From fdec196a4369dcfba6e94f5e4a02f9b30fa79e3d Mon Sep 17 00:00:00 2001
From: Tyler Lemburg <lemburg@unl.edu>
Date: Thu, 23 Mar 2017 16:42:37 -0500
Subject: [PATCH] Added private lockup feature

Previously, all lockups were being pushed to the lockup library
for consumption by anyone with a UNL account. Now, lockup creators
can choose to keep their created lockups private, such that only they
can access them and download the files.
---
 db/2017-03-23-add-lockup-published.sql |  2 +
 src/Controllers/LockupsController.php  | 69 +++++++++++++++++++++++++-
 src/Models/Lockup.php                  | 12 +++++
 src/Views/manage_lockups.php           | 14 +++++-
 src/Views/preview_lockup.php           |  5 +-
 5 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 db/2017-03-23-add-lockup-published.sql

diff --git a/db/2017-03-23-add-lockup-published.sql b/db/2017-03-23-add-lockup-published.sql
new file mode 100644
index 00000000..3ca52d16
--- /dev/null
+++ b/db/2017-03-23-add-lockup-published.sql
@@ -0,0 +1,2 @@
+ALTER TABLE lockups ADD COLUMN `published` tinyint(1) DEFAULT '1';
+UPDATE lockups SET published = 1 WHERE status = "generated";
\ No newline at end of file
diff --git a/src/Controllers/LockupsController.php b/src/Controllers/LockupsController.php
index 722bc298..fed6b8f7 100644
--- a/src/Controllers/LockupsController.php
+++ b/src/Controllers/LockupsController.php
@@ -144,6 +144,8 @@ class LockupsController extends Controller {
 			\Core::redirect('/lockups/create/');
 		}
 
+		echo $model->date_created;
+
 		$model->save();
 		\Core::redirect($model->getPreviewURL());
 	}
@@ -539,6 +541,13 @@ UNL Lockup Factory';
 		$lockup_model->status = Lockup::GENERATED;
 		$lockup_model->creative_status = Lockup::GENERATED;
 		$lockup_model->version = self::LOCKUP_VERSION;
+
+		if (array_key_exists('publish_lockup', $post_params) && $post_params['publish_lockup'] == 'on') {
+			$lockup_model->published = TRUE;
+		} else {
+			$lockup_model->published = FALSE;
+		}
+
 		$lockup_model->save();
 
 		\Core::redirect($lockup_model->getDownloadURL());
@@ -587,6 +596,10 @@ UNL Lockup Factory';
 			\Core::notFound('That lockup could not be found.');
 		}
 
+		if ($lockup->published == FALSE && $lockup->user_id != \Auth::$current_user->id) {
+			\Core::notFound('That lockup is private.');
+		}
+
 		$context = new \stdClass;
 		$context->lockup = $lockup;
 
@@ -722,12 +735,66 @@ UNL Lockup Factory';
 		\Core::redirect('/lockups/manage/');
 	}
 
+	public static function postPublishAction($post_params) {
+		self::requireAuth();
+
+		if (empty($post_params['id'])) {
+			\Core::notFound();
+		}
+
+		$id = $post_params['id'];
+		try {
+			$lockup_model = Lockup::find($id);
+		} catch (\ActiveRecord\RecordNotFound $e) {
+			\Core::notFound('That lockup could not be found.');
+		}
+
+		# the user must have submitted the lockup or be an admin to publish
+		if ($lockup_model->user_id != \Auth::$current_user->id && !(\Auth::$current_user->isAdmin())) {
+			self::flashNotice(parent::NOTICE_LEVEL_ERROR, 'Unauthorized', 'Sorry, you are not allowed to publish that lockup.');
+			\Core::redirect('/lockups/manage/');
+		}
+
+		$lockup_model->published = TRUE;
+		$lockup_model->save();
+
+		self::flashNotice(parent::NOTICE_LEVEL_SUCCESS, 'Lockup Published', 'Your lockup ' . $lockup_model->getName() . ' has been published to the Lockup Library.');
+		\Core::redirect('/lockups/manage/');
+	}
+
+	public static function postUnpublishAction($post_params) {
+		self::requireAuth();
+
+		if (empty($post_params['id'])) {
+			\Core::notFound();
+		}
+
+		$id = $post_params['id'];
+		try {
+			$lockup_model = Lockup::find($id);
+		} catch (\ActiveRecord\RecordNotFound $e) {
+			\Core::notFound('That lockup could not be found.');
+		}
+
+		# the user must have submitted the lockup or be an admin to publish
+		if ($lockup_model->user_id != \Auth::$current_user->id && !(\Auth::$current_user->isAdmin())) {
+			self::flashNotice(parent::NOTICE_LEVEL_ERROR, 'Unauthorized', 'Sorry, you are not allowed to unpublish that lockup.');
+			\Core::redirect('/lockups/manage/');
+		}
+
+		$lockup_model->published = FALSE;
+		$lockup_model->save();
+
+		self::flashNotice(parent::NOTICE_LEVEL_SUCCESS, 'Lockup Unpublished', 'Your lockup ' . $lockup_model->getName() . ' has been removed from the Lockup Library.');
+		\Core::redirect('/lockups/manage/');
+	}
+
 	public static function libraryAction($get_params) {
 		self::requireAuth();
 		\Core::$breadcrumbs[] = array('text' => 'Lockup Library');
 		$context = new \stdClass;
 
-		$all_options = array('conditions' => array('status' => Lockup::GENERATED), 'include' => array('user', 'approver'));
+		$all_options = array('conditions' => array('status' => Lockup::GENERATED, 'published' => TRUE), 'include' => array('user', 'approver'));
 
 		$search_term = array_key_exists('search_term', $get_params) ? $get_params['search_term'] : NULL;
 		$search_sql_string = '(organization LIKE ? OR subject LIKE ? OR organization_second_line LIKE ? OR subject_second_line LIKE ? OR 
diff --git a/src/Models/Lockup.php b/src/Models/Lockup.php
index 99c3b6a2..ba99fe4e 100644
--- a/src/Models/Lockup.php
+++ b/src/Models/Lockup.php
@@ -38,6 +38,14 @@ class Lockup extends \ActiveRecord\Model {
 		return '/lockups/download/id/' . $this->id . '/';
 	}
 
+	public function getPublishURL() {
+		return '/lockups/publish/';
+	}
+
+	public function getUnpublishURL() {
+		return '/lockups/unpublish/';
+	}
+
 	public function getDeleteURL() {
 		return '/lockups/delete/';
 	}
@@ -120,6 +128,10 @@ class Lockup extends \ActiveRecord\Model {
 		return $this->status == self::GENERATED;
 	}
 
+	public function isPublished() {
+		return $this->published;
+	}
+
 	public function isEditable() {
 		return !$this->isGenerated();
 	}
diff --git a/src/Views/manage_lockups.php b/src/Views/manage_lockups.php
index 70568cd1..a7ee4da4 100644
--- a/src/Views/manage_lockups.php
+++ b/src/Views/manage_lockups.php
@@ -67,10 +67,22 @@ WDN.loadCSS(WDN.getTemplateFilePath('css/modules/pagination.css'));
                     <td><?php echo $lockup->getApproverName(); ?></td>
                     <td><?php echo $lockup->getFullStatusText(); ?></td>
                     <td><?php echo $lockup->version; ?></td>
-                    <td class="table-actions right" style="min-width: 200px;">
+                    <td class="table-actions right" style="min-width: 250px;">
                         <?php if ($lockup->isEditable()): ?>
                             <a class="wdn-button wdn-button-triad" href="<?php echo $lockup->getEditURL(); ?>">Edit</a>
                         <?php endif; ?>
+                        <?php if ($lockup->isGenerated() && $lockup->isPublished()): ?>
+                        <form action="<?php echo $lockup->getUnpublishURL(); ?>" method="POST" class="delete-form">
+                            <button type="submit" class="wdn-button">Unpublish</button>
+                            <input type="hidden" name="id" value="<?php echo $lockup->id ?>">
+                        </form>
+                        <?php endif; ?>
+                        <?php if ($lockup->isGenerated() && !$lockup->isPublished()): ?>
+                        <form action="<?php echo $lockup->getPublishURL(); ?>" method="POST" class="delete-form">
+                            <button type="submit" class="wdn-button wdn-button-complement">Publish</button>
+                            <input type="hidden" name="id" value="<?php echo $lockup->id ?>">
+                        </form>
+                        <?php endif; ?>
                         <form action="<?php echo $lockup->getDeleteURL(); ?>" method="POST" class="delete-form">
                             <button type="submit" class="wdn-button wdn-button-brand">Delete</button>
                             <input type="hidden" name="id" value="<?php echo $lockup->id ?>">
diff --git a/src/Views/preview_lockup.php b/src/Views/preview_lockup.php
index 87935a1f..e2b06dc9 100644
--- a/src/Views/preview_lockup.php
+++ b/src/Views/preview_lockup.php
@@ -67,10 +67,11 @@
 					<div><a class="wdn-button wdn-button-triad" href="<?php echo $context->lockup->getEditURL(); ?>">Edit Lockup</a></div><br>
 				<?php endif; ?>
 				<?php if ($context->lockup->isFullyApproved() && ($context->lockup->user_id == \Auth::$current_user->id || \Auth::$current_user->isAdmin())): ?>
-				<form method="POST" action="/lockups/generate/" id="generate" class="wdn-center">
+				<form method="POST" action="/lockups/generate/" id="generate" class="wdn-center" style="background-color: #DDDDDD">
 					<div><label>You have permission to generate this lockup. Click "Generate Files" below to begin.</label></div>
 					<input type="text" class="hidden" value="<?php echo $context->lockup->id ?>" name="id">
-					<button type="submit" class="wdn-button wdn-button-complement" id="submit-generate">Generate Files</button>
+					<button type="submit" class="wdn-button wdn-button-complement" id="submit-generate">Generate Files</button><br>
+					<input type="checkbox" checked="checked" id="publish-lockup" name="publish-lockup"><label for="publish-lockup">Publish lockup for all UNL users?</label>
 					<div style="display: none;" id="going-message">
 						<img src="/images/spinner.svg" style="height: 16px;">
 						<label style="font-style: italic;">And off we go! This will take a little while. Please be patient, we'll redirect you when this is complete.</label>
-- 
GitLab