liquid_feedback_frontend
view app/main/member/_show_thumb.lua.orig @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 80c215dbf076 |
| children |
line source
1 local member = param.get("member", "table")
3 local issue = param.get("issue", "table")
4 local initiative = param.get("initiative", "table")
5 local trustee = param.get("trustee", "table")
7 local name
8 if member.name_highlighted then
9 name = encode.highlight(member.name_highlighted)
10 else
11 name = encode.html(member.name)
12 end
14 ui.container{
15 attr = { class = "member_thumb" },
16 content = function()
17 ui.container{
18 attr = { class = "flags" },
19 content = function()
20 if (issue or initiative) and member.weight > 1 then
21 local module
22 if issue then
23 module = "interest"
24 elseif initiative then
25 module = "supporter"
26 end
27 ui.link{
28 attr = { title = _"Number of incoming delegations, follow link to see more details" },
29 content = _("+ #{weight}", { weight = member.weight - 1 }),
30 module = module,
31 view = "show_incoming",
32 params = {
33 member_id = member.id,
34 initiative_id = initiative and initiative.id or nil,
35 issue_id = issue and issue.id or nil
36 }
37 }
38 end
39 -- TODO performance
40 local contact = Contact:by_pk(app.session.member.id, member.id)
41 if contact then
42 ui.image{
43 attr = {
44 alt = _"You have saved this member as contact",
45 title = _"You have saved this member as contact"
46 },
47 static = "icons/16/bullet_disk.png"
48 }
49 end
50 end
51 }
53 ui.link{
54 attr = { title = _"Show member" },
55 module = "member",
56 view = "show",
57 id = member.id,
58 content = function()
59 execute.view{
60 module = "member_image",
61 view = "_show",
62 params = {
63 member = member,
64 image_type = "avatar",
65 show_dummy = true
66 }
67 }
68 end
69 }
71 ui.link{
72 attr = { title = _"Show member" },
73 module = "member",
74 view = "show",
75 id = member.id,
76 content = function()
77 ui.container{
78 attr = { class = "member_name" },
79 content = function()
80 slot.put(name)
81 end
82 }
83 end
84 }
85 end
86 }