From 0dd567bc00084a528db7ea5e22c24afd97a4485f Mon Sep 17 00:00:00 2001
From: conory <conorycom@gmail.com>
Date: Thu, 4 Aug 2022 11:06:23 +0900
Subject: [PATCH] Add an option to check the permissions of modules linked to
 documents or comments

---
 modules/comment/comment.item.php   | 11 ++++++++++-
 modules/document/document.item.php | 11 ++++++++++-
 modules/document/document.view.php |  2 +-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php
index 80d01e9e9..101f04be8 100644
--- a/modules/comment/comment.item.php
+++ b/modules/comment/comment.item.php
@@ -188,13 +188,22 @@ class commentItem extends BaseObject
 		}
 	}
 
-	function isAccessible()
+	function isAccessible($strict = false)
 	{
 		if(!$this->isExists())
 		{
 			return false;
 		}
 		
+		if ($strict)
+		{
+			$grant = ModuleModel::getGrant(ModuleModel::getModuleInfoByModuleSrl($this->get('module_srl')), Context::get('logged_info'));
+			if (isset($grant->list) && isset($grant->view) && ($grant->list !== true || $grant->view !== true))
+			{
+				return false;
+			}
+		}
+		
 		if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update'))
 		{
 			return true;
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 837a06e38..33a94f5cf 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -237,13 +237,22 @@ class documentItem extends BaseObject
 		$this->setGrant();
 	}
 	
-	function isAccessible()
+	function isAccessible($strict = false)
 	{
 		if(!$this->isExists())
 		{
 			return false;
 		}
 		
+		if ($strict)
+		{
+			$grant = ModuleModel::getGrant(ModuleModel::getModuleInfoByModuleSrl($this->get('module_srl')), Context::get('logged_info'));
+			if (isset($grant->list) && isset($grant->view) && ($grant->list !== true || $grant->view !== true))
+			{
+				return false;
+			}
+		}
+		
 		if (isset($_SESSION['accessible'][$this->document_srl]) && $_SESSION['accessible'][$this->document_srl] === $this->get('last_update'))
 		{
 			return true;
diff --git a/modules/document/document.view.php b/modules/document/document.view.php
index c2c32b1bc..0d9af378b 100644
--- a/modules/document/document.view.php
+++ b/modules/document/document.view.php
@@ -32,7 +32,7 @@ class documentView extends document
 		$oDocument = DocumentModel::getDocument($document_srl);
 		if(!$oDocument->isExists()) throw new Rhymix\Framework\Exceptions\TargetNotFound;
 		// Check permissions
-		if(!$oDocument->isAccessible()) throw new Rhymix\Framework\Exceptions\NotPermitted;
+		if(!$oDocument->isAccessible(true)) throw new Rhymix\Framework\Exceptions\NotPermitted;
 		// Information setting module
 		//Context::set('module_info', $module_info);	//module_info not use in UI
 		// Browser title settings