Check the member authority to write document code by CMD.

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10807 201d5d3c-b55e-5fd7-737f-ddc643e51545

modules/document/document.controller.php

@@ -1940,6 +1940,13 @@ class documentController extends document {
 
 		$module_info = Context::get('module_info');
 		$logged_info = Context::get('logged_info');
+
+		// Check whether the member can write document on the mid or vid. (2012-06-30 by CMD)
+		$oModuleModel = &getModel('module');
+		$module_info = $oModuleModel->getModuleInfoByMid(Context::get('mid'));
+		$module_grant = $oModuleModel->getGrant($module_info, $logged_info->member_srl);
+		if(!$module_grant->write_document) return new Object(-1, 'msg_not_permitted');
+
 		// Get form information
 		$obj = Context::getRequestVars();
 		// Change the target module to log-in information
@@ -1958,6 +1965,8 @@ class documentController extends document {
 		$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
 		// Update if already exists
 		if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl) {
+			// Check whether the member can modify. (2012-06-30 by CMD)
+			if(!$oDocument->isGranted()) return new Object(-1,'msg_not_permitted');
 			//if exist document status is already public, use temp status can point problem
 			$obj->status = $oDocument->get('status');
 			$output = $oDocumentController->updateDocument($oDocument, $obj);