fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-18 18:02:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

글, 댓글 삭제시 권한 체크 강화

Browse source 
김경욱님이 제보해 주신 버그를 수정합니다.
This commit is contained in:
Kijin Sung 2020-07-03 16:03:36 +09:00
parent 9d93d7ddc5
commit 8681923f3e
2 changed files with 40 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/comment/comment.controller.php
View file

@ -896,6 +896,15 @@ class commentController extends comment
{
return new BaseObject(-1, 'msg_invalid_request');
}
$comment = getModel('comment')->getComment($obj->comment_srl);
if(!$comment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.deleteComment', 'before', $comment);
@ -1184,6 +1193,14 @@ class commentController extends comment
$oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($obj->comment_srl);
if(!$oComment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$oComment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->get('member_srl'));