liquid_feedback_frontend
annotate app/main/initiative/_action/create.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 3941792e8be6 |
| children | 72c5e0ee7c98 |
| rev | line source |
|---|---|
| bsw/jbe@5 | 1 local tmp = db:query({ "SELECT text_entries_left, initiatives_left FROM member_contingent_left WHERE member_id = ?", app.session.member.id }, "opt_object") |
| bsw/jbe@5 | 2 if tmp then |
| bsw/jbe@5 | 3 if tmp.initiatives_left and tmp.initiatives_left < 1 then |
| bsw/jbe@5 | 4 slot.put_into("error", _"Sorry, your contingent for creating initiatives has been used up. Please try again later.") |
| bsw/jbe@5 | 5 return false |
| bsw/jbe@5 | 6 end |
| bsw/jbe@5 | 7 if tmp.text_entries_left and tmp.text_entries_left < 1 then |
| bsw/jbe@5 | 8 slot.put_into("error", _"Sorry, you have reached your personal flood limit. Please be slower...") |
| bsw/jbe@5 | 9 return false |
| bsw/jbe@5 | 10 end |
| bsw/jbe@5 | 11 end |
| bsw/jbe@5 | 12 |
| bsw/jbe@0 | 13 local issue |
| bsw/jbe@0 | 14 local area |
| bsw/jbe@0 | 15 |
| bsw/jbe@0 | 16 local issue_id = param.get("issue_id", atom.integer) |
| bsw/jbe@0 | 17 if issue_id then |
| bsw/jbe@0 | 18 issue = Issue:new_selector():add_where{"id=?",issue_id}:single_object_mode():exec() |
| bsw/jbe@5 | 19 if issue.closed then |
| bsw/jbe@5 | 20 slot.put_into("error", _"This issue is already closed.") |
| bsw/jbe@5 | 21 return false |
| bsw/jbe@5 | 22 elseif issue.fully_frozen then |
| bsw/jbe@5 | 23 slot.put_into("error", _"Voting for this issue has already begun.") |
| bsw/jbe@5 | 24 return false |
| bsw/jbe@5 | 25 end |
| bsw/jbe@0 | 26 area = issue.area |
| bsw/jbe@0 | 27 else |
| bsw/jbe@0 | 28 local area_id = param.get("area_id", atom.integer) |
| bsw/jbe@0 | 29 area = Area:new_selector():add_where{"id=?",area_id}:single_object_mode():exec() |
| bsw/jbe@0 | 30 end |
| bsw/jbe@0 | 31 |
| bsw/jbe@6 | 32 local name = param.get("name") |
| bsw/jbe@6 | 33 |
| bsw/jbe@6 | 34 local name = util.trim(name) |
| bsw/jbe@6 | 35 |
| bsw/jbe@6 | 36 if #name < 3 then |
| bsw/jbe@6 | 37 slot.put_into("error", _"This name is really too short!") |
| bsw/jbe@6 | 38 return false |
| bsw/jbe@6 | 39 end |
| bsw/jbe@6 | 40 |
| bsw/jbe@0 | 41 local initiative = Initiative:new() |
| bsw/jbe@0 | 42 |
| bsw/jbe@0 | 43 if not issue then |
| bsw@7 | 44 local policy_id = param.get("policy_id", atom.integer) |
| bsw@7 | 45 if not area:get_reference_selector("allowed_policies") |
| bsw@7 | 46 :add_where{ "policy.id = ?", policy_id } |
| bsw@7 | 47 :optional_object_mode() |
| bsw@7 | 48 :exec() |
| bsw@7 | 49 then |
| bsw@7 | 50 error("policy not allowed") |
| bsw@7 | 51 end |
| bsw/jbe@0 | 52 issue = Issue:new() |
| bsw/jbe@0 | 53 issue.area_id = area.id |
| bsw@7 | 54 issue.policy_id = policy_id |
| bsw/jbe@0 | 55 issue:save() |
| bsw/jbe@0 | 56 end |
| bsw/jbe@0 | 57 |
| bsw/jbe@0 | 58 initiative.issue_id = issue.id |
| bsw/jbe@6 | 59 initiative.name = name |
| bsw/jbe@6 | 60 param.update(initiative, "discussion_url") |
| bsw/jbe@0 | 61 initiative:save() |
| bsw/jbe@0 | 62 |
| bsw/jbe@0 | 63 local draft = Draft:new() |
| bsw/jbe@0 | 64 draft.initiative_id = initiative.id |
| bsw/jbe@4 | 65 local formatting_engine = param.get("formatting_engine") |
| bsw/jbe@4 | 66 local formatting_engine_valid = false |
| bsw/jbe@4 | 67 for fe, dummy in pairs(config.formatting_engine_executeables) do |
| bsw/jbe@4 | 68 if formatting_engine == fe then |
| bsw/jbe@4 | 69 formatting_engine_valid = true |
| bsw/jbe@4 | 70 end |
| bsw/jbe@4 | 71 end |
| bsw/jbe@4 | 72 if not formatting_engine_valid then |
| bsw/jbe@4 | 73 error("invalid formatting engine!") |
| bsw/jbe@4 | 74 end |
| bsw/jbe@4 | 75 draft.formatting_engine = formatting_engine |
| bsw/jbe@0 | 76 draft.content = param.get("draft") |
| bsw/jbe@0 | 77 draft.author_id = app.session.member.id |
| bsw/jbe@0 | 78 draft:save() |
| bsw/jbe@0 | 79 |
| bsw/jbe@0 | 80 local initiator = Initiator:new() |
| bsw/jbe@0 | 81 initiator.initiative_id = initiative.id |
| bsw/jbe@0 | 82 initiator.member_id = app.session.member.id |
| bsw/jbe@0 | 83 initiator:save() |
| bsw/jbe@0 | 84 |
| bsw/jbe@0 | 85 local supporter = Supporter:new() |
| bsw/jbe@0 | 86 supporter.initiative_id = initiative.id |
| bsw/jbe@0 | 87 supporter.member_id = app.session.member.id |
| bsw/jbe@0 | 88 supporter.draft_id = draft.id |
| bsw/jbe@0 | 89 supporter:save() |
| bsw/jbe@0 | 90 |
| bsw/jbe@0 | 91 slot.put_into("notice", _"Initiative successfully created") |
| bsw/jbe@0 | 92 |
| bsw/jbe@0 | 93 request.redirect{ |
| bsw/jbe@0 | 94 module = "initiative", |
| bsw/jbe@0 | 95 view = "show", |
| bsw/jbe@0 | 96 id = initiative.id |
| bsw/jbe@0 | 97 } |