1<?php 2/** 3 * DokuWiki Plugin struct (Action Component) 4 * 5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6 * @author Andreas Gohr, Michael Große <dokuwiki@cosmocode.de> 7 */ 8 9// must be run within Dokuwiki 10use dokuwiki\plugin\struct\meta\AccessTable; 11use dokuwiki\plugin\struct\meta\Column; 12use dokuwiki\plugin\struct\meta\AccessTableData; 13use dokuwiki\plugin\struct\meta\StructException; 14use dokuwiki\plugin\struct\meta\Validator; 15 16if(!defined('DOKU_INC')) die(); 17 18/** 19 * Class action_plugin_struct_inline 20 * 21 * Handle inline editing 22 */ 23class action_plugin_struct_inline extends DokuWiki_Action_Plugin { 24 25 /** @var AccessTableData */ 26 protected $schemadata = null; 27 28 /** @var Column */ 29 protected $column = null; 30 31 /** @var String */ 32 protected $pid = ''; 33 34 /** 35 * Registers a callback function for a given event 36 * 37 * @param Doku_Event_Handler $controller DokuWiki's event controller object 38 * @return void 39 */ 40 public function register(Doku_Event_Handler $controller) { 41 $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax'); 42 } 43 44 /** 45 * @param Doku_Event $event 46 * @param $param 47 */ 48 public function handle_ajax(Doku_Event $event, $param) { 49 $len = strlen('plugin_struct_inline_'); 50 if(substr($event->data, 0, $len) != 'plugin_struct_inline_') return; 51 $event->preventDefault(); 52 $event->stopPropagation(); 53 54 if(substr($event->data, $len) == 'editor') { 55 $this->inline_editor(); 56 } 57 58 if(substr($event->data, $len) == 'save') { 59 try { 60 $this->inline_save(); 61 } catch(StructException $e) { 62 http_status(500); 63 header('Content-Type: text/plain; charset=utf-8'); 64 echo $e->getMessage(); 65 } 66 } 67 68 if(substr($event->data, $len) == 'cancel') { 69 $this->inline_cancel(); 70 } 71 } 72 73 /** 74 * Creates the inline editor 75 */ 76 protected function inline_editor() { 77 // silently fail when editing not possible 78 if(!$this->initFromInput()) return; 79 if(auth_quickaclcheck($this->pid) < AUTH_EDIT) return; 80 if(checklock($this->pid)) return; 81 82 // lock page 83 lock($this->pid); 84 85 // output the editor 86 $value = $this->schemadata->getDataColumn($this->column); 87 echo '<label data-column="'.hsc($this->column->getFullQualifiedLabel()).'">'; 88 echo $value->getValueEditor('entry'); 89 echo '</label>'; 90 $hint = $this->column->getType()->getTranslatedHint(); 91 if($hint) { 92 echo '<div class="hint">'; 93 echo hsc($hint); 94 echo '</div>'; 95 } 96 97 // csrf protection 98 formSecurityToken(); 99 } 100 101 /** 102 * Save the data posted by the inline editor 103 */ 104 protected function inline_save() { 105 global $INPUT; 106 107 // check preconditions 108 if(!$this->initFromInput()) { 109 throw new StructException('inline save error: init'); 110 } 111 self::checkCSRF(); 112 if(!$this->schemadata->getSchema()->isLookup()) { 113 $this->checkPage(); 114 } 115 116 // validate 117 $value = $INPUT->param('entry'); 118 $validator = new Validator(); 119 if(!$validator->validateValue($this->column, $value)) { 120 throw new StructException(join("\n", $validator->getErrors())); 121 } 122 123 // current data 124 $tosave = $this->schemadata->getDataArray(); 125 $tosave[$this->column->getLabel()] = $value; 126 127 // save 128 if($this->schemadata->getSchema()->isLookup()) { 129 $revision = 0; 130 } else { 131 $revision = helper_plugin_struct::createPageRevision($this->pid, 'inline edit'); 132 } 133 $this->schemadata->setTimestamp($revision); 134 try { 135 if(!$this->schemadata->saveData($tosave)) { 136 throw new StructException('saving failed'); 137 } 138 } finally { 139 // unlock (unlocking a non-existing file is okay, 140 // so we don't check if it's a lookup here 141 unlock($this->pid); 142 } 143 144 // reinit then render 145 $this->initFromInput(); 146 $value = $this->schemadata->getDataColumn($this->column); 147 $R = new Doku_Renderer_xhtml(); 148 $value->render($R, 'xhtml'); // FIXME use configured default renderer 149 echo $R->doc; 150 } 151 152 153 154 /** 155 * Unlock a page (on cancel action) 156 */ 157 protected function inline_cancel() { 158 global $INPUT; 159 $pid = $INPUT->str('pid'); 160 unlock($pid); 161 } 162 163 /** 164 * Initialize internal state based on input variables 165 * 166 * @return bool if initialization was successfull 167 */ 168 protected function initFromInput() { 169 global $INPUT; 170 171 $this->schemadata = null; 172 $this->column = null; 173 174 $pid = $INPUT->str('pid'); 175 list($table, $field) = explode('.', $INPUT->str('field')); 176 if(blank($pid)) return false; 177 if(blank($table)) return false; 178 if(blank($field)) return false; 179 180 $this->pid = $pid; 181 try { 182 $this->schemadata = AccessTable::byTableName($table, $pid); 183 } catch(StructException $ignore) { 184 return false; 185 } 186 187 $this->column = $this->schemadata->getSchema()->findColumn($field); 188 if(!$this->column || !$this->column->isVisibleInEditor()) { 189 $this->schemadata = null; 190 $this->column = null; 191 return false; 192 } 193 194 return true; 195 } 196 197 /** 198 * Checks if a page can be edited 199 * 200 * @throws StructException when check fails 201 */ 202 protected function checkPage() { 203 if(!page_exists($this->pid)) { 204 throw new StructException('inline save error: no such page'); 205 } 206 if(auth_quickaclcheck($this->pid) < AUTH_EDIT) { 207 throw new StructException('inline save error: acl'); 208 } 209 if(checklock($this->pid)) { 210 throw new StructException('inline save error: lock'); 211 } 212 } 213 214 /** 215 * Our own implementation of checkSecurityToken because we don't want the msg() call 216 * 217 * @throws StructException when check fails 218 */ 219 protected static function checkCSRF() { 220 global $INPUT; 221 if( 222 $INPUT->server->str('REMOTE_USER') && 223 getSecurityToken() != $INPUT->str('sectok') 224 ) { 225 throw new StructException('CSRF check failed'); 226 } 227 } 228 229} 230