root 퍼미션을 걸 경우 최고 관리자만 쓸 수 있도록 변경

2026-04-18 18:02:15 +09:00 · 2017-03-18 21:10:03 +09:00 · 2017-03-18 21:10:03 +09:00 · 83d6fe89a3
commit 83d6fe89a3
parent cda2dd8fa7
2 changed files with 20 additions and 7 deletions
--- a/classes/module/ModuleObject.class.php
+++ b/classes/module/ModuleObject.class.php
@ -302,8 +302,8 @@ class ModuleObject extends Object
 			$grant = getModel('module')->getGrant($this->module_info, Context::get('logged_info'), $xml_info);
 		}
 		
-		// If manager, Pass
-		if($grant->manager)
+		// If an administrator, Pass
+		if($grant->root)
 		{
 			return true;
 		}
@ -325,7 +325,12 @@ class ModuleObject extends Object
 				$this->stop('msg_not_permitted_act');
 				return false;
 			}
-			else if(in_array($permission, array('root', 'manager')))
+			else if($permission == 'manager' && !$grant->manager)
+			{
+				$this->stop('admin.msg_is_not_administrator');
+				return false;
+			}
+			else if($permission == 'root')
 			{
 				$this->stop('admin.msg_is_not_administrator');
 				return false;
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@ -1943,7 +1943,8 @@ class moduleModel extends module
 		$module_grant = array_keys((array) $xml_info->grant);
 		
 		// Prepend default grant
-		array_unshift($module_grant, 'access', 'is_admin', 'manager', 'is_site_admin');
+		// is_admin, manager, is_site_admin not distinguish because of compatibility.
+		array_unshift($module_grant, 'access', 'is_admin', 'manager', 'is_site_admin', 'root');
 		
 		// unique
 		$module_grant = array_unique($module_grant, SORT_STRING);
@ -1951,15 +1952,22 @@ class moduleModel extends module
 		// Set grant
 		foreach($module_grant as $val)
 		{
-			// Set true if an administrator or a module manager
-			if($member_info->is_admin == 'Y' || $is_module_admin)
+			// If an administrator, set all true.
+			if($member_info->is_admin == 'Y')
 			{
 				$grant->{$val} = true;
 			}
-			else if($val == 'access' && !$module_info->module_srl)
+			// If a module manager, except 'root'
+			else if($is_module_admin === true && $val !== 'root')
 			{
 				$grant->{$val} = true;
 			}
+			// If module_srl doesn't exist, access true
+			else if(!$module_info->module_srl && $val === 'access')
+			{
+				$grant->{$val} = true;
+			}
+			// default permission false
 			else
 			{
 				$grant->{$val} = false;