From 0148da9e696e35e4f081cee215390eadacc6ad6e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Thu, 30 Sep 2021 18:09:16 +0200 Subject: [PATCH] smarter update_video function, permission check when displaying video pages --- page_video.sh | 63 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/page_video.sh b/page_video.sh index bf4ec8a..1da7f0b 100644 --- a/page_video.sh +++ b/page_video.sh @@ -9,6 +9,7 @@ if [ "$video" -a -f "$vid_db" -a -r "$vid_db" ]; then if [ "$VIDEO_ID" ]; then VIDEO_NAME="$(UNSTRING "$VIDEO_NAME")" VIDEO_DESCRIPTION="$(UNSTRING "$VIDEO_DESCRIPTION")" + VIDEO_COVER="$(UNSTRING "$VIDEO_COVER")" VIDEO_DESCR_CACHE="$(UNSTRING "$VIDEO_DESCR_CACHE")" else video='' @@ -19,21 +20,45 @@ fi # ID NAME DESCRIPTION RESX RESY LENGTH COVER STATUS (void|private|hidden|public) UPLOADER HITS DESCR_CACHE FUTUREUSE update_video(){ - local id="${1}" name="${2}" description="${3}" resx="${4}" resy="${5}" \ - length="${6}" cover="${7}" status="${8}" uploader="${9}" \ - hits="${10}" descr_cache="${11}" futureuse="${12}" - local ID INFO + local id="${1}" name description resx resy length cover status uploader \ + hits descr_cache futureuse + local ID NAME DESCRIPTION RESX RESY LENGTH COVER STATUS UPLOADER HITS \ + DESCR_CACHE FUTUREUSE + local arg + + for arg in "$@"; do case $arg in + name=*) name="${arg#*=}";; + description=*) description="${arg#*=}";; + resx=*) resx="${arg#*=}";; + resy=*) resy="${arg#*=}";; + length=*) length="${arg#*=}";; + cover=*) cover="${arg#*=}";; + status=*) status="${arg#*=}";; + uploader=*) uploader="${arg#*=}";; + hits=*) hits="${arg#*=}";; + esac; done if LOCK "$vid_db"; then - while read -r ID INFO; do + while read -r ID NAME DESCRIPTION RESX RESY LENGTH COVER STATUS UPLOADER HITS \ + DESCR_CACHE FUTUREUSE; do if [ "$id" = "$ID" ]; then - # ID NAME DESCRIPTION RESX RESY LENGTH COVER STATUS UPLOADER HITS DESCR_CACHE FUTUREUSE printf '%s %s %s %i %i %i %s %s %s %i %s %s\n' \ - "$id" "$(STRING "$name")" "$(STRING "$description")" "$resx" "$resy" "$length" \ - "$(STRING "$cover")" "${status:-void}" "${uploader:-\\}" "$hits" \ - "$(printf %s "$description" |markdown |STRING)" "${futureuse:-\\}" + "$id" "$(STRING "${name-$(UNSTRING "$NAME")}")" \ + "$(STRING "${description-$(UNSTRING "$DESCRIPTION")}")" \ + "${resx:-${resx-${RESX}}${resx+0}}" \ + "${resy:-${resy-${RESY}}${resy+0}}" \ + "${length:-${length-${LENGTH}}${length+0}}" \ + "$(STRING "${cover-$(UNSTRING "$COVER")}")" \ + "${status:-${status-${STATUS}}${status+void}}" \ + "${uploader:-${uploader-${UPLOADER}}${uploader+\\}}" \ + "${hits:-${hits-${HITS}}${hits+0}}" \ + "$(printf %s "${description-$(UNSTRING "$DESCRIPTION")}" |markdown |STRING)" \ + "${FUTUREUSE:-\\}" else - printf '%s %s\n' "$ID" "$INFO" + printf '%s %s %s %i %i %i %s %s %s %i %s %s\n' \ + "$ID" "$NAME" "$DESCRIPTION" "$RESX" "$RESY" "$LENGTH" \ + "$COVER" "$STATUS" "$UPLOADER" "$HITS" "$DESCR_CACHE" \ + "$FUTUREUSE" fi done <"$vid_db" >"${vid_db}.$$" mv -- "${vid_db}.$$" "${vid_db}" @@ -74,8 +99,10 @@ UPLOAD(){ REDIRECT "${_BASE}/channel/${channel}/${video}/#ERROR_NOTLOGGEDIN" elif ! AUTHOR; then REDIRECT "${_BASE}/channel/${channel}/${video}/#ERROR_UPDATE_NOTALLOWED" - elif update_video "$video" "$(POST name)" "$(POST description)" 0 0 0 \ - "" "void" "$USER_ID" 0 ""; then + elif update_video "$video" "name=$(POST name)" \ + "description=$(POST description)" \ + "status=$(POST status |grep -m1 -xE 'void|private|hidden|public')" \ + "uploader=$USER_ID"; then REDIRECT "${_BASE}/channel/${channel}/${video}/#UPDATE_SUCCESS" else REDIRECT "${_BASE}/channel/${channel}/${video}/#ERROR_UPDATE_NOLOCK" @@ -101,15 +128,17 @@ if [ "$REQUEST_METHOD" = POST -a "$channel" -a "$video" ]; then fi if [ "$channel" -a "$video" -a "$action" = edit ]; then + AUTHOR || REDIRECT "$_BASE/$channel/$video/#ERROR_EDIT_NOTALLOWED" + yield_page "$VIDEO_NAME - Edit" "video edit" <<-EOF [form .video .edit method=POST [input name="name" value="$(HTML "$VIDEO_NAME")" placeholder="Video Name"] [fieldset .status $([ $VIDEO_STATUS = void ] && printf "disabled=disabled") - [radio "status" "void" #status_private $(checked $VIDEO_STATUS private void)] + [radio "status" "private" #status_private $(checked $VIDEO_STATUS private void)] [label for=status_private tooltip="Video is only visible to channel authors" Private] - [radio "status" "void" #status_hidden $(checked $VIDEO_STATUS hidden)] + [radio "status" "hidden" #status_hidden $(checked $VIDEO_STATUS hidden)] [label for=status_hidden tooltip="Video will not be listed but can be viewed by anyone knowing the URL" Hidden] - [radio "status" "void" #status_public $(checked $VIDEO_STATUS public)] + [radio "status" "public" #status_public $(checked $VIDEO_STATUS public)] [label for=status_public tooltip="Video will be listed publicly" Public] ] [textarea name="description" placeholder="Description" . $(HTML "$VIDEO_DESCRIPTION")] @@ -118,7 +147,9 @@ if [ "$channel" -a "$video" -a "$action" = edit ]; then ] EOF elif [ "$channel" -a "$video" ]; then - yield_page "$VIDEO_NAME" "video edit" <<-EOF + [ $VIDEO_STATUS = public -o $VIDEO_STATUS = hidden ] || AUTHOR || { . ${_EXEC}/page_404.sh; exit 0; } + + yield_page "$VIDEO_NAME" "video" <<-EOF [nav [a href="../../" Channels] - [a href="../" $(HTML "${CHANNEL_NAME:-(Unnamed Channel)}")] - [span $(HTML "${VIDEO_NAME:-(Unnamed Video)}")] $(AUTHOR && printf ' - [a href="edit" edit]') ] -- 2.39.2