diff options
-rw-r--r-- | plugins/TinyMCE/TinyMCEPlugin.php | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/plugins/TinyMCE/TinyMCEPlugin.php b/plugins/TinyMCE/TinyMCEPlugin.php index 2ec4b7160..e0640ebdf 100644 --- a/plugins/TinyMCE/TinyMCEPlugin.php +++ b/plugins/TinyMCE/TinyMCEPlugin.php @@ -50,9 +50,14 @@ class TinyMCEPlugin extends Plugin { var $html; + // By default, TinyMCE editor will be available to all users. + // With restricted on, only users who have been granted the + // "richedit" role get it. + public $restricted = false; + function onEndShowScripts($action) { - if (common_logged_in ()) { + if (common_logged_in() && $this->isAllowedRichEdit()) { $action->script(common_path('plugins/TinyMCE/js/jquery.tinymce.js')); $action->inlineScript($this->_inlineScript()); } @@ -62,7 +67,9 @@ class TinyMCEPlugin extends Plugin function onEndShowStyles($action) { - $action->style('span#notice_data-text_container, span#notice_data-text_parent { float: left }'); + if ($this->isAllowedRichEdit()) { + $action->style('span#notice_data-text_container, span#notice_data-text_parent { float: left }'); + } return true; } @@ -116,7 +123,7 @@ class TinyMCEPlugin extends Plugin */ function onStartSaveNewNoticeWeb($action, $user, &$content, &$options) { - if ($action->arg('richedit')) { + if ($action->arg('richedit') && $this->isAllowedRichEdit()) { $html = $this->sanitizeHtml($content); $options['rendered'] = $html; $content = $this->stripHtml($html); @@ -135,7 +142,7 @@ class TinyMCEPlugin extends Plugin */ function onStartSaveNewNoticeAppendAttachment($action, $media, &$content, &$options) { - if ($action->arg('richedit')) { + if ($action->arg('richedit') && $this->isAllowedRichEdit()) { // See if we've got a placeholder inline image; if so, fill it! $dom = new DOMDocument(); @@ -320,4 +327,23 @@ END_OF_SCRIPT; return $scr; } + + /** + * Does the current user have permission to use the rich-text editor? + * Always true unless the plugin's "restricted" setting is on, in which + * case it's limited to users with the "richedit" role. + * + * @fixme make that more sanely configurable :) + * + * @return boolean + */ + private function isAllowedRichEdit() + { + if ($this->restricted) { + $user = common_current_user(); + return !empty($user) && $user->hasRole('richedit'); + } else { + return true; + } + } } |