mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-18 01:42:14 +09:00
Merge #1311 일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어. by qw5414
* pr/1311: 관리자 식별을 확실하게 할 수 있도록 개선 일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어.
This commit is contained in:
Kijin Sung
commit
5dc39d2e22
8 changed files with 115 additions and 2 deletions
|
|
@ -67,6 +67,13 @@ class boardController extends board
|
|||
$is_update = true;
|
||||
}
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_document_no_modify');
|
||||
}
|
||||
|
||||
// if use anonymous is true
|
||||
if($this->module_info->use_anonymous == 'Y')
|
||||
{
|
||||
|
|
@ -289,6 +296,14 @@ class boardController extends board
|
|||
$comment = $oCommentModel->getComment($obj->comment_srl, $this->grant->manager);
|
||||
}
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($comment->member_srl);
|
||||
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_comment_no_modify');
|
||||
}
|
||||
|
||||
// if comment_srl is not existed, then insert the comment
|
||||
if($comment->comment_srl != $obj->comment_srl)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -643,6 +643,7 @@ class boardView extends board
|
|||
}
|
||||
|
||||
$oDocumentModel = getModel('document');
|
||||
$logged_info = Context::get('logged_info');
|
||||
|
||||
/**
|
||||
* check if the category option is enabled not not
|
||||
|
|
@ -652,7 +653,6 @@ class boardView extends board
|
|||
// get the user group information
|
||||
if(Context::get('is_logged'))
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
$group_srls = array_keys($logged_info->group_list);
|
||||
}
|
||||
else
|
||||
|
|
@ -686,6 +686,9 @@ class boardView extends board
|
|||
$oDocument = $oDocumentModel->getDocument(0, $this->grant->manager);
|
||||
$oDocument->setDocument($document_srl);
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
|
||||
if($oDocument->get('module_srl') == $oDocument->get('member_srl')) $savedDoc = TRUE;
|
||||
$oDocument->add('module_srl', $this->module_srl);
|
||||
|
||||
|
|
@ -693,6 +696,10 @@ class boardView extends board
|
|||
{
|
||||
return new Object(-1, 'msg_protect_content');
|
||||
}
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_document_no_modify');
|
||||
}
|
||||
|
||||
// if the document is not granted, then back to the password input form
|
||||
$oModuleModel = getModel('module');
|
||||
|
|
@ -925,6 +932,7 @@ class boardView extends board
|
|||
**/
|
||||
function dispBoardModifyComment()
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
// check grant
|
||||
if(!$this->grant->write_comment)
|
||||
{
|
||||
|
|
@ -945,6 +953,14 @@ class boardView extends board
|
|||
$oCommentModel = getModel('comment');
|
||||
$oComment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->member_srl);
|
||||
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_comment_no_modify');
|
||||
}
|
||||
|
||||
// if the comment is not exited, alert an error message
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
|
|
|
|||
|
|
@ -375,4 +375,10 @@
|
|||
<value xml:lang="en"><![CDATA[You cannot modify or delete document which has any comment on it.]]></value>
|
||||
<value xml:lang="jp"><![CDATA[コメントが登録された書き込みは修正、または削除が禁止されています。]]></value>
|
||||
</item>
|
||||
<item name="msg_admin_document_no_modify">
|
||||
<value xml:lang="ko"><![CDATA[최고관리자의 게시물을 수정할 권한이 없습니다.]]></value>
|
||||
</item>
|
||||
<item name="msg_admin_comment_no_modify">
|
||||
<value xml:lang="ko"><![CDATA[최고관리자의 댓글을 수정할 권한이 없습니다.]]></value>
|
||||
</item>
|
||||
</lang>
|
||||
|
|
|
|||
|
|
@ -789,6 +789,8 @@ class commentController extends comment
|
|||
// create the comment model object
|
||||
$oCommentModel = getModel('comment');
|
||||
|
||||
$logged_info = Context::get('logged_info');
|
||||
|
||||
// check if comment already exists
|
||||
$comment = $oCommentModel->getComment($comment_srl);
|
||||
if($comment->comment_srl != $comment_srl)
|
||||
|
|
@ -796,6 +798,9 @@ class commentController extends comment
|
|||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($comment->member_srl);
|
||||
|
||||
$document_srl = $comment->document_srl;
|
||||
|
||||
// call a trigger (before)
|
||||
|
|
@ -816,6 +821,7 @@ class commentController extends comment
|
|||
if(count($childs) > 0)
|
||||
{
|
||||
$deleteAllComment = TRUE;
|
||||
$deleteAdminComment = TRUE;
|
||||
if(!$is_admin)
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
|
|
@ -828,11 +834,28 @@ class commentController extends comment
|
|||
}
|
||||
}
|
||||
}
|
||||
else if($is_admin)
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
foreach($childs as $val)
|
||||
{
|
||||
$c_member_info = $oMemberModel->getMemberInfoByMemberSrl($val->member_srl);
|
||||
if($c_member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
$deleteAdminComment = FALSE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!$deleteAllComment)
|
||||
{
|
||||
return new Object(-1, 'fail_to_delete_have_children');
|
||||
}
|
||||
elseif(!$deleteAdminComment)
|
||||
{
|
||||
return new Object(-1, 'msg_admin_c_comment_no_delete');
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach($childs as $val)
|
||||
|
|
@ -846,6 +869,10 @@ class commentController extends comment
|
|||
}
|
||||
}
|
||||
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_comment_no_delete');
|
||||
}
|
||||
// begin transaction
|
||||
$oDB = DB::getInstance();
|
||||
$oDB->begin();
|
||||
|
|
|
|||
|
|
@ -312,4 +312,10 @@
|
|||
<value xml:lang="en"><![CDATA[There are no selected comment.]]></value>
|
||||
<value xml:lang="jp"><![CDATA[選択したコメントがありません。]]></value>
|
||||
</item>
|
||||
<item name="msg_admin_comment_no_delete">
|
||||
<value xml:lang="ko"><![CDATA[최고관리자의 댓글을 삭제 할 수 없습니다.]]></value>
|
||||
</item>
|
||||
<item name="msg_admin_c_comment_no_delete">
|
||||
<value xml:lang="ko"><![CDATA[이 댓글에 최고관리자의 댓글이 있어 삭제할 수 없습니다.]]></value>
|
||||
</item>
|
||||
</lang>
|
||||
|
|
@ -79,6 +79,13 @@ class documentAdminController extends document
|
|||
$oDocument = $oDocumentModel->getDocument($document_srl);
|
||||
if(!$oDocument->isExists()) continue;
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$logged_info = Context::get('logged_info');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object();
|
||||
}
|
||||
$source_category_srl = $oDocument->get('category_srl');
|
||||
|
||||
unset($obj);
|
||||
|
|
@ -727,13 +734,21 @@ class documentAdminController extends document
|
|||
*/
|
||||
function procDocumentAdminMoveToTrash()
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
$document_srl = Context::get('document_srl');
|
||||
|
||||
$oDocumentModel = getModel('document');
|
||||
$oDocumentController = getController('document');
|
||||
$oDocument = $oDocumentModel->getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isGranted()) return $this->stop('msg_not_permitted');
|
||||
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_document_no_move_to_trash');
|
||||
}
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$module_info = $oModuleModel->getModuleInfoByDocumentSrl($document_srl);
|
||||
|
||||
|
|
|
|||
|
|
@ -366,6 +366,8 @@ class documentController extends document
|
|||
}
|
||||
|
||||
if(!$source_obj->document_srl || !$obj->document_srl) return new Object(-1,'msg_invalied_request');
|
||||
|
||||
|
||||
if(!$obj->status && $obj->is_secret == 'Y') $obj->status = 'SECRET';
|
||||
if(!$obj->status) $obj->status = 'PUBLIC';
|
||||
|
||||
|
|
@ -617,6 +619,16 @@ class documentController extends document
|
|||
}
|
||||
else if($isEmptyTrash && $oDocument == null) return new Object(-1, 'document is not exists');
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
$logged_info = Context::get('logged_info');
|
||||
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_document_is_admin_not_permitted');
|
||||
}
|
||||
|
||||
|
||||
if(!$oDocument->isExists() || $oDocument->document_srl != $document_srl) return new Object(-1, 'msg_invalid_document');
|
||||
// Check if a permossion is granted
|
||||
if(!$oDocument->isGranted()) return new Object(-1, 'msg_not_permitted');
|
||||
|
|
@ -717,6 +729,7 @@ class documentController extends document
|
|||
*/
|
||||
function moveDocumentToTrash($obj)
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
$trash_args = new stdClass();
|
||||
// Get trash_srl if a given trash_srl doesn't exist
|
||||
if(!$obj->trash_srl) $trash_args->trash_srl = getNextSequence();
|
||||
|
|
@ -725,6 +738,14 @@ class documentController extends document
|
|||
$oDocumentModel = getModel('document');
|
||||
$oDocument = $oDocumentModel->getDocument($obj->document_srl);
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
|
||||
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
|
||||
{
|
||||
return new Object(-1, 'msg_admin_document_no_move_to_trash');
|
||||
}
|
||||
|
||||
|
||||
$trash_args->module_srl = $oDocument->get('module_srl');
|
||||
$obj->module_srl = $oDocument->get('module_srl');
|
||||
// Cannot throw data from the trash to the trash
|
||||
|
|
|
|||
|
|
@ -327,6 +327,10 @@
|
|||
<value xml:lang="tr"><![CDATA[%d makale silinmiştir]]></value>
|
||||
<value xml:lang="vi"><![CDATA[%d bài viết đã được xóa.]]></value>
|
||||
</item>
|
||||
<item name="msg_document_is_admin_not_permitted">
|
||||
<value xml:lang="ko"><![CDATA[최고관리자의 게시글을 지울 권한이 없습니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[You don't have permission to delete the posts of Top Admin.]]></value>
|
||||
</item>
|
||||
<item name="move_target_module">
|
||||
<value xml:lang="ko"><![CDATA[대상 페이지]]></value>
|
||||
<value xml:lang="en"><![CDATA[Target module ]]></value>
|
||||
|
|
@ -874,4 +878,7 @@
|
|||
<value xml:lang="jp"><![CDATA[タイトルがないドキュメントです。]]></value>
|
||||
<value xml:lang="zh-TW"><![CDATA[此文章無標題。]]></value>
|
||||
</item>
|
||||
<item name="msg_admin_document_no_move_to_trash">
|
||||
<value xml:lang="ko"><![CDATA[최고관리자의 게시물을 휴지통으로 이동시킬 권한이 없습니다.]]></value>
|
||||
</item>
|
||||
</lang>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue