improve roles in page edit and delete close #353

- invert confirmdelete and delete routes
- precise infos about roles in manual
- add icon for theme selector in editor
- use back top bar in forbidden view

MANUAL.md

@@ -1049,6 +1049,7 @@ Invite Editors are the lowest editor status possible. They can only access the [
 
 - Can create pages and edit them.
 - Can only edit pages when listed as [author](#authors).
+- Can only delete pages if they are the only author.
 
 #### Super Editor
 
@@ -1057,6 +1058,8 @@ Invite Editors are the lowest editor status possible. They can only access the [
 - Can edit any pages they like.
 - Can manage users as [author](#authors) of a page.
 - Can use the home menu and media menu to access powerfull features.
+- Can delete any page.
+- Have access to mass edit features.
 
 #### Administrator
 

app/class/Controller.php

@@ -94,6 +94,12 @@ public function initplates()
         $this->plates->registerFunction('ubookmark', function (string $string, string $id) {
             return $this->generate($string, ['bookmark' => $id]);
         });
+        $this->plates->registerFunction('caneditpage', function (Page $page) {
+            return $this->canedit($page);
+        });
+        $this->plates->registerFunction('candeletepage', function (Page $page) {
+            return $this->candelete($page);
+        });
         $this->plates->addData(['flashmessages' => Model::getflashmessages()]);
     }
 
@@ -195,6 +201,8 @@ protected function workspace2session(): void
     /**
      * Tell if the current user can edit the given Page
      *
+     * User need to be SUPEREDITOR, otherwise, it need to be author of a page.
+     *
      * @param Page $page
      */
     protected function canedit(Page $page): bool
@@ -207,4 +215,22 @@ protected function canedit(Page $page): bool
             return false;
         }
     }
+
+    /**
+     * Tell if the current user can delete the given Page
+     *
+     * User need to be SUPEREDITOR, otherwise, it need to be the only author of a page.
+     *
+     * @param Page $page
+     */
+    protected function candelete(Page $page): bool
+    {
+        if ($this->user->issupereditor()) {
+            return true;
+        } elseif ($this->user->isinvite() || $this->user->iseditor()) {
+            return ($page->authors() === [$this->user->id()]);
+        } else {
+            return false;
+        }
+    }
 }

app/class/Controllerapipage.php

@@ -7,8 +7,6 @@
 
 class Controllerapipage extends Controllerapi
 {
-    use Voterpage;
-
     /** @var Page|null $page */
     protected ?Page $page;
 

app/class/Controllerinfo.php

@@ -10,6 +10,12 @@ class Controllerinfo extends Controller
     public function __construct($render)
     {
         parent::__construct($render);
+
+        if ($this->user->isvisitor()) {
+            http_response_code(401);
+            $this->showtemplate('connect', ['route' => 'info']);
+            exit;
+        }
     }
 
     public function desktop()

app/class/Controllerpage.php

@@ -11,8 +11,6 @@
 
 class Controllerpage extends Controller
 {
-    use Voterpage;
-
     /** @var Page */
     protected $page;
     protected $mediamanager;
@@ -223,7 +221,7 @@ public function read($page)
             http_response_code(404);
             $this->showtemplate(
                 'alertexistnot',
-                ['page' => $this->page, 'canedit' => $this->canedit($this->page), 'subtitle' => Config::existnot()]
+                ['page' => $this->page, 'subtitle' => Config::existnot()]
             );
         }
     }
@@ -315,26 +313,11 @@ public function addascopy(string $page, string $copy)
         }
     }
 
-    public function confirmdelete($page)
-    {
-        $this->setpage($page, 'pageconfirmdelete');
-        if ($this->importpage() && ($this->user->issupereditor() || $this->page->authors() === [$this->user->id()])) {
-            $linksto = new Opt();
-            $linksto->setlinkto($this->page->id());
-            $pageslinkingto = $this->pagemanager->pagetable($this->pagemanager->pagelist(), $linksto);
-            $this->showtemplate('confirmdelete', [
-                'page' => $this->page,
-                'pageexist' => true,
-                'pageslinkingtocount' => count($pageslinkingto),
-            ]);
-        } else {
-            $this->routedirect('pageread', ['page' => $this->page->id()]);
-        }
-    }
-
     public function download($page)
     {
-        if ($this->user->isadmin()) {
+        $this->setpage($page, 'pagedownload');
+
+        if ($this->importpage() && $this->canedit($this->page)) {
             $file = Model::PAGES_DIR . Config::pagetable() . DIRECTORY_SEPARATOR . $page . '.json';
 
             if (file_exists($file)) {
@@ -409,11 +392,31 @@ public function login(string $page)
 
     public function delete($page)
     {
-        $this->setpage($page, 'pagedelete');
+        $this->setpage($page, 'pagecdelete');
+        if ($this->importpage() && $this->candelete($this->page)) {
+            $linksto = new Opt();
+            $linksto->setlinkto($this->page->id());
+            $pageslinkingto = $this->pagemanager->pagetable($this->pagemanager->pagelist(), $linksto);
+            $this->showtemplate('delete', [
+                'page' => $this->page,
+                'pageexist' => true,
+                'pageslinkingtocount' => count($pageslinkingto),
+            ]);
+        } else {
+            $this->routedirect('pageread', ['page' => $this->page->id()]);
+        }
+    }
+
+    public function confirmdelete($page)
+    {
+        $this->setpage($page, 'pageconfirmdelete');
         if ($this->user->iseditor() && $this->importpage()) {
             $this->pagemanager->delete($this->page);
+            $this->routedirect('pageread', ['page' => $this->page->id()]);
+        } else {
+            http_response_code(403);
+            $this->showtemplate('forbidden', ['route' => 'pageread', 'id' => $this->page->id()]);
         }
-        $this->routedirect('home');
     }
 
     public function duplicate(string $page, string $duplicate)

app/class/Routes.php

@@ -80,8 +80,8 @@ public function match()
             ['POST', '/workspace/update', 'Controllerworkspace#update', 'workspaceupdate'],
             ['POST', '/[cid:page]/editby', 'Controllerpage#editby', 'pageeditby'],
             ['POST', '/[cid:page]/removeeditby', 'Controllerpage#removeeditby', 'pageremoveeditby'],
-            ['GET', '/[cid:page]/delete', 'Controllerpage#confirmdelete', 'pageconfirmdelete'],
-            ['POST', '/[cid:page]/delete', 'Controllerpage#delete', 'pagedelete'],
+            ['GET', '/[cid:page]/delete', 'Controllerpage#delete', 'pagedelete'],
+            ['POST', '/[cid:page]/delete', 'Controllerpage#confirmdelete', 'pageconfirmdelete'],
             ['GET', '/[cid:page]/duplicate:[cid:duplicate]', 'Controllerpage#duplicate', 'pageduplicate'],
             ['GET', '/[cid:page]/[*:command]', 'Controllerpage#commandnotfound', 'pageread/etoile'],
         ]);

app/view/templates/alertexistnot.php

@@ -12,7 +12,7 @@
 
 
 
-<?php if ($canedit) { ?>
+<?php if ($user->iseditor()) { ?>
     <p>
         <a href="<?= $this->upage('pageadd', $page->id()) ?>">⭐ Create</a>
     </p>
@@ -22,6 +22,10 @@
         <code><?= $this->upage('pageadd', $page->id()) ?></code>
         directly in your address bar.
     </p>
+
+    <p>
+        <a href="<?= $this->url('home') ?>">🏠 Go back to home</a>
+    </p>
 <?php } ?>
 
 

app/view/templates/edittopbar.php

@@ -35,12 +35,15 @@
         </span>
 
 
-        <span id="delete">
-                <a href="<?= $this->upage('pageconfirmdelete', $page->id()) ?>">
-                    <i class="fa fa-trash"></i>
-                    <span class="text">delete</span>
-                </a>
-        </span>
+        <?php if($this->candeletepage($page)) { ?>
+            <span id="delete">
+                    <a href="<?= $this->upage('pagedelete', $page->id()) ?>">
+                        <i class="fa fa-trash"></i>
+                        <span class="text">delete</span>
+                    </a>
+            </span>
+        <?php } ?>
+
     </span>
     <span class="menu" id="workspacemenu">
 
@@ -52,6 +55,9 @@
         </span>
 
         <span id="highlighttheme">
+            <label for="fontsize">
+                <i class="fa fa-adjust"></i>
+            </label>
             <select name="highlighttheme" form="workspace-form" id="edithighlighttheme">
                 <?= options(Wcms\Workspace::THEMES, $workspace->highlighttheme(), true) ?>
             </select>

app/view/templates/forbidden.php

@@ -5,6 +5,9 @@
 
 <?php $this->start('page') ?>
 
+
+<?php $this->insert('backtopbar', ['user' => $user, 'pagelist' => $pagelist]) ?>
+
 <h1>Forbidden</h1>
 
 <span>

app/view/templates/home.php

@@ -258,7 +258,7 @@
                                 <?php } ?>
                             </td>
                             <td class="edit">
-                                <?php if($user->issupereditor() || in_array($user->id(), $item->authors())) { ?>
+                                <?php if($this->caneditpage($item)) { ?>
                                     <a href="<?= $this->upage('pageedit', $item->id()) ?>">
                                         <i class="fa fa-pencil"></i>
                                     </a>
@@ -270,7 +270,7 @@
                                 </a>
                             </td>
                             <td class="delete">
-                                <?php if($user->issupereditor() || $item->authors() === [$user->id()]) { ?>
+                                <?php if($this->candeletepage($item)) { ?>
                                     <a href="<?= $this->upage('pagedelete', $item->id()) ?>">
                                         <i class="fa fa-trash"></i>
                                     </a>

app/view/templates/userconfirmdelete.php

@@ -39,4 +39,4 @@
 
     <?php
 }
-?>
+?>