summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugins/TinyMCE/TinyMCEPlugin.php34
1 files changed, 30 insertions, 4 deletions
diff --git a/plugins/TinyMCE/TinyMCEPlugin.php b/plugins/TinyMCE/TinyMCEPlugin.php
index 2ec4b7160..e0640ebdf 100644
--- a/plugins/TinyMCE/TinyMCEPlugin.php
+++ b/plugins/TinyMCE/TinyMCEPlugin.php
@@ -50,9 +50,14 @@ class TinyMCEPlugin extends Plugin
{
var $html;
+ // By default, TinyMCE editor will be available to all users.
+ // With restricted on, only users who have been granted the
+ // "richedit" role get it.
+ public $restricted = false;
+
function onEndShowScripts($action)
{
- if (common_logged_in ()) {
+ if (common_logged_in() && $this->isAllowedRichEdit()) {
$action->script(common_path('plugins/TinyMCE/js/jquery.tinymce.js'));
$action->inlineScript($this->_inlineScript());
}
@@ -62,7 +67,9 @@ class TinyMCEPlugin extends Plugin
function onEndShowStyles($action)
{
- $action->style('span#notice_data-text_container, span#notice_data-text_parent { float: left }');
+ if ($this->isAllowedRichEdit()) {
+ $action->style('span#notice_data-text_container, span#notice_data-text_parent { float: left }');
+ }
return true;
}
@@ -116,7 +123,7 @@ class TinyMCEPlugin extends Plugin
*/
function onStartSaveNewNoticeWeb($action, $user, &$content, &$options)
{
- if ($action->arg('richedit')) {
+ if ($action->arg('richedit') && $this->isAllowedRichEdit()) {
$html = $this->sanitizeHtml($content);
$options['rendered'] = $html;
$content = $this->stripHtml($html);
@@ -135,7 +142,7 @@ class TinyMCEPlugin extends Plugin
*/
function onStartSaveNewNoticeAppendAttachment($action, $media, &$content, &$options)
{
- if ($action->arg('richedit')) {
+ if ($action->arg('richedit') && $this->isAllowedRichEdit()) {
// See if we've got a placeholder inline image; if so, fill it!
$dom = new DOMDocument();
@@ -320,4 +327,23 @@ END_OF_SCRIPT;
return $scr;
}
+
+ /**
+ * Does the current user have permission to use the rich-text editor?
+ * Always true unless the plugin's "restricted" setting is on, in which
+ * case it's limited to users with the "richedit" role.
+ *
+ * @fixme make that more sanely configurable :)
+ *
+ * @return boolean
+ */
+ private function isAllowedRichEdit()
+ {
+ if ($this->restricted) {
+ $user = common_current_user();
+ return !empty($user) && $user->hasRole('richedit');
+ } else {
+ return true;
+ }
+ }
}