s4
changeset 16:636df1c1bdf2
Track group by rowid in URLs
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Tue, 21 Jul 2015 14:38:21 +0900 |
| parents | 5e75802f2f0b |
| children | 01f579d2c889 |
| files | y4-blog.sh y4-funcs.sh y4.cgi |
| diffstat | 3 files changed, 74 insertions(+), 30 deletions(-) [+] |
line diff
1.1 --- a/y4-blog.sh Tue Jul 21 14:37:00 2015 +0900 1.2 +++ b/y4-blog.sh Tue Jul 21 14:38:21 2015 +0900 1.3 @@ -284,7 +284,7 @@ 1.4 1.5 blog_addentry() { 1.6 # $1=GRPname(if it is a group) 1.7 - grp=$1 1.8 + grprowid=$1 1.9 rowid=`getpar rowid` 1.10 err ba: rowid=$rowid 1.11 #if [ -z "$rowid" ]; then 1.12 @@ -293,8 +293,9 @@ 1.13 listing=$user guide="[個人]" 1.14 #listing代入は rowid 時でもするべき 1.15 else 1.16 - if isgroup $1; then 1.17 - listing=$1 guide="[${1}]" GF_OWNER=$1 1.18 + grp=`getgroupbyid $grprowid` 1.19 + if [ -n "$grp" ]; then 1.20 + listing=$1 guide="[${grp}]" GF_OWNER=$grp 1.21 else 1.22 echo "<p>無効なグループ指定です。</p>" 1.23 return 1.24 @@ -355,7 +356,8 @@ 1.25 if isuser "$owner"; then 1.26 subtitle="`gecos $owner` さんの話題" 1.27 else 1.28 - subtitle="<a href=\"?grp+$owner\">`gecos $owner`</a> での話題" 1.29 + grprowid=`query "select rowid from grp where gname=\"$owner\";"` 1.30 + subtitle="<a href=\"?grp+$grprowid\">`gecos $owner`</a> での話題" 1.31 fi 1.32 if [ -z "$title" ]; then 1.33 echo "<p>日記番号指定が無効です。</p>"
2.1 --- a/y4-funcs.sh Tue Jul 21 14:37:00 2015 +0900 2.2 +++ b/y4-funcs.sh Tue Jul 21 14:38:21 2015 +0900 2.3 @@ -16,7 +16,7 @@ 2.4 layout=$templ/default 2.5 formdir=$templ/form 2.6 imgdir=img 2.7 -url=${URL:-"${REQUEST_SCHEME}://$HTTP_HOST$REQUEST_URI"} 2.8 +url=${URL:-"${REQUEST_SCHEME:-http${HTTPS:+s}}://$HTTP_HOST$REQUEST_URI"} 2.9 urlbase=${url%%\?*} 2.10 msg=$templ/msg 2.11 timeout="+2 days" 2.12 @@ -311,20 +311,30 @@ 2.13 } 2.14 ismember() { 2.15 # $1=user, $2=group 2.16 -err ismem: "select user from grp_mem where gname='$2' and user='$1';" 2.17 - test -n "`query \"select user from grp_mem where gname='$2' and user='$1';\"`" 2.18 +err ismem: "select user from grp_mem where gname=$(sqlquote $2) and user='$1';" 2.19 + test -n "`query \"select user from grp_mem where gname=$(sqlquote $2) and user='$1';\"`" 2.20 } 2.21 isuser() { # Check if $1 is a valid user 2.22 test -n "`query \"select name from user where name='$1';\"`" 2.23 } 2.24 isgroup() { # Check if $1 is a valid group 2.25 - test -n "`query \"select gname from grp where gname='$1';\"`" 2.26 + err isgroup: "select gname from grp where gname=$(sqlquote $1);" 2.27 + test -n "`query \"select gname from grp where gname=$(sqlquote $1);\"`" 2.28 } 2.29 -isgrpowner() { 2.30 +isgrpowner() ( 2.31 # $1=user, $2=group 2.32 - test -n "`query \"select user from grp_adm 2.33 - where gname='$2' and user='$1';\"`" 2.34 -} 2.35 + gn=`sqlquote "$2"` 2.36 + sql="select user from grp_adm where gname=$gn and user='$1';" 2.37 + err isgrpowner: $sql 2.38 + test -n "`query $sql`" 2.39 +) 2.40 +getgroupbyid() ( 2.41 + # $1=id|gname 2.42 + sql="select coalesce((select gname from grp where gname=$(sqlquote $1)), 2.43 + (select gname from grp where rowid=$(sqlquote $1)));" 2.44 +err ggbyid: `echo $sql` 2.45 + query $sql 2.46 +) 2.47 isfilereadable() { # $1=user $2=tbl $3=rowid 2.48 # Return true if user($1) can read attachment files in tbl($2):rowid($3) 2.49 [ -z "$1" -o -z "$2" -o -z "$3" ] && return 1 # invalid argument 2.50 @@ -384,22 +394,30 @@ 2.51 fi 2.52 } 2.53 gecos() ( 2.54 - u=${1:-$user} 2.55 + u=`sqlquote ${1:-$user}` 2.56 #gecos=`query "select val from user_s where name='$u' and key='gecos';"` 2.57 - sql="select case when (select name from user where name='$u') is not null 2.58 - then (select val from user_s where name='$u' and key='gecos') 2.59 - when (select gname from grp where gname='$u') is not null 2.60 - then (select val from grp_s where gname='$u' and key='gecos') 2.61 - else '$u' 2.62 + sql="select case when (select name from user where name=$u) is not null 2.63 + then (select val from user_s where name=$u and key='gecos') 2.64 + when (select gname from grp where gname=$u) is not null 2.65 + then (select val from grp_s where gname=$u and key='gecos') 2.66 + else $u 2.67 end;" 2.68 query "$sql" 2.69 ) 2.70 +setpar() { 2.71 + query "replace into par values('$session', '$1', '$2', \"$3\");" 2.72 +} 2.73 +replpar() { 2.74 + query "update par set val=\"$3\" where sessid='$session' and var='$1' and type='$2';" 2.75 +} 2.76 getpar() { 2.77 err getpar: "select val from par where var='$1' and sessid='$session' $2;" 2.78 val=`query "select val from par where var='$1' and sessid='$session' $2;"` 2.79 +err getpar/val1: "val=[$val]" 2.80 if [ -z "$val" ]; then 2.81 val=`query "select val from cookie where var='$1' and sessid='$session' $2;"` 2.82 fi 2.83 +err getpar/val2: "val=[$val]" 2.84 case "$var" in 2.85 owner) 2.86 if [ x"$user" = x"$val" ]; then 2.87 @@ -408,6 +426,7 @@ 2.88 echo $val; return 2.89 fi ;; 2.90 esac 2.91 +err getpar/ret: "val=[$val]" 2.92 echo "$val" 2.93 } 2.94 2.95 @@ -964,7 +983,7 @@ 2.96 k=${us%%\=*} 2.97 #echo u=$us 2.98 #v="`echo ${us#*=}|nkf -Ww -mQ|sed -e 's/\"/\"\"/g'`" 2.99 - v="`echo ${us#*=}|unhexize`" 2.100 + v="`echo ${us#*=}|unhexize|sed -e 's/\"/\"\"/g'`" 2.101 # err k=$k v=$v 2.102 case "$k" in 2.103 *:filename) 2.104 @@ -980,7 +999,8 @@ 2.105 type='string' 2.106 ;; 2.107 esac 2.108 - sq $db "replace into par values('$session', '$k', '$type', \"$v\")" 2.109 + #sq $db "replace into par values('$session', '$k', '$type', \"$v\")" 2.110 + setpar "$k" "$type" "$v" 2.111 done 2.112 ;; 2.113 *) 2.114 @@ -1085,8 +1105,10 @@ 2.115 GF_ACTION="?home" edittable "$formdir/user.def" "user" "$user" 2.116 } 2.117 groupconf() { 2.118 + # $1=rowid in grp (2015-07-21 changed from gname) 2.119 m4 -D_BODYCLASS_=groupconf -D_TITLE_="グループ情報編集" $layout/html.m4.html 2.120 - rowid=`query "select rowid from grp where gname='$1';"` 2.121 + #rowid=`query "select rowid from grp where gname='$1';"` 2.122 + rowid=${1%%[!A-Z0-9a-z_]*} 2.123 err gcon \$1=$1 rowid=$rowid 2.124 GF_ACTION="?grp+$1" edittable "$formdir/grp.def" "grp" "$rowid" 2.125 } 2.126 @@ -1173,7 +1195,7 @@ 2.127 else # if group 2.128 hrb="$myname?grp" 2.129 deficon=person-default.png 2.130 - entity="グループ" tbl=grp link=gname nm=gname stage=grps 2.131 + entity="グループ" tbl=grp link=rowid nm=gname stage=grps 2.132 tagline=`grep :tag: $formdir/grp.def|cut -d: -f5-` 2.133 if [ -n "$tagline" ]; then 2.134 tagconv=`echo $tagline|sed 's/\([^= :]*\)=\([^= :]*\)/-D\2=\1/g'` 2.135 @@ -1189,9 +1211,11 @@ 2.136 fi 2.137 2.138 # XX: これ複雑すぎるかな。もっとシンプルにしたい。$3条件も。2015-07-08 2.139 + qgrp=`sqlquote $grp` 2.140 + qgrp=${qgrp:-'""'} 2.141 sql="select a.rowid, a.$link, coalesce(b.gecos, a.$nm) as nick, b.tag, 2.142 case when a.$nm in (select user from grp_adm 2.143 - where gname='$grp') then '(管理者)' -- from group mode 2.144 + where gname=$qgrp) then '(管理者)' -- from group mode 2.145 when '$user' in (select user from grp_adm where gname=a.$nm) 2.146 then '(ADMIN)' 2.147 when '$iamowner' = '' then '' 2.148 @@ -1203,6 +1227,7 @@ 2.149 from ${tbl}_s group by $nm) 2.150 b on a.$nm=b.name $cond $3 2.151 order by b.tag desc, a.rowid asc" 2.152 +err LE:sql.1="$sql" 2.153 total=`query "with x as ($sql) select count(*) from x;"` 2.154 echo "<h2>${entity} 一覧</h2>" 2.155 if [ $total -gt $limit ]; then 2.156 @@ -1239,7 +1264,8 @@ 2.157 2.158 query "$sql limit $limit ${offset:+offset $offset};" \ 2.159 | while IFS='|' read id lnk name tag ownerp; do 2.160 -err name=$name owner=$ownerp 2.161 +err name=$name owner=$ownerp lnk=$lnk 2.162 +err newlnk=$lnk 2.163 files=`getvalbyid $tbl profimg $id $dir` 2.164 # Pick up only first icon 2.165 echo "<div class=\"iconlist xy$thumbxy\"><p class=\"tag _$tag\">$tag</p>" \ 2.166 @@ -1262,12 +1288,14 @@ 2.167 } 2.168 showgroup() { 2.169 grp=$1 2.170 +err showgroup1: grp=$grp qgrp="[$(sqlquote $grp)]" 2.171 2.172 gname=`getpar gname` 2.173 if [ -n "$gname" ]; then 2.174 - err REMOVING::::::: 2.175 + err UPdating/Removing of group::::::: 2.176 par2table $formdir/grp.def 2.177 fi 2.178 +err showgroup2: grp=$grp qgrp="[$(sqlquote $grp)]" 2.179 if isgroup "$grp"; then 2.180 showgroupsub $formdir/grp.def "$grp" | \ 2.181 m4 -D_TITLE_="グループ $grp" \ 2.182 @@ -1281,20 +1309,22 @@ 2.183 showgroupsub() { 2.184 # $1=def-file $2=group 2.185 grp=$2 2.186 - rowid=`sq $db "select rowid from grp where gname='$grp'"` 2.187 + qgrp=`sqlquote $grp` 2.188 + rowid=`sq $db "select rowid from grp where gname=$qgrp"` 2.189 if [ -z "$rowid" ]; then 2.190 rowid=`sq $db "select rowid from grp where rowid=$grp"` 2.191 grp=`sq $db "select gname from grp where rowid=$grp"` 2.192 fi 2.193 + mmgrp=`echo "$grp"|nkf -Ww -MQ|tr '=' '%'` 2.194 val=`getvalbyid grp profimg $rowid $tmpd` 2.195 # 6/14の次グループのHOMEで出す情報を作る Done 2.196 viewtable $1 grp $rowid 2.197 if isgrpowner "$user" "$grp"; then 2.198 - echo "<p><a href=\"?groupconf+$grp\">グループ情報の編集</a>" 2.199 + echo "<p><a href=\"?groupconf+$rowid\">グループ情報の編集</a>" 2.200 iamowner=$grp 2.201 fi 2.202 if ismember "$user" "$grp"; then 2.203 - echo "${iamowner:+ / }<a href=\"?blog+$grp\">グループの新規話題作成</a></p>" 2.204 + echo "${iamowner:+ / }<a href=\"?blog+$rowid\">グループの新規話題作成</a></p>" 2.205 fi 2.206 # 加入ボタン + 加入者リスト 2.207 err ismember $user $grp 2.208 @@ -1329,7 +1359,7 @@ 2.209 DT_VIEW=replyblog dumptable html blog 'ctime title heading' "$cond" 2.210 2.211 c="group by b.name having b.name in (select user from grp_mem where gname='$grp')" 2.212 - cm="?commission+$grp" 2.213 + cm="?commission+$mmgrp" 2.214 thumbxy=50x50 listmember "" "$c" \ 2.215 |sed -e "s|\(<br>\),not=\(.*\)|\1<a href=\"$cm+\2\">管理者委託</a>|" 2.216 } 2.217 @@ -1337,6 +1367,7 @@ 2.218 # $1=group $2=user $3=yes/no $4=email(if any $5=AsAdmin) 2.219 err joingrp: \$1=$1 \$2=$2 \$3=$3 \$4=$4 2.220 isgrpowner "$user" "$1" && isowner="yes" || isowner="" 2.221 +err jg:isgrpowner: isowner="$isowner" 2.222 if [ x"$2" != x"$user" ]; then # if user is not login user 2.223 if [ -z "$isowner" ; then 2.224 echo "<p>本人か、グループ管理者しか加入操作はできません。</p>"
3.1 --- a/y4.cgi Tue Jul 21 14:37:00 2015 +0900 3.2 +++ b/y4.cgi Tue Jul 21 14:38:21 2015 +0900 3.3 @@ -56,12 +56,21 @@ 3.4 contenttype; echo 3.5 gname=`getpar gname` 3.6 if [ -n "$gname" ]; then 3.7 + #gname=${gname%%[!-A-Z0-9a-z_.!#$%^&()=:/*]*} 3.8 + newgname=`echo "$gname"|tr -dc '\-0-9A-Za-z#=:/_.,'` 3.9 + if [ x"$newgname" != x"$gname" ]; then 3.10 + err NewGNAME: gname=$newgname 3.11 + echo "<p>使用禁止文字を除去し $gname としました。</p>" 3.12 + gname=$newgname 3.13 + fi 3.14 + replpar gname string "$gname" 3.15 par2table $formdir/grp.def 3.16 joingrp "$gname" "$user" yes "$user" as-admin 3.17 fi 3.18 GF_STAGE=groupman 3.19 + note="<p>グループ名に使用できない文字は自動的に削除されます。</p>" 3.20 m4 -D_TITLE_="グループ作成" \ 3.21 - -D_FORM_="`genform $formdir/grp.def`" \ 3.22 + -D_FORM_="$note`genform $formdir/grp.def`" \ 3.23 -D_DUMPTABLE_="`DT_VIEW=grp dumptable html grp 'gname gecos:DESC mtime:TIME' 'order by b.TIME desc'`" \ 3.24 $layout/html.m4.html $layout/groupman.m4.html 3.25 ;; 3.26 @@ -108,6 +117,8 @@ 3.27 contenttype; echo 3.28 gpg=`getpar grp` 3.29 grp=${2:-$gpg} 3.30 + grp=`getgroupbyid "$grp"` 3.31 +err grp: getpar-grp"(gpg)=[$grp]" 3.32 ## . ./y4-blog.sh 3.33 jg=`getpar joingrp` 3.34 if [ -n "$jg" ]; then