fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Check the permission when running the trash

Browse source
This commit is contained in:
BJRambo 2016-10-03 18:03:31 +09:00
parent 81f9727fd9
commit 61e0437d9e
3 changed files with 11 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/board/board.controller.php
View file

@ -297,10 +297,13 @@ class boardController extends board
if($this->module_info->trash_use == 'Y')
{
// move the trash
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
if($oDocument->isGranted() === true)
{
return $output;
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
{
return $output;
}
}
}
else

8
modules/trash/queries/getTrashList.xml
View file

@ -1,7 +1,10 @@
<query id="getTrashList" action="select">
<tables>
<table name="trash" alias="T" />
<table name="member" alias="M" />
<table name="member" alias="M" type="left join" />
<conditions>
<condition operation="equal" column="T.remover_srl" default="M.member_srl" />
</conditions>
</tables>
<columns>
<column name="T.*" />
@ -9,8 +12,7 @@
<column name="M.nick_name" />
</columns>
<conditions>
<condition operation="equal" column="T.remover_srl" default="M.member_srl" notnull="notnull" />
<condition operation="in" column="trash_srl" var="trashSrl" filter="number" pipe="and" />
<condition operation="in" column="trash_srl" var="trashSrl" filter="number" />
<condition operation="in" column="origin_module" var="originModule" pipe="and" />
<group pipe="and">
<condition operation="like" column="T.title" var="s_title" />

9
modules/trash/trash.admin.controller.php
View file

@ -17,15 +17,6 @@ class trashAdminController extends trash
*/
function insertTrash($obj)
{
if(!Context::get('is_logged'))
{
$trash_array = unserialize($obj->serializedObject);
if($_SERVER['REMOTE_ADDR'] !== $trash_array['ipaddress'])
{
return new Object(-1, 'msg_not_permitted');
}
}
$logged_info = Context::get('logged_info');
$oTrashVO = new TrashVO();