Add option to disable admin content protection

최고관리자의 글을 게시판 관리자가 수정/삭제하지 못하도록 하는 기능은 게시판을 위키 등 협업 용도로 사용하는 경우 불편을 유발할 수 있으므로 옵션으로 켜고 끌 수 있도록 합니다. 기본값은 수정/삭제 금지입니다.
2026-01-05 17:51:40 +09:00 · 2021-12-30 23:55:10 +09:00 · 2021-12-30 23:55:10 +09:00 · 3925c24487
commit 3925c24487
parent 9d6e54f2f6
9 changed files with 95 additions and 36 deletions
--- a/modules/board/board.admin.controller.php
+++ b/modules/board/board.admin.controller.php
@ -58,7 +58,9 @@ class boardAdminController extends board {
 		if($args->skip_bottom_list_for_robot != 'Y') $args->skip_bottom_list_for_robot = 'N';
 		if($args->use_anonymous != 'Y') $args->use_anonymous = 'N';
 		if($args->consultation != 'Y') $args->consultation = 'N';
-		if($args->protect_content!= 'Y') $args->protect_content = 'N';
+		if($args->protect_content != 'Y') $args->protect_content = 'N';
+		if($args->protect_admin_content_update != 'Y') $args->protect_admin_content_update = 'N';
+		if($args->protect_admin_content_delete != 'Y') $args->protect_admin_content_delete = 'N';
 		if(!in_array($args->order_target,$this->order_target) && !array_key_exists($args->order_target, $extra_order_target)) $args->order_target = 'list_order';
 		if(!in_array($args->order_type, array('asc', 'desc'))) $args->order_type = 'asc';
 		
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@ -127,10 +127,13 @@ class boardController extends board
 			}
 			
 			// Protect admin document
-			$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
-			if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+			if ($this->module_info->protect_admin_content_update !== 'N')
 			{
-				throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
+				$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
+				if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+				{
+					throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
+				}
 			}
 			
 			// if document status is temp
@ -327,6 +330,15 @@ class boardController extends board
 			}
 		}

+		if ($this->module_info->protect_admin_content_delete !== 'N' && $this->user->is_admin !== 'Y')
+		{
+			$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
+			if($member_info->is_admin === 'Y')
+			{
+				return new BaseObject(-1, 'document.msg_document_is_admin_not_permitted');
+			}
+		}
+
 		if($this->module_info->protect_document_regdate > 0 && $this->grant->manager == false)
 		{
 			if($oDocument->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
@ -473,10 +485,13 @@ class boardController extends board
 			}
 		}

-		$member_info = MemberModel::getMemberInfo($comment->member_srl);
-		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		if ($this->module_info->protect_admin_content_update !== 'N')
 		{
-			throw new Rhymix\Framework\Exception('msg_admin_comment_no_modify');
+			$member_info = MemberModel::getMemberInfo($comment->member_srl);
+			if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+			{
+				throw new Rhymix\Framework\Exception('msg_admin_comment_no_modify');
+			}
 		}

 		// INSERT if comment_srl does not exist.
@ -582,6 +597,15 @@ class boardController extends board
 			}
 		}
 		
+		if ($this->module_info->protect_admin_content_delete !== 'N' && $this->user->is_admin !== 'Y')
+		{
+			$member_info = MemberModel::getMemberInfo($comment->get('member_srl'));
+			if($member_info->is_admin === 'Y')
+			{
+				return new BaseObject(-1, 'comment.msg_admin_comment_no_delete');
+			}
+		}
+
 		if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
 		{
 			if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
--- a/modules/board/board.view.php
+++ b/modules/board/board.view.php
@ -863,10 +863,13 @@ class boardView extends board
 				}
 			}
 			
-			$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
-			if($member_info->is_admin == 'Y' && $this->user->is_admin != 'Y')
+			if ($this->module_info->protect_admin_content_update !== 'N')
 			{
-				throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
+				$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
+				if($member_info->is_admin == 'Y' && $this->user->is_admin != 'Y')
+				{
+					throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
+				}
 			}
 		}

@ -1003,6 +1006,15 @@ class boardView extends board
 			}
 		}

+		if ($this->module_info->protect_admin_content_delete !== 'N')
+		{
+			$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
+			if($member_info->is_admin == 'Y' && $this->user->is_admin != 'Y')
+			{
+				throw new Rhymix\Framework\Exception('document.msg_document_is_admin_not_permitted');
+			}
+		}
+
 		Context::set('oDocument',$oDocument);

 		/**
@ -1120,7 +1132,6 @@ class boardView extends board
 	 **/
 	function dispBoardModifyComment()
 	{
-		$logged_info = Context::get('logged_info');
 		// check grant
 		if(!$this->grant->write_comment)
 		{
@ -1170,12 +1181,16 @@ class boardView extends board
 			}
 		}

-		$member_info = MemberModel::getMemberInfo($oComment->member_srl);
-		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		$logged_info = Context::get('logged_info');
+		if ($this->module_info->protect_admin_content_update !== 'N' && $logged_info->is_admin !== 'Y' && $logged_info->member_srl !== $oComment->member_srl)
 		{
-			throw new Rhymix\Framework\Exception('msg_admin_comment_no_modify');
+			$member_info = MemberModel::getMemberInfo($oComment->member_srl);
+			if($member_info->is_admin === 'Y')
+			{
+				throw new Rhymix\Framework\Exception('msg_admin_comment_no_modify');
+			}
 		}
-
+		
 		// setup the comment variables on context
 		Context::set('oSourceComment', CommentModel::getComment());
 		Context::set('oComment', $oComment);
@ -1227,6 +1242,16 @@ class boardView extends board
 			}
 		}

+		$logged_info = Context::get('logged_info');
+		if ($this->module_info->protect_admin_content_delete !== 'N' && $logged_info->is_admin !== 'Y' && $logged_info->member_srl !== $oComment->member_srl)
+		{
+			$member_info = MemberModel::getMemberInfo($oComment->member_srl);
+			if($member_info->is_admin === 'Y')
+			{
+				throw new Rhymix\Framework\Exception('msg_admin_comment_no_delete');
+			}
+		}
+		
 		// if the comment is not existed, then back to the board content page
 		if(!$oComment->isExists() )
 		{
--- a/modules/board/lang/en.php
+++ b/modules/board/lang/en.php
@ -56,6 +56,7 @@ $lang->allow_no_category = 'Do not require category';
 $lang->about_allow_no_category = 'Allow users to write documents without selecting a category.';
 $lang->protect_content = 'Protect Content';
 $lang->protect_comment = 'Protect Comment';
+$lang->protect_admin_content = 'Protect Admin Content';
 $lang->protect_regdate = 'Update/Delete Time Limit';
 $lang->cancel_vote = 'Vote Cancellation';
 $lang->filter_specialchars = 'Block Abuse of Unicode Symbols';
@ -73,6 +74,7 @@ $lang->about_document_force_to_move = 'When a document is deleted, move to Trash
 $lang->about_non_login_vote = 'Allow users who are not logged in to vote on articles.';
 $lang->about_protect_regdate = 'Prevent updating or deleting a document or comment after a certain amount of time has passed. (Unit: day)';
 $lang->about_protect_content = 'Prevent updating a document if there are comments on it.';
+$lang->about_protect_admin_content = 'Prevent updating or deleting a document or comment written by the administrator, even by a user who is permitted to manage the board.';
 $lang->msg_protect_delete_content = 'You cannot delete a document with comments on it.';
 $lang->msg_protect_update_content = 'You cannot update a document with comments on it.';
 $lang->msg_admin_document_no_modify = 'You cannot edit the administrator\'s document.';
--- a/modules/board/lang/ko.php
+++ b/modules/board/lang/ko.php
@ -57,6 +57,7 @@ $lang->allow_no_category = '미분류 허용';
 $lang->about_allow_no_category = '분류를 선택하지 않은 글도 허용하려면 체크하세요.';
 $lang->protect_content = '글 보호 기능';
 $lang->protect_comment = '댓글 보호 기능';
+$lang->protect_admin_content = '최고관리자 보호 기능';
 $lang->protect_regdate = '기간 제한 기능';
 $lang->cancel_vote = '추천/비추천/신고 취소 허용';
 $lang->filter_specialchars = '유니코드 특수문자 오남용 금지';
@ -72,6 +73,7 @@ $lang->about_filter_specialchars = '가독성에 악영향을 주는 과도한
 $lang->about_non_login_vote = '로그인하지 않은 방문자도 추천할 수 있도록 합니다.';
 $lang->about_protect_regdate = '글이나 댓글을 작성한 후 일정 기간이 지나면 수정 또는 삭제할 수 없도록 합니다. (단위 : day)';
 $lang->about_protect_content = '댓글이 달린 글은 수정 또는 삭제할 수 없도록 합니다.';
+$lang->about_protect_admin_content = '최고관리자가 작성한 글이나 댓글은 게시판 관리 권한이 있는 회원이라도 수정 또는 삭제할 수 없도록 합니다.';
 $lang->msg_protect_delete_content = '댓글이 달린 글은 삭제할 수 없습니다.';
 $lang->msg_protect_update_content = '댓글이 달린 글은 수정할 수 없습니다.';
 $lang->msg_admin_document_no_modify = '최고관리자의 게시물을 수정할 권한이 없습니다.';
--- a/modules/board/tpl/board_insert.html
+++ b/modules/board/tpl/board_insert.html
@ -358,6 +358,14 @@
 				<p>{$lang->about_protect_comment}</p>
 			</div>
 		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->protect_admin_content}</label>
+			<div class="x_controls">
+				<label class="x_inline" for="protect_admin_content_delete"><input type="checkbox" name="protect_admin_content_delete" id="protect_admin_content_delete" value="Y" checked="checked"|cond="$module_info->protect_admin_content_delete !== 'N'" /> {$lang->cmd_delete}</label>
+				<label class="x_inline" for="protect_admin_content_update"><input type="checkbox" name="protect_admin_content_update" id="protect_admin_content_update" value="Y" checked="checked"|cond="$module_info->protect_admin_content_update !== 'N'" /> {$lang->cmd_modify}</label>
+				<p>{$lang->about_protect_admin_content}</p>
+			</div>
+		</div>
 		<div class="x_control-group">
 			<label class="x_control-label">{$lang->protect_regdate}</label>
 			<div class="x_controls">
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@ -1045,8 +1045,6 @@ class commentController extends comment
 	 */
 	function deleteComment($comment_srl, $is_admin = FALSE, $isMoveToTrash = FALSE, $childs = null)
 	{
-		$logged_info = Context::get('logged_info');
-
 		// check if comment already exists
 		$comment = CommentModel::getComment($comment_srl);
 		if(!$comment->isExists())
@ -1058,8 +1056,10 @@ class commentController extends comment
 			return new BaseObject(-1, 'msg_not_permitted');
 		}

-		$member_info = MemberModel::getMemberInfo($comment->member_srl);
-		$document_srl = $comment->document_srl;
+		$logged_info = Context::get('logged_info');
+		$member_info = MemberModel::getMemberInfo($comment->get('member_srl'));
+		$module_info = ModuleModel::getModuleInfo($comment->get('module_srl'));
+		$document_srl = $comment->get('document_srl');

 		// call a trigger (before)
 		$comment->isMoveToTrash = $isMoveToTrash ? true : false;
@ -1080,7 +1080,6 @@ class commentController extends comment
 			$deleteAdminComment = TRUE;
 			if(!$is_admin)
 			{
-				$logged_info = Context::get('logged_info');
 				foreach($childs as $val)
 				{
 					if($val->member_srl != $logged_info->member_srl)
@ -1092,14 +1091,16 @@ class commentController extends comment
 			}
 			else if($is_admin)
 			{
-				$logged_info = Context::get('logged_info');
 				foreach($childs as $val)
 				{
-					$c_member_info = MemberModel::getMemberInfoByMemberSrl($val->member_srl);
-					if($c_member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+					if ($module_info->protect_admin_content_delete !== 'N' && $logged_info->is_admin !== 'Y')
 					{
-						$deleteAdminComment = FALSE;
-						break;
+						$c_member_info = MemberModel::getMemberInfoByMemberSrl($val->member_srl);
+						if($c_member_info->is_admin == 'Y')
+						{
+							$deleteAdminComment = FALSE;
+							break;
+						}
 					}
 				}
 			}
@ -1125,10 +1126,6 @@ class commentController extends comment
 			}
 		}

-		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
-		{
-			return new BaseObject(-1, 'msg_admin_comment_no_delete');
-		}
 		// begin transaction
 		$oDB = DB::getInstance();
 		$oDB->begin();
@ -1208,7 +1205,11 @@ class commentController extends comment
 		{
 			return new BaseObject(-1, 'msg_not_permitted');
 		}
-		if($this->user->is_admin !== 'Y')
+		
+		$logged_info = Context::get('logged_info');
+		$module_info = ModuleModel::getModuleInfo($oComment->get('module_srl'));
+		
+		if ($module_info->protect_admin_content_delete !== 'N' && $logged_info->is_admin !== 'Y')
 		{
 			$member_info = MemberModel::getMemberInfo($oComment->get('member_srl'));
 			if($member_info->is_admin === 'Y')
--- a/modules/comment/comment.model.php
+++ b/modules/comment/comment.model.php
@ -137,7 +137,7 @@ class commentModel extends comment
 	/**
 	 * Returns the number of child comments
 	 * @param int $comment_srl
-	 * @return int
+	 * @return array
 	 */
 	public static function getChildComments($comment_srl)
 	{
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@ -1107,11 +1107,6 @@ class documentController extends document
 		{
 			return new BaseObject(-1, 'msg_not_permitted');
 		}
-		$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
-		if($member_info->is_admin === 'Y' && $this->user->is_admin !== 'Y')
-		{
-			return new BaseObject(-1, 'msg_document_is_admin_not_permitted');
-		}

 		//if empty trash, document already deleted, therefore document not delete
 		$args = new stdClass();