Merge #1311 일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어. by qw5414

* pr/1311:
  관리자 식별을 확실하게 할 수 있도록 개선
  일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어.

modules/board/board.controller.php

@@ -67,6 +67,13 @@ class boardController extends board
 			$is_update = true;
 		}
 
+		$oMemberModel = getModel('member');
+		$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
+		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		{
+			return new Object(-1, 'msg_admin_document_no_modify');
+		}
+
 		// if use anonymous is true
 		if($this->module_info->use_anonymous == 'Y')
 		{
@@ -289,6 +296,14 @@ class boardController extends board
 			$comment = $oCommentModel->getComment($obj->comment_srl, $this->grant->manager);
 		}
 
+		$oMemberModel = getModel('member');
+		$member_info = $oMemberModel->getMemberInfoByMemberSrl($comment->member_srl);
+
+		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		{
+			return new Object(-1, 'msg_admin_comment_no_modify');
+		}
+
 		// if comment_srl is not existed, then insert the comment
 		if($comment->comment_srl != $obj->comment_srl)
 		{

modules/board/board.view.php

@@ -643,6 +643,7 @@ class boardView extends board
 		}
 
 		$oDocumentModel = getModel('document');
+		$logged_info = Context::get('logged_info');
 
 		/**
 		 * check if the category option is enabled not not
@@ -652,7 +653,6 @@ class boardView extends board
 			// get the user group information
 			if(Context::get('is_logged'))
 			{
-				$logged_info = Context::get('logged_info');
 				$group_srls = array_keys($logged_info->group_list);
 			}
 			else
@@ -686,6 +686,9 @@ class boardView extends board
 		$oDocument = $oDocumentModel->getDocument(0, $this->grant->manager);
 		$oDocument->setDocument($document_srl);
 
+		$oMemberModel = getModel('member');
+		$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
+
 		if($oDocument->get('module_srl') == $oDocument->get('member_srl')) $savedDoc = TRUE;
 		$oDocument->add('module_srl', $this->module_srl);
 
@@ -693,6 +696,10 @@ class boardView extends board
 		{
 			return new Object(-1, 'msg_protect_content');
 		}
+		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		{
+			return new Object(-1, 'msg_admin_document_no_modify');
+		}
 
 		// if the document is not granted, then back to the password input form
 		$oModuleModel = getModel('module');
@@ -925,6 +932,7 @@ class boardView extends board
 	 **/
 	function dispBoardModifyComment()
 	{
+		$logged_info = Context::get('logged_info');
 		// check grant
 		if(!$this->grant->write_comment)
 		{
@@ -945,6 +953,14 @@ class boardView extends board
 		$oCommentModel = getModel('comment');
 		$oComment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
 
+		$oMemberModel = getModel('member');
+		$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->member_srl);
+
+		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		{
+			return new Object(-1, 'msg_admin_comment_no_modify');
+		}
+
 		// if the comment is not exited, alert an error message
 		if(!$oComment->isExists())
 		{

modules/board/lang/lang.xml

@@ -375,4 +375,10 @@
 		<value xml:lang="en"><![CDATA[You cannot modify or delete document which has any comment on it.]]></value>
 		<value xml:lang="jp"><![CDATA[コメントが登録された書き込みは修正、または削除が禁止されています。]]></value>
 	</item>
+	<item name="msg_admin_document_no_modify">
+		<value xml:lang="ko"><![CDATA[최고관리자의 게시물을 수정할 권한이 없습니다.]]></value>
+	</item>
+	<item name="msg_admin_comment_no_modify">
+		<value xml:lang="ko"><![CDATA[최고관리자의 댓글을 수정할 권한이 없습니다.]]></value>
+	</item>
 </lang>