add admin view to /file/list (#3100)

* add admin view to /file/list * tidy
2023-06-11 14:18:10 -05:00 · 2023-06-11 14:18:10 -05:00 · a1feac699a
commit a1feac699a
parent a9a8fcdfaf
5 changed files with 56 additions and 14 deletions
--- a/cgi-bin/DW/Controller/Media.pm
+++ b/cgi-bin/DW/Controller/Media.pm
@ -50,28 +50,48 @@ DW::Routing->register_string( '/file',      \&media_index_handler,    app => 1 )
 sub media_manage_handler {
    my ( $ok, $rv ) = controller();
    return $rv unless $ok;
+
+    my ( $remote, $r ) = ( $rv->{remote}, $rv->{r} );
+
    return error_ml(
        'error.openid',
        {
            sitename => $LJ::SITENAMESHORT,
            aopts    => '/create'
        }
-    ) if $rv->{remote}->is_identity;
+    ) if $remote->is_identity;
+
+    my $u         = $remote;
+    my $adminmode = $u && $u->has_priv( 'canview', 'images' );
+    my $user      = LJ::canonical_username( $r->get_args->{user} || $r->post_args->{user} );
+
+    if ( $adminmode && $user ) {
+        $u = LJ::load_user($user);
+        return error_ml('error.username_notfound') unless $u;
+        return error_ml('error.purged.text') if $u->is_expunged;
+        $user = undef if $remote->equals($u);
+    }
+    else {
+        $user = undef;
+    }

    # load all of a user's media.  this is inefficient and won't be like this forever,
    # but it's simple for now...
-    my @media = DW::Media->get_active_for_user( $rv->{remote}, width => 200, height => 200 );
+    my @media = DW::Media->get_active_for_user( $u, width => 200, height => 200 );

    $rv->{media}          = \@media;
    $rv->{make_embed_url} = \&make_embed_url;
-    $rv->{page}           = $rv->{r}->get_args->{page} || '1';
-    $rv->{view_type}      = $rv->{r}->get_args->{view} || '';
+    $rv->{page}           = $r->get_args->{page} || '1';
+    $rv->{view_type}      = $r->get_args->{view} || '';
    $rv->{maxpage}        = POSIX::ceil( scalar @media / 20 );
    $rv->{valid_sizes}    = [%VALID_SIZES];
    $rv->{convert_time}   = \&LJ::mysql_time;
+    $rv->{adminmode}      = $adminmode ? 1 : 0;
+    $rv->{user}           = $user;
+    $rv->{maxlength_user} = $LJ::USERNAME_MAXLENGTH;

-    my $media_usage = DW::Media->get_usage_for_user( $rv->{u} );
-    my $media_quota = DW::Media->get_quota_for_user( $rv->{u} );
+    my $media_usage = DW::Media->get_usage_for_user($u);
+    my $media_quota = DW::Media->get_quota_for_user($u);

    $rv->{usage}      = sprintf( "%0.3f MB", $media_usage / 1024 / 1024 );
    $rv->{quota}      = sprintf( "%0.1f MB", $media_quota / 1024 / 1024 );
--- a/cgi-bin/DW/Hooks/PrivList.pm
+++ b/cgi-bin/DW/Hooks/PrivList.pm
@ -81,6 +81,7 @@ LJ::Hooks::register_hook(
        # have to manually maintain the other lists
        $hr = {
            entryprops    => "Access to /admin/entryprops",
+            images        => "Access to admin mode on /file/list",
            sessions      => "Access to admin mode on /manage/logins",
            subscriptions => "Access to admin mode on notification settings",
            suspended     => "Access to suspended journal content",
--- a/cgi-bin/DW/Media/Base.pm
+++ b/cgi-bin/DW/Media/Base.pm
@ -136,7 +136,11 @@ sub visible_to {
    # at this point, if we don't have a remote user, fail
    return 0 unless LJ::isu($other_u);

-    # private check.  if it's us, allow, else fail.
+    # private check.  if it's us or an admin, allow, else fail.
+    my $refer       = { DW::Request->get->headers_in }->{Referer};
+    my $is_sitepage = ( defined $refer && $refer eq "$LJ::SITEROOT/" ) ? 1 : 0;
+    return 1 if $is_sitepage && $other_u->has_priv( 'canview', 'images' );
+
    return 1 if $u->equals($other_u);
    return 0 if $self->security eq 'private';

--- a/views/media/index.tt
+++ b/views/media/index.tt
@ -40,21 +40,33 @@ window.onload = function() {
 }
 };
 </script>
+<style type="text/css">
+    #content input { height: auto; width: auto; display: inline; }
+</style>
 [% END  # sections.head %]

-<p>[% dw.ml(".intro2" {aopts1 => '/file/edit', aopts2 => '/file/new'}) %]</p>
+[%- IF adminmode %]
+<form method='GET'><p>
+  [% form.textbox( maxlength = maxlength_user, size = maxlength_user,
+                   label = dw.ml( '.user' ), name = 'user', value = user );
+     form.submit( value = dw.ml( '.user.submit' ) ) %]
+</p></form>
+[%- END %]

-<p>[% '.usage' | ml( usage => usage, percentage => percentage, quota => quota ) %]</p>
+[%- IF user -%]
+    <p>[% '.intro.admin' | ml(user => user) %]</p>
+[%- ELSE -%]
+    <p>[% '.intro2' | ml(aopts1 => '/file/edit', aopts2 => '/file/new') %]</p>

-[% getextra = page == 1 ? '' : "?page=$page" %]
-[% getsep = getextra == '' ? "?" : "&" %]
+    <p>[% '.usage' | ml( usage => usage, percentage => percentage, quota => quota ) %]</p>
+[%- END -%]

 [% IF media.size %]
 <p>
 [% IF view_type == 'grid' %]
-    <a href="[% "$site.root/file/list$getextra${getsep}view=list" %]">[% '.view.list' | ml %]</a> | [% '.view.grid' | ml %]
+    <a href="[% dw.create_url( undef, keep_args => 1, args => { view => 'list' } ) %]">[% '.view.list' | ml %]</a> | [% '.view.grid' | ml %]
 [% ELSE %]
-    [% '.view.list' | ml %] | <a href="[% "$site.root/file/list$getextra${getsep}view=grid" %]">[% '.view.grid' | ml %]</a>
+    [% '.view.list' | ml %] | <a href="[% dw.create_url( undef, keep_args => 1, args => { view => 'grid' } ) %]">[% '.view.grid' | ml %]</a>
 [% END %]
 </p>
 [% IF maxpage > 1 %]
@ -128,7 +140,6 @@ window.onload = function() {
            </div>
            </div>
            </div>
-            
        </div>
        </div>
    [%- END -%]
--- a/views/media/index.tt.text
+++ b/views/media/index.tt.text
@ -2,6 +2,8 @@

 .intro2=Below are the images you have uploaded to the site. <a href="[[aopts1]]">Manage your images</a> or <a href="[[aopts2]]">upload new images</a>.

+.intro.admin=Below are the images that [[user]] has uploaded to the site.
+
 .title2=Your Images

 .embed.full=Image Embed:
@ -12,6 +14,10 @@

 .usage=You have used [[usage]] ([[percentage]]) of your [[quota]] quota.

+.user=Account:
+
+.user.submit=View
+
 .view.list=List View

 .view.grid=Grid View