From 61e0437d9eb1d7d8ff06dca9244ee9a91e640835 Mon Sep 17 00:00:00 2001
From: BJRambo <sosifam@070805.co.kr>
Date: Mon, 3 Oct 2016 18:03:31 +0900
Subject: [PATCH] Check the permission when running the trash

---
 modules/board/board.controller.php       | 9 ++++++---
 modules/trash/queries/getTrashList.xml   | 8 +++++---
 modules/trash/trash.admin.controller.php | 9 ---------
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php
index 738cb5767..21bd64106 100644
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@@ -297,10 +297,13 @@ class boardController extends board
 		if($this->module_info->trash_use == 'Y')
 		{
 			// move the trash
-			$output = $oDocumentController->moveDocumentToTrash($oDocument);
-			if(!$output->toBool())
+			if($oDocument->isGranted() === true)
 			{
-				return $output;
+				$output = $oDocumentController->moveDocumentToTrash($oDocument);
+				if(!$output->toBool())
+				{
+					return $output;
+				}
 			}
 		}
 		else
diff --git a/modules/trash/queries/getTrashList.xml b/modules/trash/queries/getTrashList.xml
index b73860acc..456b70e74 100644
--- a/modules/trash/queries/getTrashList.xml
+++ b/modules/trash/queries/getTrashList.xml
@@ -1,7 +1,10 @@
 <query id="getTrashList" action="select">
     <tables>
         <table name="trash" alias="T" />
-        <table name="member" alias="M" />
+        <table name="member" alias="M" type="left join" />
+	    <conditions>
+		    <condition operation="equal" column="T.remover_srl" default="M.member_srl" />
+	    </conditions>
     </tables>
     <columns>
         <column name="T.*" />
@@ -9,8 +12,7 @@
         <column name="M.nick_name" />
     </columns>
     <conditions>
-        <condition operation="equal" column="T.remover_srl" default="M.member_srl" notnull="notnull" />
-        <condition operation="in" column="trash_srl" var="trashSrl" filter="number" pipe="and" />
+        <condition operation="in" column="trash_srl" var="trashSrl" filter="number" />
         <condition operation="in" column="origin_module" var="originModule" pipe="and" />
         <group pipe="and">
             <condition operation="like" column="T.title" var="s_title" />
diff --git a/modules/trash/trash.admin.controller.php b/modules/trash/trash.admin.controller.php
index a797abb44..9b241d8f7 100644
--- a/modules/trash/trash.admin.controller.php
+++ b/modules/trash/trash.admin.controller.php
@@ -17,15 +17,6 @@ class trashAdminController extends trash
 	 */
 	function insertTrash($obj)
 	{
-		if(!Context::get('is_logged'))
-		{
-			$trash_array = unserialize($obj->serializedObject);
-			if($_SERVER['REMOTE_ADDR'] !== $trash_array['ipaddress'])
-			{
-				return new Object(-1, 'msg_not_permitted');
-			}
-		}
-
 		$logged_info = Context::get('logged_info');
 
 		$oTrashVO = new TrashVO();