From 1be734edc123cd71d85c978ebdfa92069f3029a7 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 25 Mar 2025 19:46:50 +0900
Subject: [PATCH] Clean up procBoardRevertDocument #2515

---
 modules/board/board.controller.php | 39 ++++++++++++++++++------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php
index 830a70f85..e8bc4aec4 100644
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@@ -290,30 +290,30 @@ class BoardController extends Board
 	public function procBoardRevertDocument()
 	{
 		$update_id = Context::get('update_id');
-		$logged_info = Context::get('logged_info');
-		if(!$update_id)
+		if (!$update_id)
 		{
 			throw new Rhymix\Framework\Exception('msg_no_update_id');
 		}
 
-		$oDocumentController = DocumentController::getInstance();
 		$update_log = DocumentModel::getUpdateLog($update_id);
-
-		if($logged_info->is_admin != 'Y')
-		{
-			$Exists_log = DocumentModel::getUpdateLogAdminisExists($update_log->document_srl);
-			if($Exists_log === true)
-			{
-				throw new Rhymix\Framework\Exception('msg_admin_update_log');
-			}
-		}
-
-		if(!$update_log)
+		if (!$update_log)
 		{
 			throw new Rhymix\Framework\Exception('msg_no_update_log');
 		}
 
 		$oDocument = DocumentModel::getDocument($update_log->document_srl);
+		if (!$oDocument->isGranted())
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted();
+		}
+		if (!$this->user->isAdmin())
+		{
+			if (DocumentModel::getUpdateLogAdminisExists($update_log->document_srl))
+			{
+				throw new Rhymix\Framework\Exception('msg_admin_update_log');
+			}
+		}
+
 		$obj = new stdClass();
 		$obj->title = $update_log->title;
 		$obj->document_srl = $update_log->document_srl;
@@ -322,10 +322,19 @@ class BoardController extends Board
 		$obj->content = $update_log->content;
 		$obj->update_log_setting = 'Y';
 		$obj->reason_update = lang('board.revert_reason_update');
+		$oDocumentController = DocumentController::getInstance();
 		$output = $oDocumentController->updateDocument($oDocument, $obj);
-		$this->setRedirectUrl(getNotEncodedUrl('', 'mid', Context::get('mid'),'act', '', 'document_srl', $update_log->document_srl));
+		if (!$output->toBool())
+		{
+			return $output;
+		}
+
 		$this->add('mid', Context::get('mid'));
 		$this->add('document_srl', $update_log->document_srl);
+		$this->setRedirectUrl(getNotEncodedUrl([
+			'mid' => Context::get('mid'),
+			'document_srl' => $update_log->document_srl,
+		]));
 	}
 
 	/**