspect)
mod_cm_calendar\template\cntpart\ tb_event_listing.tmpl Enhanced template for the event listing. Calender entries are completely depending on css entries which (can) eliminates some fixed div positioning which lead to ugly overlapping displays, e.g. at event day and day details.
To get this template working, please add to the standard css
thanks "breitsch" for a really great cmCalendar mod and that he already put the neccessary table fields into the DB! Today I finished pushing the module a step forward by adding some backend user security features:
a) Only users from the Admin group may create, edit or delete cmCalender categories
b) Any events is assigned an owner (creator). Only the owner and users from the admin group may edit or delete a given cmCalendar event
Using this modification it is possible to have various standard backend users sharing the same calendar but they are not able to change each others entries.
Required changes are only a few and pretty easy. Important notice: line numbers specified are referring to the unchanged files, even if after the first changes you may have added a few lines! Anyhow most of the times I specified the old lines which are quite unique around their place.
a) Event categories only for admins just needs two changes in mod_cm_calendar\inc\listing.cal.inc.php
line 115ff change this
Code: Select all
<div class="navBarLeft imgButton chatlist" style="float:left">
<a href="<?php echo cm_map_url('controller=cal') ?>&edit=0" title="<?php echo $BLM['create_new_cal'] ?>"><img src="<?php echo $phpwcms['modules'][$module]['dir'].'img/'; ?>cal_add.gif" alt="Add" border="0" /><span><?php echo $BLM['create_new_cal'] ?></span></a>
</div>Code: Select all
<?php // TB Modification: only admins may create calendar categories
if ($_SESSION["wcs_user_admin"] == 1) {
echo '<div class="navBarLeft imgButton chatlist" style="float:left">'.LF;
echo ' '.LF;
echo '<a href="' . cm_map_url('controller=cal') .'&edit=0" title="'. $BLM['create_new_cal'] .'">';
echo '<img src="'. $phpwcms['modules'][$module]['dir'].'img/' . 'cal_add.gif" alt="Add" border="0" />';
echo '<span>' . $BLM['create_new_cal'] .'</span></a>'.LF;
echo '</div>'.LF;
}
?>old line 203:
Code: Select all
echo '<a href="'.$controller_link.'&edit='.$row["cm_cat_id"].'">';Code: Select all
if ($_SESSION["wcs_user_admin"] == 1) {
echo '<a href="'.$controller_link.'&edit='.$row["cm_cat_id"].'">'; Code: Select all
// } <-- this is the old line 213: commented out bracket
}
else
{
echo ' ';
}b) Some more work is needed for event user management.
mod_cm_calendar\lang\de.lang.php
add this line, best fitting at line 69
Code: Select all
$BLM['entry_uid'] = 'Termin Besitzer';add this line, best fitting at line 69
Code: Select all
$BLM['entry_uid'] = Event Owner';line191 ff replace
Code: Select all
<!-- end teaser -->
<tr><td colspan="3"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr>
<!-- image -->Code: Select all
<!-- end teaser -->
<tr><td colspan="3"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr>
<tr><!-- @TB owner userID-->
<td align="right" class="chatlist"> <?php echo $BLM['entry_uid']; ?></td>
<td align="left">
<table border="0" cellpadding="0" cellspacing="0" summary="">
<tr>
<td><select name="cm_events_userId" id="cm_events_userId" style="width: 300px" class="f11b">
<?php
$u_sql = "SELECT usr_id, usr_name, usr_login, usr_admin FROM ".DB_PREPEND."phpwcms_user WHERE usr_aktiv=1 ORDER BY usr_admin DESC, usr_name";
if($u_result = mysql_query($u_sql, $db)) {
while($u_row = mysql_fetch_row($u_result)) {
echo '<option value="'.$u_row[0].'"';
if (
$u_row[0] == $plugin['data']['cm_events_userId'] ||
( $plugin['data']['cm_events_userId'] == 0 &&
$u_row[0] == $_SESSION['wcs_user_id']
)
)
{
echo ' selected';
}
if(intval($u_row[3])) echo ' style="background-color: #FFC299;"';
echo '>'.html_specialchars(($u_row[1]) ? $u_row[1] : $u_row[2]).'</option>'."\n";
}
mysql_free_result($u_result);
}
?></select></td>
<td> </td>
<td bgcolor="#FFC299"><img src="img/leer.gif" alt="" width="15" height="10" /></td>
<td class="chatlist"> <?php echo $BL['be_article_adminuser'] ?></td>
</tr></table>
</td>
</tr>
<!-- image -->
lines 350-352 change td width = 25% to td width= 24% and after that add some code
Code: Select all
echo '<td width="24%">'.$BLM['entry_date'].': '.date($BLM['entry_dateformat'], strtotime($row["cm_events_date"])).'</td>'.LF;
echo '<td width="24%">'.$BLM['entry_time'].': '.$row["cm_events_time"].'</td>'.LF;
echo '<td width="24%">'.$BLM['entry_span'].': '.$row["cm_events_span"].'</td>'.LF;
// TB show event owner user id
echo '<td width="24%">'.$BLM['entry_uid'].': '.$row["cm_events_userId"] . "<br />".LF;
// TB get clear text user name from ID
{
$usr_sql = "SELECT usr_id, usr_name, usr_login FROM ".DB_PREPEND."phpwcms_user WHERE usr_id=".$row["cm_events_userId"];
if($usr_result = mysql_query($usr_sql, $db)) {
if ($usr_row = mysql_fetch_row($usr_result)) {
echo $usr_row[2].'<br />'.$usr_row[1];
}
mysql_free_result($usr_result);
}
}
echo '</td>'.LF;
echo '<td width="4%" align="right">';Code: Select all
// TB Edit functions only, if this is user's own event or current user is admin
if ($_SESSION['wcs_user_id'] == $row["cm_events_userId"] ||
$_SESSION["wcs_user_admin"] == 1)
{
echo '<a href="'.$controller_link.'&edit='.$row["cm_events_id"].'">';
echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/edit_22x13.gif" border="0" alt="" /></a>';
//if ($row["cm_events_id"]!=1) {
echo '<a href="'.$controller_link.'&verify=' . $row["cm_events_id"] . '-' . $row["cm_events_status"] .'">';
echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/aktiv_12x13_'.$row["cm_events_status"].'.gif" border="0" alt="" /></a>';
echo '<a href="'.$controller_link.'&delete='.$row["cm_events_id"];
echo '" title="delete: '.html_specialchars($row["cm_events_title"]).'"';
echo ' onclick="return confirm(\''.$BLM['delete_entry'].' '.html_specialchars(addslashes($row["cm_events_title"])).'\');">';
echo '<img src="'.$phpwcms['modules'][$module]['dir'].'img/trash_13x13_1.gif" border="0" alt=""></a>';
//}
}
echo '</td></tr></table>'.LF;
echo '</td>'.LF; line 60 remove comments
Code: Select all
'cm_events_userId' => intval($_POST['cm_events_userId']), //int(11) NOT NULL default '0', --used by TB mod—Code: Select all
$sql .= "cm_events_userId = '".$plugin['data']['cm_events_userId']."', ";Code: Select all
$sql .= 'cm_events_created, cm_events_changed, cm_events_date, cm_events_span,
cm_events_time, cm_events_title, cm_events_image, cm_events_location,
cm_events_description, cm_events_extrainfo, cm_events_setid, cm_events_userId,
cm_events_article, cm_events_dat_undef, cm_events_allcals, cm_events_status';Code: Select all
$sql .= "'".$plugin['data']['cm_events_userId']."', ";Code: Select all
'cm_events_userId' => intval($_POST['cm_events_userId']), //int(11) NOT NULL default '0', --used by TB mod--Code: Select all
$sql .= "cm_events_userId = '".$plugin['data']['cm_events_userId']."', ";mod_cm_calendar\template\print\frontend_listing_print.tmpl (complete code here. Picture formatting was changed to keep aspect)
Code: Select all
<!--CALENDAR_LIST_ENTRY_START//-->
<div class="cmCalListingEntry">
<div class="cmCalListingDetail">
[CALENDAR_DATE]{CALENDAR_DATE}[/CALENDAR_DATE]
[CALENDAR_TITLE]<h2>[LANG_TITLE]{LANG_TITLE}: [/LANG_TITLE]{CALENDAR_TITLE}</h2>[/CALENDAR_TITLE]
[CALENDAR_TIME]<br />[LANG_TIME]{LANG_TIME}: [/LANG_TIME]{CALENDAR_TIME}[/CALENDAR_TIME][CALENDAR_SPAN] - {CALENDAR_SPAN}[/CALENDAR_SPAN]
[CALENDAR_LOCATION]<br />[LANG_LOCATION]{LANG_LOCATION}: [/LANG_LOCATION]{CALENDAR_LOCATION}[/CALENDAR_LOCATION]
[CALENDAR_DESCRIPTION]<br />[LANG_DESCRIPTION]{LANG_DESCRIPTION}: [/LANG_DESCRIPTION]{CALENDAR_DESCRIPTION}[/CALENDAR_DESCRIPTION]
[IMAGE]
[ZOOM_ELSE]
[IMAGE_URL]<a href="{IMAGE_URL}"{IMAGE_URL_TARGET}>[/IMAGE_URL]
<img src="../../../img/cmsimage.php/150x150/{IMAGE_ID}" alt="{IMAGE}" border="0" />
[IMAGE_URL]</a>[/IMAGE_URL]
[CAPTION]<p>{CAPTION}</p>[/CAPTION]
[/ZOOM_ELSE]
[ZOOM]
<a href="../../../img/cmsimage.php/600x400/{IMAGE_ID}" target="_blank"{LIGHTBOX}[LIGHTBOX_CAPTION] title="{LIGHTBOX_CAPTION}"[/LIGHTBOX_CAPTION]>
<img src="../../../img/cmsimage.php/100x100/{IMAGE_ID}" alt="{IMAGE}" border="0" />
</a>
[/ZOOM]
[/IMAGE]
</div>
</div>
<!--CALENDAR_LIST_ENTRY_END//-->
<!--CALENDAR_LIST_ENTRY_SPACE_START//-->
<!-- space between CALENDAR items -->
<div class="cmCalListingSpace"></div>
<!--CALENDAR_LIST_ENTRY_SPACE_END//-->
<!--CALENDAR_LIST_TOP_START//-->
<div class="cmCalListing">
<div class="cmCalListingHead"></div>
[CALENDAR_ENTRIES]{CALENDAR_ENTRIES}[/CALENDAR_ENTRIES]
<!--CALENDAR_LIST_TOP_END//-->
<!--CALENDAR_LIST_BOTTOM_START//-->
</div>
<div style="clear:both;"></div>
<!--CALENDAR_LIST_BOTTOM_END//-->mod_cm_calendar\template\cntpart\ tb_event_listing.tmpl Enhanced template for the event listing. Calender entries are completely depending on css entries which (can) eliminates some fixed div positioning which lead to ugly overlapping displays, e.g. at event day and day details.
Code: Select all
<!--CALENDAR_LIST_ENTRY_START//-->
<div class="cmCalListingEntry">
<div class="cmCalListingDate">
<div class="cmCalListingDate_day">
{FORMAT_DATE:j}
</div>
<div class="cmCalListingDate_detail">
{FORMAT_DATE:l}, [CALENDAR_DATE]{CALENDAR_DATE}[/CALENDAR_DATE]
</div>
</div>
<div class="cmCalListingDetail">
[CALENDAR_ICAL]
<div class="cmCalListingiCal">
{CALENDAR_ICAL}
</div>
[/CALENDAR_ICAL]
[CALENDAR_TITLE]
<h2 class="cmCalListingDetail_Title">
<!-- [LANG_TITLE]
{LANG_TITLE}:
[/LANG_TITLE] -->
{CALENDAR_TITLE}
</h2>
[/CALENDAR_TITLE]
<div class=class="cmCalListingDetail_Time">[CALENDAR_TIME][LANG_TIME]{LANG_TIME}: [/LANG_TIME]{CALENDAR_TIME}[/CALENDAR_TIME][CALENDAR_SPAN] - {CALENDAR_SPAN}[/CALENDAR_SPAN]</div>
[CALENDAR_LOCATION]<div class=class="cmCalListingDetail_Location">[LANG_LOCATION]{LANG_LOCATION}: [/LANG_LOCATION]{CALENDAR_LOCATION}</div>[/CALENDAR_LOCATION]
[CALENDAR_DESCRIPTION]<div class=class="cmCalListingDetail_Description"><br /><!--[LANG_DESCRIPTION]{LANG_DESCRIPTION}: [/LANG_DESCRIPTION]-->{CALENDAR_DESCRIPTION}</div>[/CALENDAR_DESCRIPTION]
[IMAGE]
[ZOOM_ELSE]
[IMAGE_URL]<a href="{IMAGE_URL}"{IMAGE_URL_TARGET}>[/IMAGE_URL]
<img src="img/cmsimage.php/150x150/{IMAGE_ID}" alt="{IMAGE}" border="0" />
[IMAGE_URL]</a>[/IMAGE_URL]
[CAPTION]<p>{CAPTION}</p>[/CAPTION]
[/ZOOM_ELSE]
[ZOOM]
<a href="img/cmsimage.php/600x400/{IMAGE_ID}" target="_blank"{LIGHTBOX}[LIGHTBOX_CAPTION] title="{LIGHTBOX_CAPTION}"[/LIGHTBOX_CAPTION]>
<img src="img/cmsimage.php/100x100/{IMAGE_ID}" alt="{IMAGE}" border="0" />
</a>
[/ZOOM]
[/IMAGE]
[CALENDAR_ARTICLELINK]<br>{CALENDAR_ARTICLELINK}[/CALENDAR_ARTICLELINK]
</div>
</div>
<!--CALENDAR_LIST_ENTRY_END//-->
<!--CALENDAR_LIST_ENTRY_SPACE_START//-->
<!-- space between CALENDAR items -->
<div class="cmCalListingSpace"></div>
<!--CALENDAR_LIST_ENTRY_SPACE_END//-->
<!--CALENDAR_LIST_TOP_START//-->
<div class="cmCalListing">
<div class="cmCalListingHead">
<div style="float:left;">{PRINT_LINK} {ICAL_LINK}</div><div style="float:right;"> [LANG_SELECTION]{LANG_SELECTION}:[/LANG_SELECTION] {SELECTION_DROPDOWN}</div><div style="clear:left;"></div>
</div>
[CALENDAR_ENTRIES]{CALENDAR_ENTRIES}[/CALENDAR_ENTRIES]
<!--CALENDAR_LIST_TOP_END//-->
<!--CALENDAR_LIST_BOTTOM_START//-->
</div><div style="clear:both;"></div>
<!--CALENDAR_LIST_BOTTOM_END//-->Code: Select all
/* TB cmCalendar styles */
div.cmCalListingDate {
font-weight: bold;
}
div.cmCalListingDate_day {
font-size: 40px;
color: #969696;
}
div.cmCalListingDate_detail {
}
div.cmCalListingDetail {
margin:15px 0 0 20px;
}
div.cmCalListingDetail_Time {
}
div.cmCalListingDetail_Location {
}
div.cmCalListingDetail_Description {
}