diff --git a/app/Http/Controllers/SiteController.php b/app/Http/Controllers/SiteController.php index 6bdd62e..66c7f11 100644 --- a/app/Http/Controllers/SiteController.php +++ b/app/Http/Controllers/SiteController.php @@ -302,47 +302,92 @@ class SiteController extends Controller { } public function newPost(Request $request) { // /api/rpc/site/post/new - $pubdate = 0; + $check = $this->objAuth->checkLegit($request->username, $request->password); - if ($request->public_status == 1) { - if ($request->publish_date <= time()) { - return \Response::json(array('error' => 'Publish date can\'t be older than post date.')); + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['blg_addpost'] == 1) { + $pubdate = 0; + + if ($request->public_status == 1) { + if ($request->publish_date <= time()) { + return \Response::json(array('error' => '投稿日より公開日の方がもっと古いだと不許可です。')); + } + else { + $pubdate = $request->publish_date; + } + } + else { + $pubdate = time(); + } + + $add = DB::table('blg_content') + ->insert([ + 'user_id' => $check, + 'isPost' => 1, + 'title' => $request->title, + 'slug' => $request->slug, + 'post_date' => time(), + 'publish_date' => $pubdate, + 'sortorder' => 0, + 'public_status' => $request->public_status, + 'isMenu' => 0, + 'message' => $request->message + ]); + + return \Response::json($add); + } + else { + return \Response::json(array('error' => '不許可。')); } } - - if ($request->public_status == 1) $pubdate = $request->publish_date; - else $pubdate = time(); - - $add = DB::table('blg_content') - ->insert([ - 'user_id' => $request->user_id, - 'isPost' => 1, - 'title' => $request->title, - 'slug' => $request->slug, - 'post_date' => time(), - 'publish_date' => $pubdate, - 'sortorder' => 0, - 'public_status' => $request->public_status, - 'isMenu' => 0, - 'message' => $request->message - ]); - - return \Response::json($add); } public function editPost(Request $request) { // /api/rpc/site/post/edit - return DB::table('blg_content') - ->where('id', $request->id) - ->update([ - 'title' => $request->title, - 'slug' => $request->slug, - 'public_status' => $request->public_status, - 'message' => $request->message - ]); + $check = $this->objAuth->checkLegit($request->username, $request->password); + + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['blg_editpost'] == 1) { + return DB::table('blg_content') + ->where('id', $request->id) + ->update([ + 'title' => $request->title, + 'slug' => $request->slug, + 'public_status' => $request->public_status, + 'message' => $request->message + ]); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } public function deletePost(Request $request) { // /api/rpc/site/post/delete - return DB::table('blg_content')->where('id', $request->id)->delete(); + $check = $this->objAuth->checkLegit($request->username, $request->password); + + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['blg_delpost'] == 1) { + return DB::table('blg_content')->where('id', $request->id)->delete(); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } // Comments