10378 Posts in 2194 Topics by 1710 members
|Go to End||Next >|
25 August 2009 at 7:27am Last edited: 25 August 2009 7:27am
Revision 74 of Event Calendar introduces a new UI feature:
This is an AJAX-based counterpart to CalendarWidget that is event-aware and will mark dates that have events. Further, because it is AJAX based and not generated completely client side, it adheres to MVC, making it easy to extend and customize. To change the look and feel, simply create your own LiveCalendarWidget.ss in your mysite/templates directory, or simply create an extension to LiveCalendarWidget.css for simpler modifications.
This revision has also deploys some handy new functions through a new SiteTree decorator, making calendars easier to syndicate with much less coding.
On any page, you can now use:
<% control UpcomingEvents(count,calendar-url-segment) %>
<% control RecentEvents(count,calendar-url-segment) %>
Note that if no url segment is given, the controller will assume there is only one Calendar in the site tree and get an instance of it. In other words, unless you have multiple calendars on your web site, you can use $CalendarWidget, <% control UpcomingEvents %>, etc.
Also note that "count" defaults to 5.
Lastly, a date string can be given to $CalendarWidget and $LiveCalendarWidget to override the default start date, for example:
26 August 2009 at 10:48am
Hi UncleCheese and thanks so much for developing this awesome module.
I've set it up and all looks good, except for when I add a new Calendar Event.
I can set the name etc on the Event but when I select the dates tab and want to add a new date, the date picker doesn't show up and I can't type into the box :-/
I've tried this in FF 3.5, Chrome and IE7
29 August 2009 at 3:57am
UncleCheese, I'll just re-post the two question from the other thread.
1) Isn't it bad to specify the ClassName in the URL for LiveCalendarWidget_Controller? Imagine I have a secret class that happens to have "Events" to it. LiveCalendarWidget_Controller would allow to get hold of this.
2) Would it not be better if Events(), by default, returns all events that have their EndDate after the selected start date, instead of their StartDate?
Great module either way!
What I mean with (2) is a problem in the current version: Imagine I have an event starting Aug. 31st and ending Sep. 6th -- I think this event should show up on the Sep. summary page.
29 August 2009 at 4:44am
I'm not too sure what you mean by the first question. You'll have to give me a better example.
For your second question, there are three criteria for finding an event within a date range:
(StartDate <= '$start' AND EndDate >= '$end') OR
(StartDate BETWEEN '$start' AND '$end') OR
(EndDate BETWEEN '$start' AND '$end')
So I would think your event would catch the third filter, having an end date between Sept 1 and Sept 30.
29 August 2009 at 5:08am Last edited: 29 August 2009 5:08am
The first question is about the LiveCalendarWidget_Controller using the class name which it receives from the URL. That means that a visitor can put whatever they want there, even class names they are not supposed to see. And if the class they request (illegitimately) happens to be of the right structure, they could view possibly sensitive data.
For the second question, it seems that this part is missing for announcements. I should have checked that
29 August 2009 at 5:37am
In Silverstripe, you're always able to call a controller from the URL, as far as I know. It's better practice to declare a $url_segment variable in your controller to make this a little more secure, though. If you use the $allowed_actions array, you can limit which functions can be run from the URL, as well, so it's pretty secure.
Just checked in that change to give Announcements the same criteria. Want to test it?
29 August 2009 at 5:58am
That's not what I meant: Of course, everyone can call (using default director rules) MySecretPage_Controller. But I can make sure that this one is not exposing data. But you are passing the $CalendarClass, and I'm uncomfortable with that.
Consider I'm having a DataObjectDecorator for the Member class which adds personal Events() to each member. Using the
URL, I could easily get access to the Administrators' events. If I'm not overlooking any security measures.
And thanks for the quick fix, it all works as expected now.
29 August 2009 at 6:18am
Is this the wrong thread to post problems with the module?
|Go to Top||Next >|