Merge #1311 일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어. by qw5414

* pr/1311:
  관리자 식별을 확실하게 할 수 있도록 개선
  일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어.

modules/comment/comment.controller.php

@@ -789,6 +789,8 @@ class commentController extends comment
 		// create the comment model object
 		$oCommentModel = getModel('comment');
 
+		$logged_info = Context::get('logged_info');
+
 		// check if comment already exists
 		$comment = $oCommentModel->getComment($comment_srl);
 		if($comment->comment_srl != $comment_srl)
@@ -796,6 +798,9 @@ class commentController extends comment
 			return new Object(-1, 'msg_invalid_request');
 		}
 
+		$oMemberModel = getModel('member');
+		$member_info = $oMemberModel->getMemberInfoByMemberSrl($comment->member_srl);
+
 		$document_srl = $comment->document_srl;
 
 		// call a trigger (before)
@@ -816,6 +821,7 @@ class commentController extends comment
 		if(count($childs) > 0)
 		{
 			$deleteAllComment = TRUE;
+			$deleteAdminComment = TRUE;
 			if(!$is_admin)
 			{
 				$logged_info = Context::get('logged_info');
@@ -828,11 +834,28 @@ class commentController extends comment
 					}
 				}
 			}
+			else if($is_admin)
+			{
+				$logged_info = Context::get('logged_info');
+				foreach($childs as $val)
+				{
+					$c_member_info = $oMemberModel->getMemberInfoByMemberSrl($val->member_srl);
+					if($c_member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+					{
+						$deleteAdminComment = FALSE;
+						break;
+					}
+				}
+			}
 
 			if(!$deleteAllComment)
 			{
 				return new Object(-1, 'fail_to_delete_have_children');
 			}
+			elseif(!$deleteAdminComment)
+			{
+				return new Object(-1, 'msg_admin_c_comment_no_delete');
+			}
 			else
 			{
 				foreach($childs as $val)
@@ -846,6 +869,10 @@ class commentController extends comment
 			}
 		}
 
+		if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
+		{
+			return new Object(-1, 'msg_admin_comment_no_delete');
+		}
 		// begin transaction
 		$oDB = DB::getInstance();
 		$oDB->begin();