코드 정리, 세션 없어서 전송받은 srl참고 할 때 권한 확인

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@6540 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-05-05 01:52:17 +09:00 · 2009-06-14 11:17:19 +00:00 · 2009-06-14 11:17:19 +00:00 · 4ac4a8cd21
commit 4ac4a8cd21
parent 1a6c988db1
4 changed files with 268 additions and 241 deletions
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@ -1596,6 +1596,5 @@
            $this->setError(-1);
            $this->setMessage('success_updated');
        }
-
    }
 ?>
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@ -28,8 +28,11 @@
            // upload_target_srl 구함
            $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
            if(!$upload_target_srl) {
+                $oFileModel = &getModel('file');
+                if($oFileModel->getIsPermitted(Context::get('uploadTargetSrl'))) {
                    $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
                }
+            }
            if(!$upload_target_srl) {
                $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
            }
@ -57,8 +60,11 @@
            // upload_target_srl 구함
            $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
            if(!$upload_target_srl) {
+                $oFileModel = &getModel('file');
+                if($oFileModel->getIsPermitted(Context::get('uploadTargetSrl'))) {
                    $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
                }
+            }
            if(!$upload_target_srl) {
                $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
            }
--- a/modules/file/file.model.php
+++ b/modules/file/file.model.php
@ -217,6 +217,28 @@
         **/
        function getIsPermitted($checking_target) {
            Context::set("getIsPermitted", '');
+
+            // 문서가 있는지 확인
+            $oDocumentModel = &getModel('document');
+            $oDocument = $oDocumentModel->getDocument($checking_target);
+            if($oDocument->isExists() && $oDocument->document_srl == $document_srl) {
+                if($oDocument->isGranted()) {
+                    Context::set("getIsPermitted", $checking_target);
+                    return $checking_target;
+                }
+            }
+
+            // 댓글이 있는지 확인
+            $oCommentModel = &getModel('comment');
+            $oComment = $oCommentModel->getComment($checking_target);
+            if($comment->comment_srl == $comment_srl) {
+                if($oComment->isGranted()) {
+                    Context::set("getIsPermitted", $checking_target);
+                    return $checking_target;
+                }
+            }
+
+            // 그 외 모듈에 있는지 확인 (eg. 자동저장 문서)
            $obj->uploadTargetSrl = $checking_target;
            $output = ModuleHandler::triggerCall('file.getIsPermitted', 'before', $obj);
            return Context::get("getIsPermitted");