fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

글, 댓글 삭제시 권한 체크 강화

Browse source 
김경욱님이 제보해 주신 버그를 수정합니다.
This commit is contained in:
Kijin Sung 2020-07-03 16:03:36 +09:00
parent 9d93d7ddc5
commit 8681923f3e
2 changed files with 40 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/board/board.controller.php
View file

@ -289,6 +289,15 @@ class boardController extends board
$oDocumentModel = &getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
if (!$oDocument || !$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$oDocument->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
// check protect content
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y')
{
@ -311,14 +320,10 @@ class boardController extends board
$oDocumentController = getController('document');
if($this->module_info->trash_use == 'Y')
{
// move the trash
if($oDocument->isGranted() === true)
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
{
$output = $oDocumentController->moveDocumentToTrash($oDocument);
if(!$output->toBool())
{
return $output;
}
return $output;
}
}
else
@ -536,7 +541,16 @@ class boardController extends board
}
$oCommentModel = getModel('comment');
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if (!$comment || !$comment->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$comment->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
{
$childs = $oCommentModel->getChildComments($comment_srl);
@ -545,7 +559,7 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
}
}
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
{
if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))