fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 20:12:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

글, 댓글 삭제시 권한 체크 강화

Browse source 
김경욱님이 제보해 주신 버그를 수정합니다.
This commit is contained in:
Kijin Sung 2020-07-03 16:03:36 +09:00
parent 9d93d7ddc5
commit 8681923f3e
2 changed files with 40 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/board/board.controller.php
View file

@ -289,6 +289,15 @@ class boardController extends board
$oDocumentModel = &getModel('document'); $oDocumentModel = &getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl); $oDocument = $oDocumentModel->getDocument($document_srl);
if (!$oDocument || !$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$oDocument->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
// check protect content // check protect content
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y') if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y')
{ {
@ -311,14 +320,10 @@ class boardController extends board
$oDocumentController = getController('document'); $oDocumentController = getController('document');
if($this->module_info->trash_use == 'Y') if($this->module_info->trash_use == 'Y')
{ {
// move the trash $output = $oDocumentController->moveDocumentToTrash($oDocument);
if($oDocument->isGranted() === true) if(!$output->toBool())
{ {
$output = $oDocumentController->moveDocumentToTrash($oDocument); return $output;
if(!$output->toBool())
{
return $output;
}
} }
} }
else else
@ -536,7 +541,16 @@ class boardController extends board
} }
$oCommentModel = getModel('comment'); $oCommentModel = getModel('comment');
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if (!$comment || !$comment->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if (!$comment->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false) if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
{ {
$childs = $oCommentModel->getChildComments($comment_srl); $childs = $oCommentModel->getChildComments($comment_srl);
@ -545,7 +559,7 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment'); throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
} }
} }
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false) if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
{ {
if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day'))) if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))

17
modules/comment/comment.controller.php
View file

@ -896,6 +896,15 @@ class commentController extends comment
{ {
return new BaseObject(-1, 'msg_invalid_request'); return new BaseObject(-1, 'msg_invalid_request');
} }
$comment = getModel('comment')->getComment($obj->comment_srl);
if(!$comment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
// call a trigger (before) // call a trigger (before)
$output = ModuleHandler::triggerCall('comment.deleteComment', 'before', $comment); $output = ModuleHandler::triggerCall('comment.deleteComment', 'before', $comment);
@ -1184,6 +1193,14 @@ class commentController extends comment
$oCommentModel = getModel('comment'); $oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($obj->comment_srl); $oComment = $oCommentModel->getComment($obj->comment_srl);
if(!$oComment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$oComment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
$oMemberModel = getModel('member'); $oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->get('member_srl')); $member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->get('member_srl'));