liquid_feedback_frontend
view app/main/initiative/_action/create.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 3941792e8be6 |
| children | 72c5e0ee7c98 |
line source
1 local tmp = db:query({ "SELECT text_entries_left, initiatives_left FROM member_contingent_left WHERE member_id = ?", app.session.member.id }, "opt_object")
2 if tmp then
3 if tmp.initiatives_left and tmp.initiatives_left < 1 then
4 slot.put_into("error", _"Sorry, your contingent for creating initiatives has been used up. Please try again later.")
5 return false
6 end
7 if tmp.text_entries_left and tmp.text_entries_left < 1 then
8 slot.put_into("error", _"Sorry, you have reached your personal flood limit. Please be slower...")
9 return false
10 end
11 end
13 local issue
14 local area
16 local issue_id = param.get("issue_id", atom.integer)
17 if issue_id then
18 issue = Issue:new_selector():add_where{"id=?",issue_id}:single_object_mode():exec()
19 if issue.closed then
20 slot.put_into("error", _"This issue is already closed.")
21 return false
22 elseif issue.fully_frozen then
23 slot.put_into("error", _"Voting for this issue has already begun.")
24 return false
25 end
26 area = issue.area
27 else
28 local area_id = param.get("area_id", atom.integer)
29 area = Area:new_selector():add_where{"id=?",area_id}:single_object_mode():exec()
30 end
32 local name = param.get("name")
34 local name = util.trim(name)
36 if #name < 3 then
37 slot.put_into("error", _"This name is really too short!")
38 return false
39 end
41 local initiative = Initiative:new()
43 if not issue then
44 local policy_id = param.get("policy_id", atom.integer)
45 if not area:get_reference_selector("allowed_policies")
46 :add_where{ "policy.id = ?", policy_id }
47 :optional_object_mode()
48 :exec()
49 then
50 error("policy not allowed")
51 end
52 issue = Issue:new()
53 issue.area_id = area.id
54 issue.policy_id = policy_id
55 issue:save()
56 end
58 initiative.issue_id = issue.id
59 initiative.name = name
60 param.update(initiative, "discussion_url")
61 initiative:save()
63 local draft = Draft:new()
64 draft.initiative_id = initiative.id
65 local formatting_engine = param.get("formatting_engine")
66 local formatting_engine_valid = false
67 for fe, dummy in pairs(config.formatting_engine_executeables) do
68 if formatting_engine == fe then
69 formatting_engine_valid = true
70 end
71 end
72 if not formatting_engine_valid then
73 error("invalid formatting engine!")
74 end
75 draft.formatting_engine = formatting_engine
76 draft.content = param.get("draft")
77 draft.author_id = app.session.member.id
78 draft:save()
80 local initiator = Initiator:new()
81 initiator.initiative_id = initiative.id
82 initiator.member_id = app.session.member.id
83 initiator:save()
85 local supporter = Supporter:new()
86 supporter.initiative_id = initiative.id
87 supporter.member_id = app.session.member.id
88 supporter.draft_id = draft.id
89 supporter:save()
91 slot.put_into("notice", _"Initiative successfully created")
93 request.redirect{
94 module = "initiative",
95 view = "show",
96 id = initiative.id
97 }