diff --git a/README.md b/README.md index d8e7d5f6..bf963add 100644 --- a/README.md +++ b/README.md @@ -138,16 +138,14 @@ Before submitting design contributions, please discuss them with the Standard Eb ### Artwork database -- Allow submitter or admins to edit unapproved artwork submissions. Approved/in use submissions should not be editable by anyone. - - Tags should be searched as whole words. For example a search for `male` should not return items tagged as `female`. - Include in-use ebook slug as a search parameter when searching for artwork by keyword. -- Remove `in_use` status for an artwork; instead, an artwork with an `EbookWwwFilesystemPath` that is not `null` should be considered to be "in use" regardless of its `Status`. - - Artwork searching/filtering should be done in pure SQL, no after-sql filtering in PHP. +- Allow listing artwork by artist by visiting `/artworks/`, and link instances of artist name to that URL. + ## PHP code style - Indent with tabs. diff --git a/lib/Artwork.php b/lib/Artwork.php index ddac91d0..91c24e3b 100644 --- a/lib/Artwork.php +++ b/lib/Artwork.php @@ -58,9 +58,6 @@ class Artwork extends PropertiesBase{ protected ?string $_ImageUrl = null; protected ?string $_ThumbUrl = null; protected ?string $_Thumb2xUrl = null; - protected ?string $_ImageFsPath = null; - protected ?string $_ThumbFsPath = null; - protected ?string $_Thumb2xFsPath = null; protected ?string $_Dimensions = null; protected ?Ebook $_Ebook = null; protected ?Museum $_Museum = null; @@ -252,15 +249,15 @@ class Artwork extends PropertiesBase{ } protected function GetImageFsPath(): string{ - return WEB_ROOT . rtrim($this->ImageUrl, '?ts=0123456789'); + return WEB_ROOT . preg_replace('/\?[^\?]*$/ius', '', $this->ImageUrl); } protected function GetThumbFsPath(): string{ - return WEB_ROOT . rtrim($this->ThumbUrl, '?ts=0123456789'); + return WEB_ROOT . preg_replace('/\?[^\?]*$/ius', '', $this->ThumbUrl); } protected function GetThumb2xFsPath(): string{ - return WEB_ROOT . rtrim($this->Thumb2xUrl, '?ts=0123456789'); + return WEB_ROOT . preg_replace('/\?[^\?]*$/ius', '', $this->Thumb2xUrl); } protected function GetDimensions(): string{ @@ -289,6 +286,55 @@ class Artwork extends PropertiesBase{ // ******* // METHODS // ******* + public function CanBeEditedBy(?User $user): bool{ + if($user === null){ + return false; + } + + if($user->Benefits->CanReviewOwnArtwork){ + // Admins can edit all artwork. + return true; + } + + if(($user->Benefits->CanReviewArtwork || $user->UserId == $this->SubmitterUserId) && ($this->Status == ArtworkStatus::Unverified || $this->Status == ArtworkStatus::Declined)){ + // Editors can edit an artwork, and submitters can edit their own artwork, if it's not yet approved. + return true; + } + + return false; + } + + public function CanStatusBeChangedBy(?User $user): bool{ + if($user === null){ + return false; + } + + if($user->Benefits->CanReviewOwnArtwork){ + // Admins can change the status of all artwork. + return true; + } + + if($user->Benefits->CanReviewArtwork && $user->UserId != $this->SubmitterUserId && ($this->Status == ArtworkStatus::Unverified || $this->Status == ArtworkStatus::Declined)){ + // Editors can change the status of artwork they did not submit themselves, and that is not yet approved. + return true; + } + + return false; + } + + public function CanEbookWwwFilesysemPathBeChangedBy(?User $user): bool{ + if($user === null){ + return false; + } + + if($user->Benefits->CanReviewArtwork || $user->Benefits->CanReviewOwnArtwork){ + // Admins and editors can change the file system path of all artwork. + return true; + } + + return false; + } + /** * @param array $uploadedFile * @throws \Exceptions\ValidationException @@ -341,15 +387,8 @@ class Artwork extends PropertiesBase{ $error->Add(new Exceptions\InvalidArtworkException('Invalid status.')); } - if($this->Status == ArtworkStatus::InUse && $this->EbookWwwFilesystemPath === null){ - $error->Add(new Exceptions\MissingEbookException()); - } - if(count($this->Tags) == 0){ - // In-use artwork doesn't have user-provided tags. - if($this->Status != ArtworkStatus::InUse){ - $error->Add(new Exceptions\TagsRequiredException()); - } + $error->Add(new Exceptions\TagsRequiredException()); } if(count($this->Tags) > ARTWORK_MAX_TAGS){ @@ -686,6 +725,13 @@ class Artwork extends PropertiesBase{ if(!empty($uploadedFile) && $uploadedFile['error'] == UPLOAD_ERR_OK){ $this->MimeType = ImageMimeType::FromFile($uploadedFile['tmp_name'] ?? null); + + // Manually set the updated timestamp, because if we only update the image and nothing else, the row's + // updated timestamp won't change automatically. + $this->Updated = new DateTime('now', new DateTimeZone('UTC')); + $this->_ImageUrl = null; + $this->_ThumbUrl = null; + $this->_Thumb2xUrl = null; } $this->Validate($uploadedFile); @@ -696,8 +742,15 @@ class Artwork extends PropertiesBase{ } $this->Tags = $tags; + $newDeathYear = $this->Artist->DeathYear; $this->Artist = Artist::GetOrCreate($this->Artist); + // Save the artist death year in case we changed it + if($newDeathYear != $this->Artist->DeathYear){ + Db::Query('UPDATE Artists set DeathYear = ? where ArtistId = ?', [$newDeathYear , $this->Artist->ArtistId]); + } + + // Save the artwork Db::Query(' UPDATE Artworks set @@ -706,7 +759,7 @@ class Artwork extends PropertiesBase{ UrlName = ?, CompletedYear = ?, CompletedYearIsCirca = ?, - Created = ?, + Updated = ?, Status = ?, SubmitterUserId = ?, ReviewerUserId = ?, @@ -723,7 +776,7 @@ class Artwork extends PropertiesBase{ where ArtworkId = ? ', [$this->Artist->ArtistId, $this->Name, $this->UrlName, $this->CompletedYear, $this->CompletedYearIsCirca, - $this->Created, $this->Status, $this->SubmitterUserId, $this->ReviewerUserId, $this->MuseumUrl, $this->PublicationYear, $this->PublicationYearPageUrl, + $this->Updated, $this->Status, $this->SubmitterUserId, $this->ReviewerUserId, $this->MuseumUrl, $this->PublicationYear, $this->PublicationYearPageUrl, $this->CopyrightPageUrl, $this->ArtworkPageUrl, $this->IsPublishedInUs, $this->EbookWwwFilesystemPath, $this->MimeType, $this->Exception, $this->Notes, $this->ArtworkId] ); @@ -731,16 +784,16 @@ class Artwork extends PropertiesBase{ Artist::DeleteUnreferencedArtists(); Db::Query(' - DELETE FROM ArtworkTags - WHERE + DELETE from ArtworkTags + where ArtworkId = ? ', [$this->ArtworkId] ); foreach($this->Tags as $tag){ Db::Query(' - INSERT INTO ArtworkTags (ArtworkId, TagId) - VALUES (?, + INSERT into ArtworkTags (ArtworkId, TagId) + values (?, ?) ', [$this->ArtworkId, $tag->TagId]); } @@ -840,4 +893,29 @@ class Artwork extends PropertiesBase{ return $result[0]; } + + public static function FromHttpPost(): Artwork{ + $artwork = new Artwork(); + $artwork->Artist = new Artist(); + + $artwork->Artist->Name = HttpInput::Str(POST, 'artist-name', false); + $artwork->Artist->DeathYear = HttpInput::Int(POST, 'artist-year-of-death'); + + $artwork->Name = HttpInput::Str(POST, 'artwork-name', false); + $artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year'); + $artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? false; + $artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? []; + $artwork->Status = HttpInput::Str(POST, 'artwork-status', false) ?? ArtworkStatus::Unverified; + $artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false); + $artwork->IsPublishedInUs = HttpInput::Bool(POST, 'artwork-is-published-in-us', false); + $artwork->PublicationYear = HttpInput::Int(POST, 'artwork-publication-year'); + $artwork->PublicationYearPageUrl = HttpInput::Str(POST, 'artwork-publication-year-page-url', false); + $artwork->CopyrightPageUrl = HttpInput::Str(POST, 'artwork-copyright-page-url', false); + $artwork->ArtworkPageUrl = HttpInput::Str(POST, 'artwork-artwork-page-url', false); + $artwork->MuseumUrl = HttpInput::Str(POST, 'artwork-museum-url', false); + $artwork->Exception = HttpInput::Str(POST, 'artwork-exception', false); + $artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false); + + return $artwork; + } } diff --git a/lib/ArtworkStatus.php b/lib/ArtworkStatus.php index 2bcfe8cc..6d9b058c 100644 --- a/lib/ArtworkStatus.php +++ b/lib/ArtworkStatus.php @@ -3,5 +3,4 @@ enum ArtworkStatus: string{ case Unverified = 'unverified'; case Declined = 'declined'; case Approved = 'approved'; - case InUse = 'in_use'; } diff --git a/lib/Library.php b/lib/Library.php index e0435837..681e7beb 100644 --- a/lib/Library.php +++ b/lib/Library.php @@ -162,12 +162,13 @@ class Library{ * @return array */ public static function FilterArtwork(string $query = null, string $status = null, string $sort = null, int $submitterUserId = null): array{ - // Possible special statuses: + // $status is either the string value of an ArtworkStatus enum, or one of these special statuses: // null: same as "all" // "all": Show all approved and in use artwork // "all-admin": Show all artwork regardless of status // "all-submitter": Show all approved and in use artwork, plus unverified artwork from the submitter // "unverified-submitter": Show unverified artwork from the submitter + // "in-use": Show only in-use artwork $artworks = []; @@ -175,19 +176,26 @@ class Library{ $artworks = Db::Query(' SELECT * from Artworks - where Status in (?, ?)', [ArtworkStatus::Approved->value, ArtworkStatus::InUse->value], 'Artwork'); + where Status in (?)', [ArtworkStatus::Approved->value], 'Artwork'); } elseif($status == 'all-admin'){ $artworks = Db::Query(' SELECT * from Artworks', [], 'Artwork'); } + elseif($status == 'in-use'){ + $artworks = Db::Query(' + SELECT * + from Artworks + where Status = ? and EbookWwwFilesystemPath is not null + ', [ArtworkStatus::Approved->value], 'Artwork'); + } elseif($status == 'all-submitter' && $submitterUserId !== null){ $artworks = Db::Query(' SELECT * from Artworks - where Status in (?, ?) - or (Status = ? and SubmitterUserId = ?)', [ArtworkStatus::Approved->value, ArtworkStatus::InUse->value, ArtworkStatus::Unverified->value, $submitterUserId], 'Artwork'); + where Status = ? + or (Status = ? and SubmitterUserId = ?)', [ArtworkStatus::Approved->value, ArtworkStatus::Unverified->value, $submitterUserId], 'Artwork'); } elseif($status == 'unverified-submitter' && $submitterUserId !== null){ $artworks = Db::Query(' @@ -195,6 +203,12 @@ class Library{ from Artworks where Status = ? and SubmitterUserId = ?', [ArtworkStatus::Unverified->value, $submitterUserId], 'Artwork'); } + elseif($status == ArtworkStatus::Approved->value){ + $artworks = Db::Query(' + SELECT * + from Artworks + where Status = ? and EbookWwwFilesystemPath is null', [ArtworkStatus::Approved->value], 'Artwork'); + } else{ $artworks = Db::Query(' SELECT * diff --git a/templates/ArtworkCreateEditFields.php b/templates/ArtworkForm.php similarity index 84% rename from templates/ArtworkCreateEditFields.php rename to templates/ArtworkForm.php index 9c0de8c0..fa41e691 100644 --- a/templates/ArtworkCreateEditFields.php +++ b/templates/ArtworkForm.php @@ -2,7 +2,13 @@ use Safe\DateTime; $artwork = $artwork ?? null; -$imageRequired = $imageRequired ?? true; + +if($artwork === null){ + $artwork = new Artwork(); + $artwork->Artist = new Artist(); +} + +$isEditForm = $isEditForm ?? false; $isAdminView = $isAdminView ?? false; $now = new DateTime('now', new DateTimeZone('America/Juneau')); // Latest continental US time zone @@ -16,7 +22,7 @@ $now = new DateTime('now', new DateTimeZone('America/Juneau')); // Latest contin AlternateSpellings as $alternateSpelling){ ?> - + @@ -38,7 +44,7 @@ $now = new DateTime('now', new DateTimeZone('America/Juneau')); // Latest contin name="artist-year-of-death" inputmode="numeric" pattern="[0-9]+" - value="Artist->DeathYear ?>" + value="Artist->DeathYear) ?>" /> @@ -57,7 +63,7 @@ $now = new DateTime('now', new DateTimeZone('America/Juneau')); // Latest contin name="artwork-year" inputmode="numeric" pattern="[0-9]+" - value="CompletedYear ?>" + value="CompletedYear) ?>" /> @@ -123,7 +129,7 @@ $now = new DateTime('now', new DateTimeZone('America/Juneau')); // Latest contin name="artwork-publication-year" inputmode="numeric" pattern="[0-9]+" - value="PublicationYear ?>" + value="PublicationYear) ?>" /> - +CanStatusBeChangedBy($GLOBALS['User'] ?? null) || $artwork->CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'] ?? null)){ ?>
Editor options - Benefits->CanReviewOwnArtwork){ ?> + CanStatusBeChangedBy($GLOBALS['User'] ?? null)){ ?> - + CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'] ?? null)){ ?> + +
diff --git a/templates/ArtworkList.php b/templates/ArtworkList.php index 251da6c3..0e5418f8 100644 --- a/templates/ArtworkList.php +++ b/templates/ArtworkList.php @@ -3,7 +3,7 @@ $artworks = $artworks ?? []; ?>
    -
  1. Status == ArtworkStatus::InUse){ ?> class="in-use"> +
  2. EbookWwwFilesystemPath !== null){ ?> class="in-use"> diff --git a/templates/ArtworkStatus.php b/templates/ArtworkStatus.php index 980f506f..4b59ab0c 100644 --- a/templates/ArtworkStatus.php +++ b/templates/ArtworkStatus.php @@ -5,5 +5,5 @@ $artwork = $artwork ?? null; Status == ArtworkStatus::Approved){ ?>Approved Status == ArtworkStatus::Declined){ ?>Declined Status == ArtworkStatus::Unverified){ ?>Unverified -Status == ArtworkStatus::InUse){ ?>In useEbookWwwFilesystemPath !== null){ ?> for Ebook !== null && $artwork->Ebook->Url !== null){ ?>Ebook->Title) ?>EbookWwwFilesystemPath) ?> (Unreleased) +EbookWwwFilesystemPath !== null){ ?> — in useEbookWwwFilesystemPath !== null){ ?> by Ebook !== null && $artwork->Ebook->Url !== null){ ?>Ebook->Title) ?>EbookWwwFilesystemPath) ?> (unreleased) diff --git a/www/artworks/edit.php b/www/artworks/edit.php index ed3e9cfa..b8dc5ac5 100644 --- a/www/artworks/edit.php +++ b/www/artworks/edit.php @@ -4,7 +4,7 @@ use function Safe\session_unset; session_start(); $exception = $_SESSION['exception'] ?? null; -/** @var Artwork $artwork */ +/** @var ?Artwork $artwork */ $artwork = $_SESSION['artwork'] ?? null; try{ @@ -13,11 +13,10 @@ try{ } if($artwork === null){ - $artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name') ?? '', HttpInput::Str(GET, 'artwork-url-name') ?? ''); + $artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name', false) ?? '', HttpInput::Str(GET, 'artwork-url-name', false) ?? ''); } - $isEditingAllowed = ($artwork->Status == ArtworkStatus::Unverified) && ($GLOBALS['User']->Benefits->CanReviewArtwork || ($artwork->SubmitterUserId == $GLOBALS['User']->UserId)); - if(!$isEditingAllowed){ + if(!$artwork->CanBeEditedBy($GLOBALS['User'])){ throw new Exceptions\InvalidPermissionsException(); } @@ -36,13 +35,13 @@ catch(Exceptions\LoginRequiredException){ Template::RedirectToLogin(); } catch(Exceptions\InvalidPermissionsException){ - Template::Emit403(); // No permissions to submit artwork + Template::Emit403(); // No permissions to edit artwork } ?> 'Edit Artwork', + 'title' => 'Edit ' . $artwork->Name . ', by ' . $artwork->Artist->Name, 'artwork' => true, 'highlight' => '', 'description' => 'Edit public domain artwork to the database for use as cover art.' @@ -54,23 +53,14 @@ catch(Exceptions\InvalidPermissionsException){ $exception]) ?> - - - - - - + + + +
    - - $artwork, - 'imageRequired' => false, - 'isAdminView' => $isAdminView - ] - ) ?> + $artwork, 'isEditForm' => true,'isAdminView' => $isAdminView]) ?>
    diff --git a/www/artworks/get.php b/www/artworks/get.php index d8479d83..6b67a811 100644 --- a/www/artworks/get.php +++ b/www/artworks/get.php @@ -9,12 +9,14 @@ $exception = $_SESSION['exception'] ?? null; try{ $artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name') ?? '', HttpInput::Str(GET, 'artwork-url-name') ?? ''); $isAdminView = $GLOBALS['User']->Benefits->CanReviewArtwork ?? false; - $userId = $GLOBALS['User']->UserId ?? null; - $isEditingAllowed = ($artwork->Status == ArtworkStatus::Unverified) && ($isAdminView || ($userId !== null && $userId == $artwork->SubmitterUserId)); // If the artwork is not approved, and we're not an admin or the submitter when they can edit, don't show it. - if($artwork->Status != ArtworkStatus::Approved && $artwork->Status != ArtworkStatus::InUse && !$isAdminView && !$isEditingAllowed){ - throw new Exceptions\ArtworkNotFoundException(); + if( + ($GLOBALS['User'] === null && $artwork->Status != ArtworkStatus::Approved) + || + ($GLOBALS['User'] !== null && $artwork->SubmitterUserId != $GLOBALS['User']->UserId && !$isAdminView) + ){ + throw new Exceptions\InvalidPermissionsException(); } // We got here because an artwork was successfully submitted @@ -22,16 +24,26 @@ try{ session_unset(); } - // We got here because an artwork submission had errors and the user has to try again + // We got here because an artwork PATCH operation had errors and the user has to try again if($exception){ http_response_code(422); + + // Before we overwrite the original artwork with our new one, restore the old status, + // because if the new status is 'approved' then it will hide the status form entirely, + // which will be confusing. + $oldStatus = $artwork->Status; $artwork = $_SESSION['artwork'] ?? $artwork; + $artwork->Status = $oldStatus; + session_unset(); } } catch(Exceptions\ArtworkNotFoundException){ Template::Emit404(); } +catch(Exceptions\InvalidPermissionsException){ + Template::Emit403(); +} ?> $artwork->Name, 'artwork' => true]) ?>
    @@ -130,17 +142,22 @@ catch(Exceptions\ArtworkNotFoundException){ Notes) ?> - + CanBeEditedBy($GLOBALS['User'] ?? null)){ ?>

    Edit artwork

    Before approval, the editor and submitter may edit Name) ?>.

    - + CanStatusBeChangedBy($GLOBALS['User'] ?? null) || $artwork->CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'] ?? null)){ ?>

    Editor options

    -

    Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers.

    + CanStatusBeChangedBy($GLOBALS['User'] ?? null)){ ?> +

    Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers. Once an artwork is approved, it can no longer be edited.

    + + CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'] ?? null)){ ?> +

    Set a file system slug to mark this artwork as “in use.”

    +
    - SubmitterUserId != $GLOBALS['User']->UserId) || $GLOBALS['User']->Benefits->CanReviewOwnArtwork){ ?> + CanStatusBeChangedBy($GLOBALS['User'] ?? null)){ ?> + + + + CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'] ?? null)){ ?> + + + -
    diff --git a/www/artworks/index.php b/www/artworks/index.php index c38e5945..70ca308a 100644 --- a/www/artworks/index.php +++ b/www/artworks/index.php @@ -49,19 +49,19 @@ if($isSubmitterView){ } } -if(!$isAdminView && !$isSubmitterView && !in_array($status, array('all', ArtworkStatus::Approved->value, ArtworkStatus::InUse->value))){ +if(!$isAdminView && !$isSubmitterView && !in_array($status, array('all', ArtworkStatus::Approved->value, 'in-use'))){ $status = ArtworkStatus::Approved->value; $filterArtworkStatus = $status; } -if($isAdminView && !in_array($status, array('all', ArtworkStatus::Unverified->value, ArtworkStatus::Declined->value, ArtworkStatus::Approved->value, ArtworkStatus::InUse->value)) - && !in_array($filterArtworkStatus, array('all-admin', ArtworkStatus::Unverified->value, ArtworkStatus::Declined->value, ArtworkStatus::Approved->value, ArtworkStatus::InUse->value))){ +if($isAdminView && !in_array($status, array('all', ArtworkStatus::Unverified->value, ArtworkStatus::Declined->value, ArtworkStatus::Approved->value, 'in-use')) + && !in_array($filterArtworkStatus, array('all-admin', ArtworkStatus::Unverified->value, ArtworkStatus::Declined->value, ArtworkStatus::Approved->value, 'in-use'))){ $status = ArtworkStatus::Approved->value; $filterArtworkStatus = $status; } -if($isSubmitterView && !in_array($status, array('all', ArtworkStatus::Unverified->value, ArtworkStatus::Approved->value, ArtworkStatus::InUse->value)) - && !in_array($filterArtworkStatus, array('all-submitter', 'unverified-submitter', ArtworkStatus::Approved->value, ArtworkStatus::InUse->value))){ +if($isSubmitterView && !in_array($status, array('all', ArtworkStatus::Unverified->value, ArtworkStatus::Approved->value, 'in-use')) + && !in_array($filterArtworkStatus, array('all-submitter', 'unverified-submitter', ArtworkStatus::Approved->value, 'in-use'))){ $status = ArtworkStatus::Approved->value; $filterArtworkStatus = $status; } @@ -107,8 +107,8 @@ if($perPage !== ARTWORK_PER_PAGE){ - - + + diff --git a/www/artworks/new.php b/www/artworks/new.php index 951259c2..2e2f9f1e 100644 --- a/www/artworks/new.php +++ b/www/artworks/new.php @@ -68,13 +68,7 @@ catch(Exceptions\InvalidPermissionsException){ - $artwork, - 'imageRequired' => true, - 'isAdminView' => $isAdminView - ] - ) ?> + $artwork, 'isAdminView' => $isAdminView]) ?>
    diff --git a/www/artworks/post.php b/www/artworks/post.php index d6b6bcfa..d3d68e9b 100644 --- a/www/artworks/post.php +++ b/www/artworks/post.php @@ -1,39 +1,8 @@ Artist = new Artist(); - $artwork->Artist->Name = HttpInput::Str(POST, 'artist-name', false); - $artwork->Artist->DeathYear = HttpInput::Int(POST, 'artist-year-of-death'); - - $artwork->Name = HttpInput::Str(POST, 'artwork-name', false); - $artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year'); - $artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? false; - $artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? []; - $artwork->Status = HttpInput::Str(POST, 'artwork-status', false) ?? ArtworkStatus::Unverified; - $artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false); - $artwork->IsPublishedInUs = HttpInput::Bool(POST, 'artwork-is-published-in-us', false); - $artwork->PublicationYear = HttpInput::Int(POST, 'artwork-publication-year'); - $artwork->PublicationYearPageUrl = HttpInput::Str(POST, 'artwork-publication-year-page-url', false); - $artwork->CopyrightPageUrl = HttpInput::Str(POST, 'artwork-copyright-page-url', false); - $artwork->ArtworkPageUrl = HttpInput::Str(POST, 'artwork-artwork-page-url', false); - $artwork->MuseumUrl = HttpInput::Str(POST, 'artwork-museum-url', false); - $artwork->Exception = HttpInput::Str(POST, 'artwork-exception', false); - $artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false); - - // Only approved reviewers can set the status to anything but unverified when uploading - // The submitter cannot review their own submissions unless they have special permission - if($artwork->Status !== ArtworkStatus::Unverified && !$GLOBALS['User']->Benefits->CanReviewOwnArtwork){ - throw new Exceptions\InvalidPermissionsException(); - } - - // If the artwork is approved, set the reviewer - if($artwork->Status !== ArtworkStatus::Unverified){ - $artwork->ReviewerUserId = $GLOBALS['User']->UserId; - } -} - try{ session_start(); $httpMethod =HttpInput::RequestMethod(); + $exceptionRedirectUrl = '/artworks/new'; if($httpMethod != HTTP_POST && $httpMethod != HTTP_PATCH && $httpMethod != HTTP_PUT){ throw new Exceptions\InvalidRequestException(); @@ -53,10 +22,20 @@ try{ throw new Exceptions\InvalidPermissionsException(); } - $artwork = new Artwork(); - populateArtworkFields($artwork); + $artwork = Artwork::FromHttpPost(); $artwork->SubmitterUserId = $GLOBALS['User']->UserId ?? null; + // Only approved reviewers can set the status to anything but unverified when uploading. + // The submitter cannot review their own submissions unless they have special permission. + if($artwork->Status !== ArtworkStatus::Unverified && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){ + throw new Exceptions\InvalidPermissionsException(); + } + + // If the artwork is approved, set the reviewer + if($artwork->Status !== ArtworkStatus::Unverified){ + $artwork->ReviewerUserId = $GLOBALS['User']->UserId; + } + // Confirm that the files came from POST if(!is_uploaded_file($_FILES['artwork-image']['tmp_name'])){ throw new Exceptions\InvalidImageUploadException(); @@ -71,20 +50,31 @@ try{ header('Location: /artworks/new'); } - // PUTing a new artwork + // PUTing an artwork if($httpMethod == HTTP_PUT){ $originalArtwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name', false), HttpInput::Str(GET, 'artwork-url-name', false)); - if(!$GLOBALS['User']->Benefits->CanReviewArtwork && !($originalArtwork->SubmitterUserId == $GLOBALS['User']->UserId)){ + if(!$originalArtwork->CanBeEditedBy($GLOBALS['User'])){ throw new Exceptions\InvalidPermissionsException(); } - $artwork = new Artwork(); - populateArtworkFields($artwork); + $exceptionRedirectUrl = $originalArtwork->EditUrl; + + $artwork = Artwork::FromHttpPost(); $artwork->ArtworkId = $originalArtwork->ArtworkId; $artwork->Created = $originalArtwork->Created; $artwork->SubmitterUserId = $originalArtwork->SubmitterUserId; + $newStatus = ArtworkStatus::tryFrom(HttpInput::Str(POST, 'artwork-status', false) ?? ''); + if($newStatus !== null){ + if($originalArtwork->Status != $newStatus && !$originalArtwork->CanStatusBeChangedBy($GLOBALS['User'])){ + throw new Exceptions\InvalidPermissionsException(); + } + + $artwork->ReviewerUserId = $GLOBALS['User']->UserId; + $artwork->Status = $newStatus; + } + $uploadedFile = []; $uploadError = $_FILES['artwork-image']['error']; @@ -107,43 +97,31 @@ try{ // PATCHing a new artwork if($httpMethod == HTTP_PATCH){ - if(!$GLOBALS['User']->Benefits->CanReviewArtwork){ - throw new Exceptions\InvalidPermissionsException(); - } - $artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name', false), HttpInput::Str(GET, 'artwork-url-name', false)); - $artwork->Artist->Name = HttpInput::Str(POST, 'artist-name', false) ?? $artwork->Artist->Name; - $artwork->Artist->DeathYear = HttpInput::Int(POST, 'artist-year-of-death') ?? $artwork->Artist->DeathYear; + $exceptionRedirectUrl = $artwork->Url; - $artwork->Name = HttpInput::Str(POST, 'artwork-name', false) ?? $artwork->Name; - $artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year') ?? $artwork->CompletedYear; - $artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? $artwork->CompletedYearIsCirca; - $artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? $artwork->Tags; - $artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false) ?? $artwork->EbookWwwFilesystemPath; - $artwork->IsPublishedInUs = HttpInput::Bool(POST, 'artwork-is-published-in-us', false) ?? $artwork->IsPublishedInUs; - $artwork->PublicationYear = HttpInput::Int(POST, 'artwork-publication-year') ?? $artwork->PublicationYear; - $artwork->PublicationYearPageUrl = HttpInput::Str(POST, 'artwork-publication-year-page-url', false) ?? $artwork->PublicationYearPageUrl; - $artwork->CopyrightPageUrl = HttpInput::Str(POST, 'artwork-copyright-page-url', false) ?? $artwork->CopyrightPageUrl; - $artwork->ArtworkPageUrl = HttpInput::Str(POST, 'artwork-artwork-page-url', false) ?? $artwork->ArtworkPageUrl; - $artwork->MuseumUrl = HttpInput::Str(POST, 'artwork-museum-url', false) ?? $artwork->MuseumUrl; - $artwork->Exception = HttpInput::Str(POST, 'artwork-exception', false) ?? $artwork->Exception; - $artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false) ?? $artwork->Notes; - - $artwork->ReviewerUserId = $GLOBALS['User']->UserId; + // We can PATCH either the status or the ebook www filesystem path. $newStatus = ArtworkStatus::tryFrom(HttpInput::Str(POST, 'artwork-status', false) ?? ''); if($newStatus !== null){ - if($artwork->Status != $newStatus){ - // Is the user attempting to review their own artwork? - if($artwork->Status != ArtworkStatus::Unverified && $GLOBALS['User']->UserId == $artwork->SubmitterUserId && !$GLOBALS['User']->Benefits->CanReviewOwnArtwork){ - throw new Exceptions\InvalidPermissionsException(); - } + if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){ + throw new Exceptions\InvalidPermissionsException(); } + $artwork->ReviewerUserId = $GLOBALS['User']->UserId; $artwork->Status = $newStatus; } + $newEbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false) ?? null; + if($artwork->EbookWwwFilesystemPath != $newEbookWwwFilesystemPath && !$artwork->CanEbookWwwFilesysemPathBeChangedBy($GLOBALS['User'])){ + throw new Exceptions\InvalidPermissionsException(); + } + + $artwork->ReviewerUserId = $GLOBALS['User']->UserId; + $artwork->Status = $newStatus; + $artwork->EbookWwwFilesystemPath = $newEbookWwwFilesystemPath; + $artwork->Save(); $_SESSION['artwork'] = $artwork; @@ -172,15 +150,5 @@ catch(Exceptions\AppException $exception){ $_SESSION['exception'] = $exception; http_response_code(303); - - if($httpMethod == HTTP_PATCH && $artwork !== null){ - header('Location: ' . $artwork->Url); - } - else if($httpMethod == HTTP_PUT && $artwork !== null){ - header('Location: ' . $artwork->EditUrl); - } - else{ - header('Location: /artworks/new'); - } - + header('Location: ' . $exceptionRedirectUrl); } diff --git a/www/css/artwork.css b/www/css/artwork.css index 7233882f..6bd13b25 100644 --- a/www/css/artwork.css +++ b/www/css/artwork.css @@ -145,9 +145,13 @@ form.create-update-artwork fieldset p:first-of-type{ } form.create-update-artwork legend{ - font-size: 1.2rem; - font-weight: bold; - margin: 0.5rem 0; + font-size: 1.4rem; + font-family: "League Spartan", Arial, sans-serif; + margin-top: 2rem; + margin-bottom: 1rem; + line-height: 1.2; + letter-spacing: 1px; + text-transform: uppercase; } form.create-update-artwork label{ @@ -178,7 +182,8 @@ form div.footer{ } main h1 ~ a[href^="/images/cover-uploads"], -.artworks h1 ~ a[href^="/images/cover-uploads"]{ +.artworks h1 ~ a[href^="/images/cover-uploads"], +main section.narrow h1 + picture{ width: auto; line-height: 0; }