fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

글, 댓글 삭제시 권한 체크 강화

Browse source 
김경욱님이 제보해 주신 버그를 수정합니다.
This commit is contained in:
Kijin Sung 2020-07-03 16:03:36 +09:00
parent 9d93d7ddc5
commit 8681923f3e
2 changed files with 40 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/board/board.controller.php
View file

@ -289,6 +289,15 @@ class boardController extends board
$oDocumentModel = &getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
if (!$oDocument || !$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$oDocument->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
// check protect content
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y')
{
@ -311,14 +320,10 @@ class boardController extends board
$oDocumentController = getController('document');
if($this->module_info->trash_use == 'Y')
{
// move the trash
if($oDocument->isGranted() === true)
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
{
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
{
return $output;
}
return $output;
}
}
else
@ -536,7 +541,16 @@ class boardController extends board
}
$oCommentModel = getModel('comment');
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if (!$comment || !$comment->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$comment->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
{
$childs = $oCommentModel->getChildComments($comment_srl);
@ -545,7 +559,7 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
}
}
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
{
if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))

17
modules/comment/comment.controller.php
View file

@ -896,6 +896,15 @@ class commentController extends comment
{
return new BaseObject(-1, 'msg_invalid_request');
}
$comment = getModel('comment')->getComment($obj->comment_srl);
if(!$comment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.deleteComment', 'before', $comment);
@ -1184,6 +1193,14 @@ class commentController extends comment
$oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($obj->comment_srl);
if(!$oComment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$oComment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->get('member_srl'));