View Issue Details

IDProjectCategoryView StatusLast Update
0015366phpList 3 applicationTemplate Managementpublic21-06-18 13:05
Reporteradrian15 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Product Version2.10.10 
Target Versionnext majorFixed in Version 
Summary0015366: Add basic template ownership
DescriptionThis patch adds template ownership to phplist.
It means that each admin can create their own templates and one admin cannot see another admin's template.

I copy and paste in "Additional information" field the basic instructions on how to use it.

I am very interested in this patch becoming part of the official phplist.

So I am ready to correct it as many times as it is needed so that it fits the way that you want things to be coded or if it needs to be improved somehow or whatever.

I think I have done a great job because I have also coded the database upgrade part but it's up to you to judge my work so that we can improve it a lot better and add it to official phplist upstream code.

Thank you very much for your attention.

adrian15
Additional InformationPatch instructions

This patch applies for phplist 2.10.10.

Here there are some generic instructions to apply it:

 Instrucciones

In any pc:

Save .diff file on phplist_patrones folder.
Save/Download phplist-2.10.10.tgz (Available at phplist.com webpage)

Inside phplist_patrones folder we make desde_cero folder.
mkdir desde_cero
We enter inside it and untar
cd desde_cero
tar xvzf ../phplist-2.10.10.tgz
Let's apply the patch
patch -p1 < ../phplist_basic_template_ownership_support.diff
We rename the folder :
mv phplist-2.10.10 phplist-2.10.11

We create another tgz file:
tar cvzf phplist-2.10.11.tgz phplist-2.10.11

Now we are going to be able to work with phplist-2.10.11.tgz file.

Now we go to the machine where we want to install or upgrade our new improved with template ownership support phplist.

Optional: With phpmyadmin or a similar tool we can make a database backup in order to recreate it if something fails.

Let's rename the folder /var/www/lists/ (where we can see admin,config,dl.php,... folders/files))and we rename it to lists_old (Do not remove it yet!).
mv /var/www/lists /var/www/lists_old

Let's untar phplist-2.10.11.tgz (Let's suppose that we have saved a copy in the /tmp folder)

cd /tmp
tar xvzf phplist-2.10.11.tgz
cp -r phplist-2.10.11/public_html/lists /var/www

Now we are going to recover our old config file:

cd /var/www/lists/config
cp ../../lists_old/config/config.php config.php

We visit:
http://url/lists/admin/

We login as a super admin (usually admin).

As we are requested we click "upgrade" link.
And we click on "here" link.

We should see: Information: Success

If we already had patterns we should assign them an admin in order to use them.

We can use phpmyadmin for this task. We will check admin table first.
In the admin table we can identify each one of the admin ids (We will use this data later).

We go to template table.

In each one of its rows we will edit the column adminid and we will set it to the id value that we had already seen in the admin table so that each template gets associated an admin.


Note: As you might think if you have too many data you can try to speed things with an appropiated SQL sentence.

Optional: Now it is safe to delete /var/www/lists_old/ but, as always, the best way of doing things is saving a copy of this folder, just in case.
And, of course, remove it from /var/www folder so that the folder cannot be accessed from outside the server.

And that's all.
TagsNo tags attached.

Relationships

related to 0006213 new Template by Owner 
related to 0002743 new Template Ownership 

Activities

16-11-09 20:16

 

phplist_basic_template_ownership_support.diff (10,939 bytes)
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/connect.php src_original/phplist-2.10.10/public_html/lists/admin/connect.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/connect.php	2009-05-05 16:40:48.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/connect.php	2009-11-15 18:17:59.000000000 +0100
@@ -11,7 +11,7 @@
 	$version = "dev";
 }
 
-define("VERSION","2.10.10");
+define("VERSION","2.10.11");
 
 include_once dirname(__FILE__) . "/commonlib/lib/userlib.php";
 include_once dirname(__FILE__) . "/pluginlib.php";
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/lib.php src_original/phplist-2.10.10/public_html/lists/admin/lib.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/lib.php	2009-01-28 13:02:34.000000000 +0100
+++ src_original/phplist-2.10.10/public_html/lists/admin/lib.php	2009-11-15 22:24:36.000000000 +0100
@@ -378,7 +378,8 @@
   if (defined("IN_WEBBLER")) {
     $more = '&pi='.$_GET["pi"];
   }
-  $tmpl = Sql_Fetch_Row_Query(sprintf('select template from %s where id = %d',$tables["template"],$id));
+  $tmpl = Sql_Fetch_Row_Query(sprintf('select template from %s where ((id = %d) and (adminid = %d))',$tables["template"],$id,$adminid));
+  if ($tmpl) {
   $template = stripslashes($tmpl[0]);
   $img_req = Sql_Query(sprintf('select id,filename from %s where template = %d order by filename desc',$tables["templateimage"],$id));
   while ($img = Sql_Fetch_Array($img_req)) {
@@ -406,7 +407,10 @@
   $template = ereg_replace('<form','< form',$template);
   $template = ereg_replace('</form','< /form',$template);
 
-  return $template;
+  return $template; 
+  } else {
+  return FALSE;
+  }
 }
 
 
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/send_core.php src_original/phplist-2.10.10/public_html/lists/admin/send_core.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/send_core.php	2009-03-26 18:18:23.000000000 +0100
+++ src_original/phplist-2.10.10/public_html/lists/admin/send_core.php	2009-11-15 23:02:20.000000000 +0100
@@ -1,7 +1,7 @@
 <?php
 // 2004-1-7  This function really isn't quite ready for register globals.
 require_once dirname(__FILE__).'/accesscheck.php';
-
+$AdminID = $_SESSION["logindetails"]["id"]; // Required for admin-template-ownerswip support
 #initialisation###############
 
 // Verify that FCKeditor is available
@@ -1129,11 +1129,11 @@
   }
   $formatting_content .= '</td></tr>';
 
-  $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
+  $req = Sql_Query("select id,title from {$tables["template"]} where (adminid = $AdminID) order by listorder");
   if (Sql_affected_Rows()) {
     $formatting_content .= '<tr><td>'.Help("usetemplate").' '.$GLOBALS['I18N']->get("usetemplate").': </td>
       <td><select name="template"><option value=0>-- '.$GLOBALS['I18N']->get("selectone").'</option>';
-    $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
+    $req = Sql_Query("select id,title from {$tables["template"]} where (adminid = $AdminID) order by listorder");
     while ($row = Sql_Fetch_Array($req)) {
       $formatting_content .= sprintf('<option value="%d" %s>%s</option>',$row["id"], $row["id"]==$_POST["template"]?'SELECTED':'',$row["title"]);
     }
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/structure.php src_original/phplist-2.10.10/public_html/lists/admin/structure.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/structure.php	2009-05-05 16:40:48.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/structure.php	2009-11-15 18:15:51.000000000 +0100
@@ -1,7 +1,7 @@
 <?php
 require_once dirname(__FILE__).'/accesscheck.php';
 
-define("STRUCTUREVERSION","2.10.10");
+define("STRUCTUREVERSION","2.10.11");
 
 $DBstruct = array( # order of tables is essential for smooth upgrade
     "attribute" => array ( # attributes of a user or a message
@@ -220,7 +220,8 @@
         "title" => array("varchar(255) not null","Title"),
         "template" => array("longblob","The template"),
         "listorder" => array("integer",""),
-        "unique_1" => array("(title)","")
+	"adminid" => array("integer",""),
+	"unique_1" => array("(title,adminid)",""),
     ),
     "templateimage" => array(
         "id" => array("integer not null primary key auto_increment","ID"),
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/template.php src_original/phplist-2.10.10/public_html/lists/admin/template.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/template.php	2007-08-21 21:26:05.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/template.php	2009-11-15 22:01:42.000000000 +0100
@@ -3,6 +3,7 @@
 <?php
 require_once dirname(__FILE__).'/accesscheck.php';
 
+$AdminID = $_SESSION["logindetails"]["id"]; // Required for admin-template-ownerswip support
 if (!empty($_FILES['file_template']) && is_uploaded_file($_FILES['file_template']['tmp_name'])) {
   $content = file_get_contents($_FILES['file_template']['tmp_name']);
 } elseif (isset($_POST['content'])) {
@@ -136,7 +137,7 @@
   }
   if ($templateok) {
     if (!$id) {
-      Sql_Query("insert into {$tables["template"]} (title) values(\"$title\")");
+      Sql_Query("insert into {$tables["template"]} (title,adminid) values(\"$title\",$AdminID)");
       $id = Sql_Insert_id();
     }
     Sql_Query(sprintf('update %s set title = "%s",template = "%s" where id = %d',
@@ -178,8 +179,13 @@
   }
 } else {
   if ($id) {
-    $req = Sql_Query("select * from {$tables["template"]} where id = $id");
+    // Check edited id ownership
+    $req = Sql_Query("select * from {$tables["template"]} where ((adminid = $AdminID) and (id = $id))"  );
+    if (!Sql_Affected_Rows()) {
+      $id=0;
+    } else {
     $data = Sql_Fetch_Array($req);
+    }
   }
 }
 ?>
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/templates.php src_original/phplist-2.10.10/public_html/lists/admin/templates.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/templates.php	2005-08-03 04:37:10.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/templates.php	2009-11-15 19:20:41.000000000 +0100
@@ -1,13 +1,21 @@
 <?php
 require_once dirname(__FILE__).'/accesscheck.php';
 
+$AdminID = $_SESSION["logindetails"]["id"]; // Required for admin-template-ownerswip support
+
 if (isset($_GET['delete'])) {
   # delete the index in delete
   $delete = sprintf('%d',$_GET['delete']);
-  print $GLOBALS['I18N']->get('Deleting')." $delete ...\n";
-  $result = Sql_query("delete from ".$tables["template"]." where id = $delete");
-  $result = Sql_query("delete from ".$tables["templateimage"]." where template = $delete");
-  print "... ".$GLOBALS['I18N']->get('Done')."<br /><hr /><br />\n";
+  print $GLOBALS['I18N']->get('Checking')." $delete ...\n";
+  $req = Sql_Query("select * from {$tables["template"]} where ((adminid = $AdminID) and (id = $delete))"  );  
+  if (!Sql_Affected_Rows()) {
+    print '<p class="error">'.$GLOBALS['I18N']->get("You do not have enough permissions to delete this template.").'</p>';
+  } else {
+    print $GLOBALS['I18N']->get('Deleting')." $delete ...\n";
+    $result = Sql_query("delete from ".$tables["template"]." where id = $delete");
+    $result = Sql_query("delete from ".$tables["templateimage"]." where template = $delete");
+    print "... ".$GLOBALS['I18N']->get('Done')."<br /><hr /><br />\n";
+  }
 }
 if (isset($_POST['defaulttemplate'])) {
   saveConfig('defaultmessagetemplate',sprintf('%d',$_POST['defaulttemplate']));
@@ -19,8 +27,7 @@
 
 
 <?php
-
-$req = Sql_Query("select * from {$tables["template"]} order by listorder");
+$req = Sql_Query("select * from {$tables["template"]} where (adminid = $AdminID) order by listorder");
 if (!Sql_Affected_Rows())
   print '<p class="error">'.$GLOBALS['I18N']->get("No template have been defined").'</p>';
 
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/upgrade.php src_original/phplist-2.10.10/public_html/lists/admin/upgrade.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/upgrade.php	2007-07-16 20:09:37.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/upgrade.php	2009-11-15 18:32:45.000000000 +0100
@@ -345,6 +345,14 @@
   }
   Sql_Query(sprintf('delete from %s where page = "all" or page = "none"',$GLOBALS['tables']['task']));
 
+  switch ($dbversion) {
+      case "2.10.10":
+	Sql_Query(sprintf('alter table %s DROP INDEX title',$tables["template"]));
+	Sql_Query(sprintf('alter table %s ADD adminid INT',$tables["template"]));
+	Sql_Query(sprintf('alter table %s ADD unique (title,adminid)',$tables["template"]));
+        break;
+  }
+
   # mark the database to be our current version
   if ($success) {
     SaveConfig("version",VERSION,0);
diff -urN src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/viewtemplate.php src_original/phplist-2.10.10/public_html/lists/admin/viewtemplate.php
--- src_original_de_verdad/phplist-2.10.10/public_html/lists/admin/viewtemplate.php	2005-08-03 04:37:10.000000000 +0200
+++ src_original/phplist-2.10.10/public_html/lists/admin/viewtemplate.php	2009-11-15 22:34:17.000000000 +0100
@@ -1,18 +1,24 @@
 <?php
 # view template
 require_once dirname(__FILE__).'/accesscheck.php';
-if ($_GET["pi"] && defined("IN_WEBBLER")) {
-  $more = '&pi='.$_GET["pi"];
-}
+$AdminID = $_SESSION["logindetails"]["id"]; // Required for admin-template-ownerswip support
 
-if (!$_GET["embed"]) {
-  print '<iframe src="?page=viewtemplate&embed=yes&omitall=yes&id='.$_GET["id"].$more.'"
-    scrolling="auto" width=100% height=450 margin=0 frameborder=0>
-  </iframe>';
-  print '<p>'.PageLink2("template&id=".$_GET["id"],$GLOBALS['I18N']->get('BackEditTemp')).'</p>';
-} else {
-  ob_end_clean();
-  print previewTemplate($id,$_SESSION["logindetails"]["id"],nl2br($GLOBALS['I18N']->get('TempSample')));
-}
+    // Check edited id ownership
+    $req = Sql_Query("select * from {$tables["template"]} where ((adminid = $AdminID) and (id = {$_GET["id"]}))"  );
+    if (Sql_Affected_Rows()) {
 
+      if ($_GET["pi"] && defined("IN_WEBBLER")) {
+	$more = '&pi='.$_GET["pi"];
+      }
+
+      if (!$_GET["embed"]) {
+	print '<iframe src="?page=viewtemplate&embed=yes&omitall=yes&id='.$_GET["id"].$more.'"
+	  scrolling="auto" width=100% height=450 margin=0 frameborder=0>
+	</iframe>';
+	print '<p>'.PageLink2("template&id=".$_GET["id"],$GLOBALS['I18N']->get('BackEditTemp')).'</p>';
+      } else {
+	ob_end_clean();
+	print previewTemplate($id,$_SESSION["logindetails"]["id"],nl2br($GLOBALS['I18N']->get('TempSample')));
+      }
+    } else print $GLOBALS['I18N']->get('You do not have enough permissions to view this template.');
 ?>

30-11-09 20:11

 

admin_template_ownership_support_svn_r1703.patch (8,508 bytes)
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/lib.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/lib.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/lib.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/lib.php	2009-11-28 15:02:10.000000000 +0100
@@ -377,7 +377,8 @@
   if (defined("IN_WEBBLER")) {
     $more = '&pi='.$_GET["pi"];
   }
-  $tmpl = Sql_Fetch_Row_Query(sprintf('select template from %s where id = %d',$tables["template"],$id));
+  $tmpl = Sql_Fetch_Row_Query(sprintf('select template from %s where ((id = %d) and (adminid = %d))',$tables["template"],$id,$adminid));
+  if ($tmpl) {
   $template = stripslashes($tmpl[0]);
   $img_req = Sql_Query(sprintf('select id,filename from %s where template = %d order by filename desc',$tables["templateimage"],$id));
   while ($img = Sql_Fetch_Array($img_req)) {
@@ -406,6 +407,9 @@
   $template = ereg_replace('</form','< /form',$template);
 
   return $template;
+  } else {
+  return FALSE;
+  }
 }
 
 
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/send_core.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/send_core.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/send_core.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/send_core.php	2009-11-28 15:15:02.000000000 +0100
@@ -1176,11 +1176,11 @@
   }
   $formatting_content .= '</td></tr>';
 
-  $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
+  $req = Sql_Query(sprintf("select id,title from %s where (adminid = %d) order by listorder",$tables["template"],$_SESSION["logindetails"]["id"]));
   if (Sql_Num_Rows($req)) {
     $formatting_content .= '<tr><td>'.Help("usetemplate").' '.$GLOBALS['I18N']->get("usetemplate").': </td>
       <td><select name="template"><option value=0>-- '.$GLOBALS['I18N']->get("selectone").'</option>';
-    $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
+    $req = Sql_Query(sprintf("select id,title from %s where (adminid = %d) order by listorder",$tables["template"],$_SESSION["logindetails"]["id"]));
     while ($row = Sql_Fetch_Array($req)) {
       $formatting_content .= sprintf('<option value="%d" %s>%s</option>',$row["id"], $row["id"]==$_POST["template"]?'SELECTED':'',$row["title"]);
     }
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/structure.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/structure.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/structure.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/structure.php	2009-11-28 15:02:10.000000000 +0100
@@ -198,7 +198,8 @@
           "title" => array("varchar(255) not null","Title"),
           "template" => array("longblob","The template"),
           "listorder" => array("integer",""),
-          "unique_1" => array("(title)","")
+	  "adminid" => array("integer",""),
+	  "unique_1" => array("(title,adminid)",""),
       ),
       "templateimage" => array(
           "id" => array("integer not null primary key auto_increment","ID"),
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/template.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/template.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/template.php	2009-11-28 14:10:14.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/template.php	2009-11-28 15:15:59.000000000 +0100
@@ -136,7 +136,7 @@
   }
   if ($templateok) {
     if (!$id) {
-      Sql_Query("insert into {$tables["template"]} (title) values(\"$title\")");
+      Sql_Query(sprintf("insert into %s (title,adminid) values(\"%s\",%s)",$tables["template"],$title,$_SESSION["logindetails"]["id"]));
       $id = Sql_Insert_Id($tables['template'], 'id');
     }
     Sql_Query(sprintf('update %s set title = "%s",template = "%s" where id = %d',
@@ -178,8 +178,13 @@
   }
 } else {
   if ($id) {
-    $req = Sql_Query("select * from {$tables["template"]} where id = $id");
+    // Check edited id ownership
+    $req = Sql_Query(sprintf("select * from %s where ((adminid = %d) and (id = %d))",$tables["template"],$_SESSION["logindetails"]["id"],$id));
+    if (!Sql_Affected_Rows()) {
+      $id=0;
+    } else {
     $data = Sql_Fetch_Array($req);
+    }
   }
 }
 ?>
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/templates.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/templates.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/templates.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/templates.php	2009-11-28 15:16:46.000000000 +0100
@@ -4,10 +4,16 @@
 if (isset($_GET['delete'])) {
   # delete the index in delete
   $delete = sprintf('%d',$_GET['delete']);
+  print $GLOBALS['I18N']->get('Checking')." $delete ...\n";
+  $req = Sql_Query(sprintf("select * from %s where ((adminid = %d) and (id = %d))",$tables["template"],$_SESSION["logindetails"]["id"],$delete));  
+  if (!Sql_Affected_Rows()) {
+    print '<p class="error">'.$GLOBALS['I18N']->get("You do not have enough permissions to delete this template.").'</p>';
+  } else {
   print $GLOBALS['I18N']->get('Deleting')." $delete ...\n";
   $result = Sql_query("delete from ".$tables["template"]." where id = $delete");
   $result = Sql_query("delete from ".$tables["templateimage"]." where template = $delete");
   print "... ".$GLOBALS['I18N']->get('Done')."<br /><hr /><br />\n";
+  }
 }
 if (isset($_POST['defaulttemplate'])) {
   saveConfig('defaultmessagetemplate',sprintf('%d',$_POST['defaulttemplate']));
@@ -20,7 +26,7 @@
 
 <?php
 
-$req = Sql_Query("select * from {$tables["template"]} order by listorder");
+$req = Sql_Query(sprintf("select * from %s where (adminid = %d) order by listorder",$tables["template"],$_SESSION["logindetails"]["id"]));
 if (!Sql_Affected_Rows())
   print '<p class="error">'.$GLOBALS['I18N']->get("No template have been defined").'</p>';
 
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/upgrade.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/upgrade.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/upgrade.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/upgrade.php	2009-11-28 15:02:10.000000000 +0100
@@ -336,6 +336,11 @@
       if ($minor < 11 || ($minor == 11 && $sub < 4)) {
         Sql_Query(sprintf('alter table %s add column category varchar(255) default ""',$tables['list']));
       }
+      if ($minor < 11 || ($minor == 11 && $sub < 5)) {
+	Sql_Query(sprintf('alter table %s DROP INDEX title',$tables["template"]));
+	Sql_Query(sprintf('alter table %s ADD adminid INT',$tables["template"]));
+	Sql_Query(sprintf('alter table %s ADD unique (title,adminid)',$tables["template"]));
+      }
       break;
   }
 
diff -urN svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/viewtemplate.php svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/viewtemplate.php
--- svn_r1703_sin_punto_svn/phplist/public_html/lists/admin/viewtemplate.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_aplicar_admin_template_ownership/phplist/public_html/lists/admin/viewtemplate.php	2009-11-28 15:17:49.000000000 +0100
@@ -1,6 +1,9 @@
 <?php
 # view template
 require_once dirname(__FILE__).'/accesscheck.php';
+// Check edited id ownership
+$req = Sql_Query(sprintf("select * from %s where ((adminid = %d) and (id = %d))",$tables["template"],$_SESSION["logindetails"]["id"],$_GET["id"]));
+if (Sql_Affected_Rows()) {
 if ($_GET["pi"] && defined("IN_WEBBLER")) {
   $more = '&pi='.$_GET["pi"];
 }
@@ -14,5 +17,5 @@
   ob_end_clean();
   print previewTemplate($id,$_SESSION["logindetails"]["id"],nl2br($GLOBALS['I18N']->get('TempSample')));
 }
-
+} else print $GLOBALS['I18N']->get('You do not have enough permissions to view this template.');
 ?>

adrian15

30-11-09 20:12

reporter   ~0050794

I have uploaded a patch which applies to the revision 1703 from the svn.

This way it will be easier for phplist developers to apply this new feature for next releases.

Do you need that the patch is improved in any way?

Please tell me.

Thank you.

adrian15

solmar

28-01-11 14:12

reporter   ~0051158

Adrian, I can test your patch on Phplist 2.11.5.

Two preliminary questions:
- Instructions appear to be for a specific language ("phplist_patrones", "desde_cero"). Can you provide them for the standard PHPlist installation?
- I prefer to apply modifications to PHP and database manually, to get a better understanding. Can you provide the commented file alterations and queries?

adrian15

28-01-11 17:47

reporter   ~0051159

These two folders phplist_patrones and desde_cero are just temporary folders and apply to standard phplist installation. They are just there to help the built of a tar.gz file.

Just reading my patch I can just explain what I did in more detail:
------------
* lists/admin/upgrade.php

Here you have the table modification so that template table has one more column named: adminid which helps to bind template to admin user. In order not to have problems we says that the pair (title,adminid) is unique.

As long as you say that you want to test in 2.11.5 you should probably change:

$sub < 5 and put $sub < 6

so that you can change in other parts of the phplist code the phplist version and upgrade from 2.11.5 to this special 2.11.6 version.

* /lists/admin/structure.php

This is the place where I redefine the way that phplist understands the template table internally. I suppose it is intented this way so that phplist not only connects to mysql but other DBMS.

* lists/admin/lib.php
* lists/admin/send_core.php
* lists/admin/template.php
This instruction which fetched some templates now fetches these same templates but filtering them so that their are owned by adminid (the extra column at template table)


* lists/admin/templates.php
* lists/admin/viewtemplate.php
Same thing and I have added a message showing permissions error message.

------------

Anyways I was supporting this patch but our automated installations in different folder and databases make kind of unnecessary this patch. So I will probably not include it on my svn submits.

If you like it go ahead and improve it.

E.g.: I think it is missing an superadmin page where you can assign templates to admins thanks to some dropdowns.

adrian15

solmar

04-06-11 17:25

reporter   ~0051361

Hi Adrian

Tested your patch with Phplist 2.11.5 and it works. Sorry for taking an age.
I think templae ownership is an useful step towards a fully multi-user Phplist, so Michiel should really get your code into the official release.

These are the problems that we encountered and solved:
- After patching: Login > Phplist > upgrade page maintains that the db is "up to date", though the db check page says table "template" misses field "adminid".
- So we ran the SQL queries manually.
- To prevent the use of Phpmyadmin to assign existing templates, it would be nice to have an "assign template" permission. In template editing page, admins with this permission see a dropdown that lists available accounts.

SomethingWicked

22-08-13 13:40

reporter   ~0052210

Hello. Any chance that the integration of this modification into the the new 3.0.2 release works?

solmar

26-08-13 21:58

reporter   ~0052217

I do not know as we are not using version 3 yet.

SomethingWicked

27-08-13 07:00

reporter   ~0052218

I tried yesterday and it seems to work so far :) If I bump on any bug I'll report it here.

gingerling

17-06-14 10:17

manager   ~0053954

Hey, I had this starred in my inbox, I think I was waiting to finish the developer instructions. So, so submit "a patch" to phpList like this, there is some info here: http://community.phplist.com/development/

The preferred route is for you to use github (or git). Fork the phpList 3 repository, add your code, make a pull request and then link the pull on this mantis bug :)

We are still new to this process, but it will federate the development process of phpList a whole load which is great! I wonder if we could try it for this great patch?