fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-05 19:42:12 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge #1311 일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어. by qw5414

Browse source 
* pr/1311:
  관리자 식별을 확실하게 할 수 있도록 개선
  일반 게시판의 관리자가 최고관리자의 게시물을 삭제 및 수정을 할 수있는 권한을 제어.
This commit is contained in:
Kijin Sung 2015-10-08 14:08:54 +09:00
commit 5dc39d2e22
8 changed files with 115 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/document/document.controller.php
View file

@ -366,6 +366,8 @@ class documentController extends document
}
if(!$source_obj->document_srl || !$obj->document_srl) return new Object(-1,'msg_invalied_request');
if(!$obj->status && $obj->is_secret == 'Y') $obj->status = 'SECRET';
if(!$obj->status) $obj->status = 'PUBLIC';
@ -617,6 +619,16 @@ class documentController extends document
}
else if($isEmptyTrash && $oDocument == null) return new Object(-1, 'document is not exists');
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
$logged_info = Context::get('logged_info');
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{
return new Object(-1, 'msg_document_is_admin_not_permitted');
}
if(!$oDocument->isExists() || $oDocument->document_srl != $document_srl) return new Object(-1, 'msg_invalid_document');
// Check if a permossion is granted
if(!$oDocument->isGranted()) return new Object(-1, 'msg_not_permitted');
@ -717,6 +729,7 @@ class documentController extends document
*/
function moveDocumentToTrash($obj)
{
$logged_info = Context::get('logged_info');
$trash_args = new stdClass();
// Get trash_srl if a given trash_srl doesn't exist
if(!$obj->trash_srl) $trash_args->trash_srl = getNextSequence();
@ -725,6 +738,14 @@ class documentController extends document
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($obj->document_srl);
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{
return new Object(-1, 'msg_admin_document_no_move_to_trash');
}
$trash_args->module_srl = $oDocument->get('module_srl');
$obj->module_srl = $oDocument->get('module_srl');
// Cannot throw data from the trash to the trash