Merge pull request #765 from conory/pr/grant

모듈 권한 정리 및 퍼미션 체크 지원

classes/module/ModuleHandler.class.php

@@ -670,11 +670,23 @@ class ModuleHandler extends Handler
 					return $oMessageObject;
 				}
 				
-				if($this->module == "admin" && $type == "view")
+				// Protect admin action
+				if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
 				{
-					if($logged_info->is_admin == 'Y')
+					if($this->module == 'admin' || strpos($xml_info->permission->{$this->act}, 'manager') === false)
 					{
-						if($this->act != 'dispLayoutAdminLayoutModify')
+						self::_setInputErrorToContext();
+						$this->error = 'admin.msg_is_not_administrator';
+						$oMessageObject = self::getModuleInstance('message', $display_mode);
+						$oMessageObject->setError(-1);
+						$oMessageObject->setMessage($this->error);
+						$oMessageObject->dispMessage();
+						return $oMessageObject;
+					}
+				}
+				
+				// Admin page layout
+				if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
 				{
 					$oAdminView = getAdminView('admin');
 					$oAdminView->makeGnbUrl($forward->module);
@@ -682,46 +694,6 @@ class ModuleHandler extends Handler
 					$oModule->setLayoutFile("layout.html");
 				}
 			}
-					else
-					{
-						self::_setInputErrorToContext();
-
-						$this->error = 'admin.msg_is_not_administrator';
-						$oMessageObject = self::getModuleInstance('message', $display_mode);
-						$oMessageObject->setError(-1);
-						$oMessageObject->setMessage($this->error);
-						$oMessageObject->dispMessage();
-						return $oMessageObject;
-					}
-				}
-				if($kind == 'admin')
-				{
-					$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
-					if(!$grant->manager)
-					{
-						self::_setInputErrorToContext();
-						$this->error = 'admin.msg_is_not_administrator';
-						$oMessageObject = self::getModuleInstance('message', $display_mode);
-						$oMessageObject->setError(-1);
-						$oMessageObject->setMessage($this->error);
-						$oMessageObject->dispMessage();
-						return $oMessageObject;
-					}
-					else
-					{
-						if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
-						{
-							self::_setInputErrorToContext();
-							$this->error = 'admin.msg_is_not_administrator';
-							$oMessageObject = self::getModuleInstance('message', $display_mode);
-							$oMessageObject->setError(-1);
-							$oMessageObject->setMessage($this->error);
-							$oMessageObject->dispMessage();
-							return $oMessageObject;
-						}
-					}
-				}
-			}
 			else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
 			{
 				$this->act = $xml_info->default_index_act;

classes/module/ModuleObject.class.php

@@ -128,7 +128,7 @@ class ModuleObject extends Object
 	}
 
 	/**
-	 * sett to set the template path for refresh.html
+	 * Set the template path for refresh.html
 	 * refresh.html is executed as a result of method execution
 	 * Tpl as the common run of the refresh.html ..
 	 * @return void
@@ -140,7 +140,7 @@ class ModuleObject extends Object
 	}
 
 	/**
-	 * sett to set the action name
+	 * Set the action name
 	 * @param string $act
 	 * @return void
 	 * */
@@ -150,97 +150,204 @@ class ModuleObject extends Object
 	}
 	
 	/**
-	 * sett to set module information
+	 * Set module information
 	 * @param object $module_info object containing module information
 	 * @param object $xml_info object containing module description
 	 * @return void
 	 * */
 	function setModuleInfo($module_info, $xml_info)
 	{
-		// The default variable settings
+		// Set default variables
 		$this->mid = $module_info->mid;
 		$this->module_srl = $module_info->module_srl;
 		$this->module_info = $module_info;
 		$this->origin_module_info = $module_info;
 		$this->xml_info = $xml_info;
 		$this->skin_vars = $module_info->skin_vars;
-		// validate certificate info and permission settings necessary in Web-services
-		$is_logged = Context::get('is_logged');
-		$logged_info = Context::get('logged_info');
-		// module model create an object
-		$oModuleModel = getModel('module');
-		// permission settings. access, manager(== is_admin) are fixed and privilege name in XE
-		$module_srl = Context::get('module_srl');
-		if(!$module_info->mid && !is_array($module_srl) && preg_match('/^([0-9]+)$/', $module_srl))
+		$this->module_config = getModel('module')->getModuleConfig($this->module, $module_info->site_srl);
+		
+		// Set privileges(granted) information
+		if($this->setPrivileges() !== true)
 		{
-			$request_module = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
-			if($request_module->module_srl == $module_srl)
-			{
-				$grant = $oModuleModel->getGrant($request_module, $logged_info);
-			}
-		}
-		else
-		{
-			$grant = $oModuleModel->getGrant($module_info, $logged_info, $xml_info);
-			// have at least access grant
-			if(substr_count($this->act, 'Member') || substr_count($this->act, 'Communication'))
-			{
-				$grant->access = 1;
-			}
-		}
-		// display no permission if the current module doesn't have an access privilege
-		//if(!$grant->access) return $this->stop("msg_not_permitted");
-		// checks permission and action if you don't have an admin privilege
-		if(!$grant->manager)
-		{
-			// get permission types(guest, member, manager, root) of the currently requested action
-			$permission_target = $xml_info->permission->{$this->act};
-			// check manager if a permission in module.xml otherwise action if no permission
-			if(!$permission_target && substr_count($this->act, 'Admin'))
-			{
-				$permission_target = 'manager';
-			}
-			// Check permissions
-			switch($permission_target)
-			{
-				case 'root' :
-				case 'manager' :
-					$this->stop('admin.msg_is_not_administrator');
-					return;
-				case 'member' :
-					if(!$is_logged)
-					{
-						$this->stop('msg_not_permitted_act');
+			$this->stop('msg_invalid_request');
 			return;
 		}
-					break;
-			}
-		}
-		// permission variable settings
-		$this->grant = $grant;
-
-		Context::set('grant', $grant);
-
-		$this->module_config = $oModuleModel->getModuleConfig($this->module, $module_info->site_srl);
 		
+		// Execute init
 		if(method_exists($this, 'init'))
 		{
 			$this->init();
 		}
 	}
 	
+	/**
+	 * Set privileges(granted) information of current user and check permission of current module
+	 * @return boolean success : true, fail : false
+	 * */
+	function setPrivileges()
+	{
+		if(Context::get('logged_info')->is_admin !== 'Y')
+		{
+			// Get privileges(granted) information for target module by <permission check> of module.xml
+			if(($permission_check = $this->xml_info->permission_check->{$this->act}) && $permission_check->key)
+			{
+				// Check parameter
+				if(empty($check_module_srl = trim(Context::get($permission_check->key))))
+				{
+					return false;
+				}
+				
+				// If value is not array
+				if(!is_array($check_module_srl))
+				{
+					// Convert string to array. delimiter is ,(comma) or |@|
+					if(preg_match('/,|\|@\|/', $check_module_srl, $delimiter) && $delimiter[0])
+					{
+						$check_module_srl = explode($delimiter[0], $check_module_srl);
+					}
+					else
+					{
+						$check_module_srl = array($check_module_srl);
+					}
+				}
+				
+				// Check permission by privileges(granted) information for target module
+				foreach($check_module_srl as $target_srl)
+				{
+					// Get privileges(granted) information of current user for target module
+					if(($grant = getModel('module')->getPrivilegesBySrl($target_srl, $permission_check->type)) === false)
+					{
+						return false;
+					}
+					
+					// Check permission
+					if($this->checkPermission($grant, false) !== true)
+					{
+						return false;
+					}
+				}
+			}
+		}
+		
+		// If no privileges(granted) information, check permission by privileges(granted) information for current module
+		if(!isset($grant))
+		{
+			// Get privileges(granted) information of current user for current module
+			$grant = getModel('module')->getGrant($this->module_info, Context::get('logged_info'), $this->xml_info);
+			
+			// Check permission
+			if($this->checkPermission($grant) !== true)
+			{
+				return false;
+			}
+		}
+		
+		// Set privileges(granted) variables
+		$this->grant = $grant;
+		Context::set('grant', $grant);
+		
+		return true;
+	}
+	
+	/**
+	 * Check permission
+	 * @param object $grant privileges(granted) information of user
+	 * @param object $find if user doesn't have privilege(granted), find more privilege of the user
+	 * @param object $member_info member information
+	 * @return boolean success : true, fail : false
+	 * */
+	function checkPermission($grant = null, $find = true, $member_info = null)
+	{
+		// Get logged-in member information
+		if(!$member_info)
+		{
+			$member_info = Context::get('logged_info');
+		}
+		
+		// Get privileges(granted) information of the member for current module
+		if(!$grant)
+		{
+			$grant = getModel('module')->getGrant($this->module_info, $member_info, $this->xml_info);
+		}
+		
+		// If an administrator, Pass
+		if($grant->root)
+		{
+			return true;
+		}
+		
+		// Get permission types(guest, member, manager, root) of the currently requested action
+		$permission = $this->xml_info->permission->{$this->act};
+		
+		// If admin action, default permission
+		if(!$permission && stripos($this->act, 'admin') !== false)
+		{
+			$permission = 'root';
+		}
+		
+		// If 'act' have permission, but user does not have privilege(granted), error
+		if($permission)
+		{
+			// If permission is 'member', check logged-in
+			if($permission == 'member' && !Context::get('is_logged'))
+			{
+				$this->stop('msg_not_permitted_act');
+				return false;
+			}
+			// If permission is 'manager', check 'is user have manager privilege(granted)'
+			else if(strpos($permission, 'manager') !== false && !$grant->manager)
+			{
+				// If permission is '*-managers', search modules to find manager privilege of the member
+				if(Context::get('is_logged') && $find && preg_match('/^([a-z0-9\_]+)-managers$/', $permission, $type) && $type[1])
+				{
+					// Manager privilege of the member is found by search all modules, Pass
+					if($type[1] == 'all' && getModel('module')->findManagerPrivilege($member_info) !== false)
+					{
+						return true;
+					}
+					// Manager privilege of the member is found by search same module as this module, Pass
+					else if($type[1] == 'same' && getModel('module')->findManagerPrivilege($member_info, $this->module) !== false)
+					{
+						return true;
+					}
+					// Manager privilege of the member is found by search same module as the module, Pass
+					else if(getModel('module')->findManagerPrivilege($member_info, $type[1]) !== false)
+					{
+						return true;
+					}
+				}
+				
+				$this->stop('admin.msg_is_not_administrator');
+				return false;
+			}
+			// If permission is 'root', Error!
+			// Because an administrator who have root privilege(granted) was passed already
+			else if($permission == 'root')
+			{
+				$this->stop('admin.msg_is_not_administrator');
+				return false;
+			}
+		}
+		
+		return true;
+	}
+	
 	/**
 	 * set the stop_proc and approprate message for msg_code
 	 * @param string $msg_code an error code
 	 * @return ModuleObject $this
 	 * */
 	function stop($msg_code)
+	{
+		if($this->stop_proc !== true)
 		{
 			// flag setting to stop the proc processing
-		$this->stop_proc = TRUE;
+			$this->stop_proc = true;
+			
 			// Error handling
 			$this->setError(-1);
 			$this->setMessage($msg_code);
+			
 			// Error message display by message module
 			$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $type);
@@ -251,6 +358,7 @@ class ModuleObject extends Object
 			$this->setTemplatePath($oMessageObject->getTemplatePath());
 			$this->setTemplateFile($oMessageObject->getTemplateFile());
 			$this->setHttpStatusCode($oMessageObject->getHttpStatusCode());
+		}
 		
 		return $this;
 	}

modules/addon/conf/module.xml

@@ -1,15 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-    <permissions>
-	<permission action="procAddonAdminToggleActivate" target="manager" />
-	<permission action="dispAddonAdminSetup" target="manager" />
-	<permission action="procAddonAdminSetupAddon" target="manager" />
-    </permissions>
+	<permissions />
 	<actions>
 		<action name="dispAddonAdminIndex" type="view" admin_index="true" menu_name="installedAddon" menu_index="true" />
 		<action name="dispAddonAdminInfo" type="view" />
 		<action name="dispAddonAdminSetup" type="view" menu_name="installedAddon" />
+		
 		<action name="procAddonAdminToggleActivate" type="controller" />
 		<action name="procAddonAdminSetupAddon" type="controller" ruleset="updateAddonSetup" />
 		<action name="procAddonAdminSaveActivate" type="controller" />

modules/admin/conf/module.xml

@@ -1,8 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-    <permissions />
+	<permissions>
+		<permission action="getSiteAllList" target="root" />
+	</permissions>
 	<actions>
+		<action name="getSiteAllList" type="model" />
+		
 		<action name="dispAdminIndex" type="view" index="true" />
 		<action name="dispAdminConfigGeneral" type="view" menu_name="adminConfigurationGeneral" menu_index="true" />
 		<action name="dispAdminConfigNotification" type="view" menu_name="adminConfigurationGeneral" />
@@ -37,8 +41,6 @@
 		<action name="procAdminUpdateFTPInfo" type="controller" />
 		<action name="procAdminRemoveFTPInfo" type="controller" />
 		<action name="procAdminFaviconUpload" type="controller" />
-
-        <action name="getSiteAllList" type="model" />
 	</actions>
 	<menus>
 		<menu name="adminConfigurationGeneral" type="all">

modules/advanced_mailer/conf/module.xml

@@ -12,6 +12,7 @@
 		<action name="dispAdvanced_mailerAdminSMSTest" type="view" />
 		<action name="dispAdvanced_mailerAdminSMSLog" type="view" />
 		<action name="dispAdvanced_mailerAdminSMSErrors" type="view" />
+		
 		<action name="procAdvanced_mailerAdminInsertConfig" type="controller" />
 		<action name="procAdvanced_mailerAdminInsertExceptions" type="controller" />
 		<action name="procAdvanced_mailerAdminCheckDNSRecord" type="controller" />

modules/autoinstall/conf/module.xml

@@ -1,18 +1,22 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
+	<grants />
+	<permissions />
 	<actions>
+		<action name="dispAutoinstallAdminIndex" type="view" admin_index="true" menu_name="easyInstall" menu_index="true" />
 		<action name="dispAutoinstallAdminInstall" type="view" menu_name="easyInstall" />
 		<action name="dispAutoinstallAdminUninstall" type="view" menu_name="easyInstall" />
-        <action name="procAutoinstallAdminUninstallPackage" type="controller" ruleset="ftp" />
 		<action name="dispAutoinstallAdminInstalledPackages" type="view" menu_name="easyInstall" />
-        <action name="dispAutoinstallAdminIndex" type="view" admin_index="true" menu_name="easyInstall" menu_index="true" />
-        <action name="procAutoinstallAdminUpdateinfo" type="controller" />
-        <action name="procAutoinstallAdminPackageinstall" type="controller" ruleset="ftp" />
+		
 		<action name="getAutoinstallAdminMenuPackageList" type="model" />
 		<action name="getAutoinstallAdminLayoutPackageList" type="model" />
 		<action name="getAutoinstallAdminSkinPackageList" type="model" />
 		<action name="getAutoinstallAdminIsAuthed" type="model" />
 		<action name="getAutoInstallAdminInstallInfo" type="model" />
+		
+		<action name="procAutoinstallAdminUpdateinfo" type="controller" />
+		<action name="procAutoinstallAdminPackageinstall" type="controller" ruleset="ftp" />
+		<action name="procAutoinstallAdminUninstallPackage" type="controller" ruleset="ftp" />
 	</actions>
 	<menus>
 		<menu name="easyInstall">

modules/board/conf/module.xml

@@ -54,30 +54,19 @@
 		</grant>
 	</grants>
 	<permissions>
-		<permission action="dispBoardAdminInsertBoard" target="manager" />
 		<permission action="dispBoardAdminBoardInfo" target="manager" />
+		<permission action="dispBoardAdminCategoryInfo" target="manager" />
 		<permission action="dispBoardAdminExtraVars" target="manager" />
+		<permission action="dispBoardAdminGrantInfo" target="manager" />
 		<permission action="dispBoardAdminBoardAdditionSetup" target="manager" />
 		<permission action="dispBoardAdminSkinInfo" target="manager" />
+		<permission action="dispBoardAdminMobileSkinInfo" target="manager" />
 		
-		<permission action="procBoardAdminInsertBoard" target="manager" />
-		<permission action="procBoardAdminUpdateBoardFroBasic" target="manager" />
-		<permission action="procBoardAdminSaveCategorySettings" target="manager" />
-
-		<permission action="getBoardAdminSimpleSetup" target="manager" />
+		<permission action="procBoardAdminInsertBoard" target="manager" check_var="module_srl" />
+		<permission action="procBoardAdminSaveCategorySettings" target="manager" check_var="module_srl" />
 	</permissions>
 	<actions>
-		<action name="dispBoardContent" type="view" index="true" />
-		<action name="dispBoardNoticeList" type="view" />
-		<action name="dispBoardContentList" type="view" />
-		<action name="dispBoardContentView" type="view" />
-		<action name="dispBoardCategoryList" type="view" />
-		<action name="dispBoardContentCommentList" type="view" />
-		<action name="dispBoardContentFileList" type="view" />
-		<action name="dispBoardUpdateLog" type="view" />
-		<action name="dispBoardVoteLog" type="view" />
-
-		<action name="dispBoardTagList" type="view" />
+		<action name="dispBoardContent" type="view" standalone="false" index="true" />
 		<action name="dispBoardWrite" type="view" standalone="false" />
 		<action name="dispBoardDelete" type="view" standalone="false" />
 		<action name="dispBoardWriteComment" type="view" standalone="false" />
@@ -85,38 +74,46 @@
 		<action name="dispBoardModifyComment" type="view" standalone="false" />
 		<action name="dispBoardDeleteComment" type="view" standalone="false" />
 		<action name="dispBoardDeleteTrackback" type="view" standalone="false" />
-		<action name="dispBoardMessage" type="view" />
-		<action name="dispBoardUpdateLogView" type="view" />
+		<action name="dispBoardContentList" type="view" standalone="false" />
+		<action name="dispBoardContentView" type="view" standalone="false" />
+		<action name="dispBoardUpdateLog" type="view" standalone="false" />
+		<action name="dispBoardUpdateLogView" type="view" standalone="false" />
+		<action name="dispBoardVoteLog" type="view" standalone="false" />
+		
+		<action name="dispBoardNoticeList" type="view" standalone="false" />
+		<action name="dispBoardCategoryList" type="view" standalone="false" />
+		<action name="dispBoardContentCommentList" type="view" standalone="false" />
+		<action name="dispBoardContentFileList" type="view" standalone="false" />
+		<action name="dispBoardTagList" type="view" standalone="false" />
+		<action name="dispBoardCategory" type="mobile" standalone="false" />
+		<action name="getBoardCommentPage" type="mobile" standalone="false" />
 		
 		<action name="procBoardInsertDocument" type="controller" ruleset="insertDocument" standalone="false" />
-		<action name="procBoardRevertDocument" type="controller" />
 		<action name="procBoardDeleteDocument" type="controller" standalone="false" />
-		<action name="procBoardVoteDocument" type="controller" standalone="false" />
+		<action name="procBoardRevertDocument" type="controller" standalone="false" />
 		<action name="procBoardInsertComment" type="controller" standalone="false" />
 		<action name="procBoardDeleteComment" type="controller" standalone="false" />
 		<action name="procBoardDeleteTrackback" type="controller" standalone="false" />
-		<action name="procBoardVerificationPassword" type="controller" />
+		<action name="procBoardVerificationPassword" type="controller" standalone="false" />
+		<action name="procBoardVoteDocument" type="controller" standalone="false" />
 		
-		<!-- admin -->
 		<action name="dispBoardAdminContent" type="view" admin_index="true" menu_name="board" menu_index="true" />
-		<action name="dispBoardAdminBoardInfo" type="view"  menu_name="board" />
-		<action name="dispBoardAdminExtraVars" type="view"  menu_name="board" />
-		<action name="dispBoardAdminBoardAdditionSetup" type="view" menu_name="board"  />
 		<action name="dispBoardAdminInsertBoard" type="view" setup_index="true" menu_name="board" />
 		<action name="dispBoardAdminDeleteBoard" type="view" menu_name="board" />
+		<action name="dispBoardAdminBoardInfo" type="view" menu_name="board" />
+		<action name="dispBoardAdminCategoryInfo" type="view" menu_name="board" />
+		<action name="dispBoardAdminExtraVars" type="view" menu_name="board" />
+		<action name="dispBoardAdminGrantInfo" type="view" menu_name="board" />
+		<action name="dispBoardAdminBoardAdditionSetup" type="view" menu_name="board" />
 		<action name="dispBoardAdminSkinInfo" type="view" menu_name="board" />
 		<action name="dispBoardAdminMobileSkinInfo" type="view" menu_name="board" />
-		<action name="dispBoardAdminGrantInfo" type="view" menu_name="board"  />
-		<action name="dispBoardAdminCategoryInfo" type="view" menu_name="board"  />
+		
+		<action name="getBoardAdminSimpleSetup" type="model" simple_setup_index="true" />
+		
 		<action name="procBoardAdminInsertBoard" type="controller" ruleset="insertBoard" />
 		<action name="procBoardAdminDeleteBoard" type="controller" />
 		<action name="procBoardAdminUpdateBoardFroBasic" type="controller" ruleset="insertBoardForBasic" />
 		<action name="procBoardAdminSaveCategorySettings" type="controller" ruleset="saveCategorySettings" />
-
-		<action name="getBoardAdminSimpleSetup" type="model" simple_setup_index="true" />
-
-		<action name="dispBoardCategory" type="mobile" />
-		<action name="getBoardCommentPage" type="mobile" />
 	</actions>
 	<menus>
 		<menu name="board" type="all">

modules/comment/conf/module.xml

@@ -2,38 +2,42 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procCommentVoteUp" target="member" />
-		<permission action="procCommentVoteDown" target="member" />
-		<permission action="procCommentDeclare" target="member" />
+		<permission action="dispCommentDeclare" target="member" />
+		<permission action="getCommentVotedMemberList" target="root" />
 		
-		<permission action="procCommentGetList" target="manager" />
-		<permission action="procCommentAdminAddCart" target="manager" />
-		<permission action="procCommentAdminMoveToTrash" target="manager" />
-		<permission action="procCommentAdminDeleteChecked" target="manager" />
-		<permission action="procCommentInsertModuleConfig" target="manager" />
+		<permission action="procCommentVoteUp" target="member" />
+		<permission action="procCommentVoteUpCancel" target="member" />
+		<permission action="procCommentVoteDown" target="member" />
+		<permission action="procCommentVoteDownCancel" target="member" />
+		<permission action="procCommentDeclare" target="member" />
+		<permission action="procCommentGetList" target="manager" check_type="comment" check_var="comment_srls" />
+		<permission action="procCommentInsertModuleConfig" target="manager" check_var="target_module_srl" />
+		
+		<permission action="procCommentAdminAddCart" target="manager" check_type="comment" check_var="comment_srl" />
+		<permission action="procCommentAdminDeleteChecked" target="manager" check_type="comment" check_var="cart" />
+		<permission action="procCommentAdminMoveToTrash" target="manager" check_type="comment" check_var="comment_srl" />
 	</permissions>
 	<actions>
-		<action name="getCommentMenu" type="model" />
 		<action name="dispCommentDeclare" type="view" />
+		
+		<action name="getCommentMenu" type="model" />
+		<action name="getCommentVotedMemberList" type="model" />
+		
 		<action name="procCommentVoteUp" type="controller" />
 		<action name="procCommentVoteUpCancel" type="controller" />
 		<action name="procCommentVoteDown" type="controller" />
 		<action name="procCommentVoteDownCancel" type="controller" />
 		<action name="procCommentDeclare" type="controller" />
-		<action name="getCommentVotedMemberList" type="model" />
-		<action name="isModuleUsingPublishValidation" type="controller" />
-
-		<!-- admin -->
 		<action name="procCommentGetList" type="controller" />
 		<action name="procCommentInsertModuleConfig" type="controller" ruleset="insertCommentModuleConfig" />
 		
 		<action name="dispCommentAdminList" type="view" admin_index="true" menu_name="comment" menu_index="true" />
-		<action name="procCommentAdminChangeStatus" type="controller"/>
-		<action name="procCommentAdminChangePublishedStatusChecked" type="controller" />
 		<action name="dispCommentAdminDeclared" type="view" menu_name="comment" />
-		<action name="procCommentAdminCancelDeclare" type="controller" />
 		<action name="dispCommentAdminDeclaredLogByCommentSrl" type="view" menu_name="comment" />
 		
+		<action name="procCommentAdminChangeStatus" type="controller"/>
+		<action name="procCommentAdminChangePublishedStatusChecked" type="controller" />
+		<action name="procCommentAdminCancelDeclare" type="controller" />
 		<action name="procCommentAdminAddCart" type="controller" />
 		<action name="procCommentAdminDeleteChecked" type="controller" ruleset="deleteChecked" />
 		<action name="procCommentAdminMoveToTrash" type="controller" />

modules/communication/conf/module.xml

@@ -5,7 +5,6 @@
 		<permission action="dispCommunicationMessages" target="member" />
 		<permission action="dispCommunicationSendMessage" target="member" />
 		<permission action="dispCommunicationNewMessage" target="member" />
-
 		<permission action="dispCommunicationFriend" target="member" />
 		<permission action="dispCommunicationAddFriend" target="member" />
 		<permission action="dispCommunicationAddFriendGroup" target="member" />
@@ -16,42 +15,36 @@
 		<permission action="procCommunicationStoreMessage" target="member" />
 		<permission action="procCommunicationDeleteMessage" target="member" />
 		<permission action="procCommunicationDeleteMessages" target="member" />
-
 		<permission action="procCommunicationAddFriend" target="member" />
+		<permission action="procCommunicationAddFriendGroup" target="member" />
 		<permission action="procCommunicationMoveFriend" target="member" />
 		<permission action="procCommunicationDeleteFriend" target="member" />
-
-		<permission action="procCommunicationAddFriendGroup" target="member" />
-		<permission action="procCommunicationRenameFriendGroup" target="member" />
 		<permission action="procCommunicationDeleteFriendGroup" target="member" />
+		<permission action="procCommunicationRenameFriendGroup" target="member" />
 	</permissions>
 	<actions>
-		<action name="dispCommunicationMessages" type="view" standalone="true" />
-		<action name="dispCommunicationSendMessage" type="view" standalone="true" />
-		<action name="dispCommunicationNewMessage" type="view" standalone="true" />
+		<action name="dispCommunicationMessages" type="view" />
+		<action name="dispCommunicationSendMessage" type="view" />
+		<action name="dispCommunicationNewMessage" type="view" />
+		<action name="dispCommunicationFriend" type="view" />
+		<action name="dispCommunicationAddFriend" type="view" />
+		<action name="dispCommunicationAddFriendGroup" type="view" />
+		<action name="dispCommunicationMessageBoxList" type="mobile" />
 		
-		<action name="dispCommunicationFriend" type="view" standalone="true" />
-		<action name="dispCommunicationAddFriend" type="view" standalone="true" />
-		<action name="dispCommunicationAddFriendGroup" type="view" standalone="true" />
-		<action name="dispCommunicationMessageBoxList" type="mobile" standalone="true" />
+		<action name="procCommunicationUpdateAllowMessage" type="controller" />
+		<action name="procCommunicationSendMessage" type="controller" ruleset="sendMessage" />
+		<action name="procCommunicationStoreMessage" type="controller" />
+		<action name="procCommunicationDeleteMessage" type="controller" />
+		<action name="procCommunicationDeleteMessages" type="controller" />
+		<action name="procCommunicationAddFriend" type="controller" ruleset="addFriend" />
+		<action name="procCommunicationAddFriendGroup" type="controller" ruleset="addFriendGroup" />
+		<action name="procCommunicationMoveFriend" type="controller" ruleset="deleteCheckedFriend" />
+		<action name="procCommunicationDeleteFriend" type="controller" ruleset="deleteCheckedFriend" />
+		<action name="procCommunicationDeleteFriendGroup" type="controller" />
+		<action name="procCommunicationRenameFriendGroup" type="controller" />
 		
-		<action name="procCommunicationUpdateAllowMessage" type="controller" standalone="true" />
-		<action name="procCommunicationSendMessage" type="controller" ruleset="sendMessage" standalone="true" />
-		<action name="procCommunicationStoreMessage" type="controller" standalone="true" />
-		<action name="procCommunicationDeleteMessage" type="controller" standalone="true" />
-		<action name="procCommunicationDeleteMessages" type="controller" standalone="true" />
-
-		<action name="procCommunicationAddFriend" type="controller" ruleset="addFriend" standalone="true" />
-		<action name="procCommunicationMoveFriend" type="controller" ruleset="deleteCheckedFriend" standalone="true" />
-		<action name="procCommunicationDeleteFriend" type="controller" ruleset="deleteCheckedFriend" standalone="true" />
-
-		<action name="procCommunicationAddFriendGroup" type="controller" ruleset="addFriendGroup" standalone="true" />
-		<action name="procCommunicationRenameFriendGroup" type="controller" standalone="true" />
-		<action name="procCommunicationDeleteFriendGroup" type="controller" standalone="true" />
-
-		<!-- admin -->
+		<action name="dispCommunicationAdminConfig" type="view" admin_index="true" />
 		<action name="getCommunicationAdminColorset" type="model" />
 		<action name="procCommunicationAdminInsertConfig" type="controller" ruleset="insertConfig" />
-		<action name="dispCommunicationAdminConfig" type="view" admin_index="true" />
 	</actions>
 </module>

modules/counter/conf/module.xml

@@ -2,12 +2,11 @@
 <module>
 	<grants />
 	<permissions>
-        <permission action="getWeeklyUniqueVisitor" target="manager" />
-        <permission action="getWeeklyPageView" target="manager" />
+		<permission action="getWeeklyUniqueVisitor" target="root" />
+		<permission action="getWeeklyPageView" target="root" />
 	</permissions>
 	<actions>
 		<action name="dispCounterAdminIndex" type="view" admin_index="true" />
-        <action name="procCounterExecute" type="controller" />
 		<action name="getWeeklyUniqueVisitor" type="model" />
 		<action name="getWeeklyPageView" type="model" />
 	</actions>

modules/document/conf/module.xml

@@ -2,76 +2,75 @@
 <module>
 	<grants />
 	<permissions>
-		<!-- member -->
-		<permission action="getDocumentCategories" target="member" />
+		<permission action="dispTempSavedList" target="member" />
+		<permission action="dispDocumentDeclare" target="member" />
+		<permission action="dispDocumentManageDocument" target="all-managers" />
+		
+		<permission action="getDocumentCategories" target="all-managers" />
+		<permission action="getDocumentCategoryTplInfo" target="manager" check_var="module_srl" />
+		<permission action="getDocumentVotedMemberList" target="root" />
+		
 		<permission action="procDocumentTempSave" target="member" />
+		<permission action="procDocumentDeclare" target="member" />
+		<permission action="procDocumentGetList" target="manager" check_type="document" check_var="document_srls" />
+		<permission action="procDocumentAddCart" target="manager" check_type="document" check_var="srls" />
+		<permission action="procDocumentManageCheckedDocument" target="manager" check_type="document" check_var="cart" />
+		<permission action="procDocumentInsertModuleConfig" target="manager" check_var="target_module_srl" />
+		<permission action="procDocumentInsertCategory" target="manager" check_var="module_srl" />
+		<permission action="procDocumentDeleteCategory" target="manager" check_var="module_srl" />
+		<permission action="procDocumentMoveCategory" target="manager" check_var="module_srl" />
+		<permission action="procDocumentMakeXmlFile" target="manager" check_var="module_srl" />
 		
-		<!-- manager -->
-		<permission action="getDocumentCategoryTplInfo" target="manager" />
-		<permission action="procDocumentInsertCategory" target="manager" />
-		<permission action="procDocumentDeleteCategory" target="manager" />
-		<permission action="procDocumentMoveCategory" target="manager" />
-		<permission action="procDocumentMakeXmlFile" target="manager" />
-
-		<permission action="procDocumentAddCart" target="manager" />
-		<permission action="procDocumentGetList" target="manager" />
-		<permission action="dispDocumentManageDocument" target="manager" />
-		<permission action="procDocumentManageCheckedDocument" target="manager" />
-		<permission action="procDocumentAdminMoveToTrash" target="manager" />
-		
-		<permission action="dispDocumentAdminList" target="manager" />
-		<permission action="procDocumentInsertModuleConfig" target="manager" />
-		<permission action="procDocumentAdminInsertExtraVar" target="manager" />
-		<permission action="procDocumentAdminDeleteExtraVar" target="manager" />
+		<permission action="procDocumentAdminMoveToTrash" target="manager" check_type="document" check_var="document_srl" />
+		<permission action="procDocumentAdminInsertExtraVar" target="manager" check_var="module_srl" />
+		<permission action="procDocumentAdminDeleteExtraVar" target="manager" check_var="module_srl" />
+		<permission action="procDocumentAdminMoveExtraVar" target="manager" check_var="module_srl" />
 	</permissions>
 	<actions>
 		<action name="dispDocumentPrint" type="view" />
 		<action name="dispDocumentPreview" type="view" />
 		<action name="dispTempSavedList" type="view" />
 		<action name="dispDocumentDeclare" type="view" />
+		<action name="dispDocumentManageDocument" type="view" />
 		
-		<action name="getDocumentCategories" type="model" />
 		<action name="getDocumentMenu" type="model" />
+		<action name="getDocumentCategories" type="model" />
+		<action name="getDocumentCategoryTplInfo" type="model" />
+		<action name="getDocumentVotedMemberList" type="model" />
 		
 		<action name="procDocumentVoteUp" type="controller" />
 		<action name="procDocumentVoteUpCancel" type="controller" />.
 		<action name="procDocumentVoteDown" type="controller" />
 		<action name="procDocumentVoteDownCancel" type="controller" />
+		<action name="procDocumentTempSave" type="controller" />
 		<action name="procDocumentDeclare" type="controller" />
+		<action name="procDocumentGetList" type="controller" />
 		<action name="procDocumentAddCart" type="controller" />
-		<action name="dispDocumentManageDocument" type="view" />
 		<action name="procDocumentManageCheckedDocument" type="controller" />
 		<action name="procDocumentInsertModuleConfig" type="controller" />
-
-		<action name="dispDocumentAdminList" type="view" admin_index="true" menu_name="document" menu_index="true" />
-		<action name="dispDocumentAdminConfig" type="view" />
-		<action name="dispDocumentAdminAlias" type="view" menu_name="document" />
-		<action name="dispDocumentAdminDeclared" type="view" menu_name="document" />
-		<action name="dispDocumentAdminDeclaredLogByDocumentSrl" type="view" menu_name="document" />
-		<action name="dispDocumentAdminTrashList" type="view" menu_name="document" />
-
-		<action name="getDocumentCategoryTplInfo" type="model" />
-		<action name="getDocumentVotedMemberList" type="model" />
-
 		<action name="procDocumentInsertCategory" type="controller" ruleset="insertCategory" />
 		<action name="procDocumentDeleteCategory" type="controller" />
 		<action name="procDocumentMoveCategory" type="controller" />
 		<action name="procDocumentMakeXmlFile" type="controller" />
-		<action name="procDocumentTempSave" type="controller" />
-		<action name="procDocumentGetList" type="controller" />
 		
-		<action name="procDocumentAdminInsertAlias" type="controller" ruleset="insertAlias" />
-		<action name="procDocumentAdminDeleteAlias" type="controller" ruleset="deleteAlias" />
-		<action name="procDocumentAdminRestoreTrash" type="controller" />
-		<action name="procDocumentAdminMoveExtraVar" type="controller" />
+		<action name="dispDocumentAdminList" type="view" admin_index="true" menu_name="document" menu_index="true" />
+		<action name="dispDocumentAdminConfig" type="view" menu_name="document" />
+		<action name="dispDocumentAdminDeclared" type="view" menu_name="document" />
+		<action name="dispDocumentAdminDeclaredLogByDocumentSrl" type="view" menu_name="document" />
+		<action name="dispDocumentAdminAlias" type="view" menu_name="document" />
+		<action name="dispDocumentAdminTrashList" type="view" menu_name="document" />
 		
-		<action name="procDocumentAdminInsertExtraVar" type="controller" ruleset="insertExtraVar" />
-		<action name="procDocumentAdminDeleteExtraVar" type="controller" />
 		<action name="procDocumentAdminDeleteChecked" type="controller" />
 		<action name="procDocumentAdminInsertConfig" type="controller" />
 		<action name="procDocumentAdminDeleteAllThumbnail" type="controller" />
 		<action name="procDocumentAdminCancelDeclare" type="controller" />
+		<action name="procDocumentAdminInsertAlias" type="controller" ruleset="insertAlias" />
+		<action name="procDocumentAdminDeleteAlias" type="controller" ruleset="deleteAlias" />
 		<action name="procDocumentAdminMoveToTrash" type="controller" />
+		<action name="procDocumentAdminRestoreTrash" type="controller" />
+		<action name="procDocumentAdminInsertExtraVar" type="controller" ruleset="insertExtraVar" />
+		<action name="procDocumentAdminDeleteExtraVar" type="controller" />
+		<action name="procDocumentAdminMoveExtraVar" type="controller" />
 	</actions>
 	<menus>
 		<menu name="document">

modules/editor/conf/module.xml

@@ -2,25 +2,30 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procEditorInsertModuleConfig" target="manager" />
+		<permission action="dispEditorSkinColorset" target="root" />
+		<permission action="dispEditorConfigPreview" target="root" />
+		
+		<permission action="procEditorInsertModuleConfig" target="manager" check_var="target_module_srl" />
 	</permissions>
 	<actions>
-		<action name="dispEditorPopup" type="view" />
 		<action name="dispEditorComponentInfo" type="view" />
-		<action name="dispEditorAdminIndex" type="view" menu_name="editor" menu_index="true" admin_index="true" />
-		<action name="dispEditorAdminSetupComponent" type="view" menu_name="editor" />
-		<action name="dispEditorAdminSkinColorset" type="view" />
-		<action name="dispEditorConfigPreview" type="view" />
+		<action name="dispEditorPopup" type="view" />
 		<action name="dispEditorPreview" type="view" />
 		<action name="dispEditorSkinColorset" type="view" />
+		<action name="dispEditorConfigPreview" type="view" />
+		
+		<action name="procEditorCall" type="controller" />
 		<action name="procEditorSaveDoc" type="controller" />
 		<action name="procEditorRemoveSavedDoc" type="controller" />
-		<action name="procEditorCall" type="controller" />
+		<action name="procEditorLoadSavedDocument" type="controller" />
 		<action name="procEditorInsertModuleConfig" type="controller" />
-		<action name="procEditorAdminSetupComponent" type="controller" ruleset="setupComponent" />
+		
+		<action name="dispEditorAdminIndex" type="view" menu_name="editor" menu_index="true" admin_index="true" />
+		<action name="dispEditorAdminSetupComponent" type="view" menu_name="editor" />
+		
 		<action name="procEditorAdminGeneralConfig" type="controller" ruleset="generalConfig" />
 		<action name="procEditorAdminCheckUseListOrder" type="controller" ruleset="componentOrderAndUse" />
-		<action name="procEditorLoadSavedDocument" type="controller" />
+		<action name="procEditorAdminSetupComponent" type="controller" ruleset="setupComponent" />
 	</actions>
 	<menus>
 		<menu name="editor">

modules/file/conf/module.xml

@@ -2,25 +2,28 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procFileGetList" target="manager" />
-        <permission action="procFileAdminInsertModuleConfig" target="manager" />
+		<permission action="procFileGetList" target="root" />
+		<permission action="procFileAdminInsertModuleConfig" target="manager" check_var="target_module_srl" />
 	</permissions>
 	<actions>
-        <action name="dispFileAdminList" type="view" admin_index="true" menu_name="file" menu_index="true" />
-        <action name="dispFileAdminConfig" type="view" menu_name="fileUpload" menu_index="true" />
 		<action name="getFileList" type="model" />
+		
 		<action name="procFileUpload" type="controller" check_csrf="false" />
 		<action name="procFileIframeUpload" type="controller" />
 		<action name="procFileImageResize" type="controller" ruleset="imageResize" />
 		<action name="procFileDelete" type="controller" />
+		<action name="procFileSetCoverImage" type="controller" />
 		<action name="procFileDownload" type="controller" method="GET|POST" />
 		<action name="procFileOutput" type="controller" method="GET|POST" />
+		<action name="procFileGetList" type="controller" />
+		
+		<action name="dispFileAdminList" type="view" admin_index="true" menu_name="file" menu_index="true" />
+		<action name="dispFileAdminConfig" type="view" menu_name="fileUpload" menu_index="true" />
+		
+		<action name="procFileAdminAddCart" type="controller" />
 		<action name="procFileAdminDeleteChecked" type="controller" ruleset="deleteChecked" />
 		<action name="procFileAdminInsertConfig" type="controller" ruleset="insertConfig" />
 		<action name="procFileAdminInsertModuleConfig" type="controller" ruleset="fileModuleConfig" />
-        <action name="procFileAdminAddCart" type="controller" />
-        <action name="procFileGetList" type="controller" />
-        <action name="procFileSetCoverImage" type="controller" />
 	</actions>
 	<menus>
 		<menu name="file">

modules/importer/conf/module.xml

@@ -7,12 +7,7 @@
 		
 		<action name="procImporterAdminImport" type="controller" />
 		<action name="procImporterAdminPreProcessing" type="controller" />
-
 		<action name="procImporterAdminSync" type="controller" />
-        <action name="procImporterAdminMemberImport" type="controller" />
-        <action name="procImporterAdminMessageImport" type="controller" />
-        <action name="procImporterAdminModuleImport" type="controller" />
-        <action name="procImporterAdminTTXMLImport" type="controller" />
 		<action name="procImporterAdminCheckXmlFile" type="controller" />
 	</actions>
 	<menus>

modules/install/conf/module.xml

@@ -1,18 +1,23 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-    <permissions />
+	<permissions>
+		<permission action="getInstallFTPList" target="root" />
+	</permissions>
 	<actions>
 		<action name="dispInstallIndex" type="view" index="true" />
 		<action name="dispInstallCheckEnv" type="view" />
 		<action name="dispInstallDBConfig" type="view" />
 		<action name="dispInstallOtherConfig" type="view" />
+		
+		<action name="getInstallFTPList" type="model" />
+		
+		<action name="procInstallLicenseAgreement" type="controller" />
 		<action name="procDBConfig" type="controller" />
 		<action name="procInstall" type="controller" ruleset="install" />
-        <action name="procInstallLicenseAgreement" type="controller" />
+		
 		<action name="procInstallAdminInstall" type="controller" />
 		<action name="procInstallAdminUpdate" type="controller" />
 		<action name="procInstallAdminUpdateIndexModule" type="controller" />
-        <action name="getInstallFTPList" type="model" />
 	</actions>
 </module>

modules/integration_search/conf/module.xml

@@ -4,8 +4,8 @@
 	<permissions />
 	<actions>
 		<action name="IS" type="view" />
+		
 		<action name="dispIntegration_searchAdminContent" type="view" admin_index="true" />
-        <action name="dispIntegration_searchAdminGrantInfo" type="view" />
 		<action name="dispIntegration_searchAdminSkinInfo" type="view" />
 		
 		<action name="procIntegration_searchAdminInsertConfig" type="controller" ruleset="insertConfig" />

modules/krzip/conf/info.xml

@@ -4,6 +4,7 @@
 	<description xml:lang="ko">공개 API를 이용해 우편번호 검색 서비스를 이용합니다.</description>
 	<version>1.8.0</version>
 	<date>2015-03-10</date>
+	
 	<author email_address="developers@xpressengine.com" link="http://www.xpressengine.com/">
 		<name xml:lang="ko">NAVER</name>
 	</author>

modules/krzip/conf/module.xml

@@ -1,10 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module>
+	<grants />
+	<permissions />
 	<actions>
-		<action name="dispKrzipAdminConfig" type="view" menu_name="krzip" menu_index="true" admin_index="true" />
-		<action name="procKrzipAdminInsertConfig" type="controller" ruleset="krzipConfig" />
 		<action name="dispKrzipSearchForm" type="view" />
 		<action name="getKrzipCodeList" type="model" />
+		
+		<action name="dispKrzipAdminConfig" type="view" menu_name="krzip" menu_index="true" admin_index="true" />
+		<action name="procKrzipAdminInsertConfig" type="controller" ruleset="krzipConfig" />
 	</actions>
 	<menus>
 		<menu name="krzip" type="all">

modules/layout/conf/module.xml

@@ -2,51 +2,41 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="dispLayoutPreview" target="manager" />
-		<permission action="dispLayoutPreviewWithModule" target="manager" />
-		<permission action="getLayoutInstanceListForJSONP" target="manager" />
+		<permission action="dispLayoutPreview" target="root" />
+		<permission action="dispLayoutPreviewWithModule" target="root" />
+		<permission action="getLayoutInstanceListForJSONP" target="root" />
 	</permissions>
 	<actions>
-		<action name="dispLayoutInfo" type="view" />
 		<action name="dispLayoutPreview" type="view" />
 		<action name="dispLayoutPreviewWithModule" type="view" />
 		<action name="getLayoutInstanceListForJSONP" type="model" />
 		
-		<!-- admin -->
-		<action name="dispLayoutAdminContent" type="view" />
-		<action name="dispLayoutAdminInfo" type="view" />
-		<action name="dispLayoutAdminLayoutModify" type="view" />
-		<action name="dispLayoutAdminLayoutImageList" type="view" />
-		<action name="dispLayoutAdminMobileContent" type="view" />
-
 		<action name="dispLayoutAdminInstalledList" type="view" admin_index="true" menu_name="installedLayout" menu_index="true" />
-		<action name="dispLayoutAdminInstanceList" type="view" menu_name="installedLayout" />
 		<action name="dispLayoutAdminAllInstanceList" type="view" menu_name="installedLayout" />
+		<action name="dispLayoutAdminInstanceList" type="view" menu_name="installedLayout" />
 		<action name="dispLayoutAdminInsert" type="view" menu_name="installedLayout" />
 		<action name="dispLayoutAdminModify" type="view" menu_name="installedLayout" />
 		<action name="dispLayoutAdminEdit" type="view" menu_name="installedLayout" />
 		<action name="dispLayoutAdminCopyLayout" type="view" />
+		<action name="dispLayoutAdminLayoutModify" type="view" />
 		
 		<action name="getLayoutAdminSetInfoView" type="model" />
 		<action name="getLayoutAdminSetHTMLCSS" type="model" />
 		<action name="getLayoutAdminSiteDefaultLayout" type="model" />
 		
+		<action name="procLayoutAdminInsert" type="controller" ruleset="insertLayout" />
 		<action name="procLayoutAdminUpdate" type="controller" ruleset="updateLayout" />
+		<action name="procLayoutAdminDelete" type="controller" ruleset="deleteLayout" />
+		<action name="procLayoutAdminCopyLayout" type="controller" />
 		<action name="procLayoutAdminCodeUpdate" type="controller" ruleset="codeUpdate" />
+		<action name="procLayoutAdminCodeReset" type="controller" />
 		<action name="procLayoutAdminUserImageUpload" type="controller" ruleset="imageUpload" />
 		<action name="procLayoutAdminUserImageDelete" type="controller" />
 		<action name="procLayoutAdminConfigImageUpload" type="controller" />
 		<action name="procLayoutAdminConfigImageDelete" type="controller" />
-		<action name="procLayoutAdminDelete" type="controller" ruleset="deleteLayout" />
-
-		<action name="procLayoutAdminInsert" type="controller" ruleset="insertLayout" />
-
-		<action name="procLayoutAdminCodeReset" type="controller" />
-
-		<action name="procLayoutAdminUserValueInsert" type="controller" />
-		<action name="procLayoutAdminUserLayoutExport" type="controller" />
 		<action name="procLayoutAdminUserLayoutImport" type="controller" ruleset="userLayoutImport" />
-		<action name="procLayoutAdminCopyLayout" type="controller" />
+		<action name="procLayoutAdminUserLayoutExport" type="controller" />
+		<action name="procLayoutAdminUserValueInsert" type="controller" />
 	</actions>
 	<menus>
 		<menu name="installedLayout">

modules/member/conf/module.xml

@@ -2,117 +2,106 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="dispMemberModifyEmailAddress" target="member" />
+		<permission action="dispMemberInfo" target="member" />
 		<permission action="dispMemberModifyInfo" target="member" />
 		<permission action="dispMemberModifyPassword" target="member" />
+		<permission action="dispMemberModifyEmailAddress" target="member" />
 		<permission action="dispMemberLeave" target="member" />
-		<permission action="dispMemberOwnDocument" target="member" />
 		<permission action="dispMemberScrappedDocument" target="member" />
 		<permission action="dispMemberSavedDocument" target="member" />
+		<permission action="dispMemberOwnDocument" target="member" />
+		<permission action="dispMemberOwnComment" target="member" />
+		<permission action="dispMemberActiveLogins" target="member" />
+		<permission action="dispMemberModifyNicknameLog" target="member" />
+		<permission action="dispMemberLogout" target="member" />
+		<permission action="dispMemberSpammer" target="manager" check_var="module_srl" />
+		
+		<permission action="getApiGroups" target="root" />
 		
-		<permission action="procMemberModifyEmailAddress" target="member" />
 		<permission action="procMemberModifyInfoBefore" target="member" />
 		<permission action="procMemberModifyInfo" target="member" />
 		<permission action="procMemberModifyPassword" target="member" />
+		<permission action="procMemberModifyEmailAddress" target="member" />
 		<permission action="procMemberLeave" target="member" />
-
 		<permission action="procMemberInsertProfileImage" target="member" />
-		<permission action="procMemberInsertImageName" target="member" />
-		<permission action="procMemberInsertImageMark" target="member" />
 		<permission action="procMemberDeleteProfileImage" target="member" />
+		<permission action="procMemberInsertImageName" target="member" />
 		<permission action="procMemberDeleteImageName" target="member" />
+		<permission action="procMemberInsertImageMark" target="member" />
 		<permission action="procMemberDeleteImageMark" target="member" />
-		<permission action="procMemberSiteSignUp" target="member" />
-		<permission action="procMemberSiteLeave" target="member" />
-
 		<permission action="procMemberScrapDocument" target="member" />
 		<permission action="procMemberDeleteScrap" target="member" />
 		<permission action="procMemberSaveDocument" target="member" />
 		<permission action="procMemberDeleteSavedDocument" target="member" />
-
-		<permission action="dispMemberSpammer" target="manager" />
-		<permission action="procMemberSpammerManage" target="manager" />
-		<permission action="getApiGroups" target="manager" />
+		<permission action="procMemberDeleteAutologin" target="member" />
+		<permission action="procMemberSiteSignUp" target="member" />
+		<permission action="procMemberSiteLeave" target="member" />
+		<permission action="procMemberLogout" target="member" />
+		<permission action="procMemberSpammerManage" target="manager" check_var="module_srl" />
 	</permissions>
 	<actions>
-		<action name="dispMemberInfo" type="view" standalone="true" />
-		<action name="dispMemberSignUpForm" type="view" standalone="true" />
-		<action name="dispMemberModifyEmailAddress" type="view" standalone="true" />
-		<action name="dispMemberModifyInfo" type="view" standalone="true" />
-		<action name="dispMemberModifyPassword" type="view" standalone="true" />
-		<action name="dispMemberLoginForm" type="view" standalone="true" />
-		<action name="dispMemberLogout" type="view" standalone="true" />
-		<action name="dispMemberLeave" type="view" standalone="true" />
-		<action name="dispMemberOwnDocument" type="view" standalone="true" />
-		<action name="dispMemberOwnComment" type="view" standalone="true" />
-		<action name="dispMemberScrappedDocument" type="view" standalone="true" />
-		<action name="dispMemberSavedDocument" type="view" standalone="true" />
-		<action name="dispMemberActiveLogins" type="view" standalone="true" />
-		<action name="dispMemberFindAccount" type="view" standalone="true" />
-		<action name="dispMemberGetTempPassword" type="view" standalone="true" />
-		<action name="dispMemberResendAuthMail" type="view" standalone="true" />
-		<action name="dispSavedDocumentList" type="view" standalone="true" />
-		<action name="dispMemberModifyNicknameLog" type="view" standalone="true" />
+		<action name="dispMemberSignUpForm" type="view" />
+		<action name="dispMemberLoginForm" type="view" />
+		<action name="dispMemberFindAccount" type="view" />
+		<action name="dispMemberResendAuthMail" type="view" />
+		<action name="dispMemberGetTempPassword" type="view" />
+		<action name="dispMemberInfo" type="view" />
+		<action name="dispMemberModifyInfo" type="view" />
+		<action name="dispMemberModifyPassword" type="view" />
+		<action name="dispMemberModifyEmailAddress" type="view" />
+		<action name="dispMemberLeave" type="view" />
+		<action name="dispMemberScrappedDocument" type="view" />
+		<action name="dispMemberSavedDocument" type="view" />
+		<action name="dispMemberOwnDocument" type="view" />
+		<action name="dispMemberOwnComment" type="view" />
+		<action name="dispMemberActiveLogins" type="view" />
+		<action name="dispMemberModifyNicknameLog" type="view" />
+		<action name="dispMemberLogout" type="view" />
+		<action name="dispMemberSpammer" type="view" />
+		
+		<action name="getMemberMenu" type="model" />
+		<action name="getApiGroups" type="model" />
+		
+		<action name="procMemberInsert" type="controller" ruleset="@insertMember" />
+		<action name="procMemberCheckValue" type="controller" />
+		<action name="procMemberLogin" type="controller" ruleset="@login" />
+		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" />
+		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" />
+		<action name="procMemberAuthAccount" type="controller" method="GET|POST" />
+		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" />
+		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" />
+		<action name="procMemberResetAuthMail" type="controller" ruleset="resetAuthMail" />
+		<action name="procMemberModifyInfoBefore" type="controller" ruleset="recheckedPassword" />
+		<action name="procMemberModifyInfo" type="controller" ruleset="@insertMember" />
+		<action name="procMemberModifyPassword" type="controller" ruleset="modifyPassword" />
+		<action name="procMemberModifyEmailAddress" type="controller" ruleset="modifyEmailAddress" />
+		<action name="procMemberLeave" type="controller" ruleset="leaveMember" />
+		<action name="procMemberInsertProfileImage" type="controller" ruleset="insertProfileImage" />
+		<action name="procMemberDeleteProfileImage" type="controller" />
+		<action name="procMemberInsertImageName" type="controller" ruleset="insertImageName" />
+		<action name="procMemberDeleteImageName" type="controller" />
+		<action name="procMemberInsertImageMark" type="controller" ruleset="insertImageMark" />
+		<action name="procMemberDeleteImageMark" type="controller" />
+		<action name="procMemberScrapDocument" type="controller" />
+		<action name="procMemberDeleteScrap" type="controller" />
+		<action name="procMemberSaveDocument" type="controller" />
+		<action name="procMemberDeleteSavedDocument" type="controller" />
+		<action name="procMemberDeleteAutologin" type="controller" />
+		<action name="procMemberSiteSignUp" type="controller" />
+		<action name="procMemberSiteLeave" type="controller" />
+		<action name="procMemberLogout" type="controller" />
+		<action name="procMemberSpammerManage" type="controller" />
 		
 		<action name="dispMemberAdminList" type="view" index="true" admin_index="true" menu_name="userList" menu_index="true"/>
+		<action name="dispMemberAdminInfo" type="view" menu_name="userList" />
+		<action name="dispMemberAdminInsert" type="view" menu_name="userList" />
 		<action name="dispMemberAdminConfig" type="view" menu_name="userSetting" menu_index="true" />
 		<action name="dispMemberAdminFeaturesConfig" type="view" menu_name="userSetting" />
 		<action name="dispMemberAdminSignUpConfig" type="view" menu_name="userSetting" />
 		<action name="dispMemberAdminLoginConfig" type="view" menu_name="userSetting" />
 		<action name="dispMemberAdminDesignConfig" type="view" menu_name="userSetting" />
-		<action name="dispMemberAdminInsert" type="view" menu_name="userList" />
-		<action name="dispMemberAdminGroupList" type="view" menu_name="userGroup" menu_index="true" />
-		<action name="dispMemberAdminInfo" type="view" menu_name="userList" />
-		<action name="dispMemberAdminInsertJoinForm" type="view" />
 		<action name="dispMemberAdminNickNameLog" type="view" menu_name="userSetting" />
-		
-		<action name="getMemberMenu" type="model" standalone="true" />
-
-		<action name="procMemberLogin" type="controller" ruleset="@login" standalone="true" />
-		<action name="procMemberLogout" type="controller" standalone="true" />
-		<action name="procMemberCheckValue" type="controller" standalone="true" />
-		<action name="procMemberInsert" type="controller" ruleset="@insertMember" standalone="true" />
-		<action name="procMemberModifyEmailAddress" type="controller" ruleset="modifyEmailAddress" standalone="true" />
-		<action name="procMemberModifyInfoBefore" type="controller" ruleset="recheckedPassword" standalone="true" />
-		<action name="procMemberModifyInfo" type="controller" ruleset="@insertMember" standalone="true" />
-		<action name="procMemberModifyPassword" type="controller" ruleset="modifyPassword" standalone="true" />
-		<action name="procMemberLeave" type="controller" ruleset="leaveMember" standalone="true" />
-		<action name="procMemberInsertProfileImage" type="controller" ruleset="insertProfileImage" standalone="true" />
-		<action name="procMemberInsertImageName" type="controller" ruleset="insertImageName" standalone="true" />
-		<action name="procMemberInsertImageMark" type="controller" ruleset="insertImageMark" standalone="true" />
-		<action name="procMemberDeleteProfileImage" type="controller" standalone="true" />
-		<action name="procMemberDeleteImageName" type="controller" standalone="true" />
-		<action name="procMemberDeleteImageMark" type="controller" standalone="true" />
-		<action name="procMemberSiteSignUp" type="controller" standalone="true" />
-		<action name="procMemberSiteLeave" type="controller" standalone="true" />
-
-		<action name="procMemberScrapDocument" type="controller" standalone="true" />
-		<action name="procMemberDeleteScrap" type="controller" standalone="true" />
-		<action name="procMemberSaveDocument" type="controller" standalone="true" />
-		<action name="procMemberDeleteSavedDocument" type="controller" standalone="true" />
-		<action name="procMemberDeleteAutologin" type="controller" standalone="true" />
-
-		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" standalone="true" />
-		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" standalone="true" />
-		<action name="procMemberAuthAccount" type="controller" method="GET|POST" standalone="true" />
-		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" standalone="true" />
-		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" standalone="true" />
-		<action name="procMemberResetAuthMail" type="controller" ruleset="resetAuthMail" standalone="true" />
-
-		<!-- manager -->
-		<action name="dispMemberSpammer" type="view" standalone="true" />
-		<action name="procMemberSpammerManage" type="controller" standalone="true" />
-		<action name="getApiGroups" type="model" standalone="true" />
-
-		<!-- admin -->
-		<action name="dispMemberAdminList" type="view" index="true" admin_index="true" menu_name="userList" menu_index="true"/>
-		<action name="dispMemberAdminConfig" type="view" menu_name="userSetting" menu_index="true" />
-		<action name="dispMemberAdminSignUpConfig" type="view" menu_name="userSetting" />
-		<action name="dispMemberAdminLoginConfig" type="view" menu_name="userSetting" />
-		<action name="dispMemberAdminDesignConfig" type="view" menu_name="userSetting" />
-		<action name="dispMemberAdminInsert" type="view" menu_name="userList" />
 		<action name="dispMemberAdminGroupList" type="view" menu_name="userGroup" menu_index="true" />
-		<action name="dispMemberAdminInfo" type="view" menu_name="userList" />
 		<action name="dispMemberAdminInsertJoinForm" type="view" />
 		
 		<action name="getMemberAdminColorset" type="model" />
@@ -121,27 +110,26 @@
 		
 		<action name="procMemberAdminInsert" type="controller" ruleset="insertAdminMember" />
 		<action name="procMemberAdminDelete" type="controller" />
+		<action name="procMemberAdminSelectedMemberManage" type="controller" ruleset="updateSeletecdMemberInfo" />
 		<action name="procMemberAdminInsertDefaultConfig" type="controller" ruleset="insertDefaultConfig" />
 		<action name="procMemberAdminInsertFeaturesConfig" type="controller" />
 		<action name="procMemberAdminInsertSignupConfig" type="controller" />
 		<action name="procMemberAdminInsertLoginConfig" type="controller" />
 		<action name="procMemberAdminInsertDesignConfig" type="controller" />
-		<action name="procMemberAdminInsertGroup" type="controller" ruleset="insertGroup" />
-		<action name="procMemberAdminUpdateGroup" type="controller" ruleset="updateGroup" />
-		<action name="procMemberAdminDeleteGroup" type="controller" ruleset="deleteGroup" />
-		<action name="procMemberAdminUpdateMembersGroup" type="controller" ruleset="manageMemberGroup" />
-		<action name="procMemberAdminDeleteMembers" type="controller" />
-		<action name="procMemberAdminInsertJoinForm" type="controller" ruleset="insertJoinForm" />
-		<action name="procMemberAdminUpdateJoinForm" type="controller" />
 		<action name="procMemberAdminUpdateManagedEmailHosts" type="controller" />
-		<action name="procMemberAdminDeleteJoinForm" type="controller" />
 		<action name="procMemberAdminUpdateDeniedNickName" type="controller" />
 		<action name="procMemberAdminInsertDeniedID" type="controller" ruleset="insertDeniedId" />
 		<action name="procMemberAdminUpdateDeniedID" type="controller" />
-		<action name="procMemberAdminUpdateGroupOrder" type="controller" />
-
-		<action name="procMemberAdminSelectedMemberManage" type="controller" ruleset="updateSeletecdMemberInfo" />
+		<action name="procMemberAdminInsertJoinForm" type="controller" ruleset="insertJoinForm" />
+		<action name="procMemberAdminUpdateJoinForm" type="controller" />
+		<action name="procMemberAdminDeleteJoinForm" type="controller" />
 		<action name="procMemberAdminGroupConfig" type="controller" />
+		<action name="procMemberAdminInsertGroup" type="controller" ruleset="insertGroup" />
+		<action name="procMemberAdminUpdateGroup" type="controller" ruleset="updateGroup" />
+		<action name="procMemberAdminDeleteGroup" type="controller" ruleset="deleteGroup" />
+		<action name="procMemberAdminUpdateGroupOrder" type="controller" />
+		<action name="procMemberAdminUpdateMembersGroup" type="controller" ruleset="manageMemberGroup" />
+		<action name="procMemberAdminDeleteMembers" type="controller" />
 	</actions>
 	<menus>
 		<menu name="userList">

modules/menu/conf/module.xml

@@ -1,21 +1,16 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-	<permissions>
-		<permission action="getMenuAdminSiteMap" target="manager" />
-		<permission action="procMenuAdminUpdateAuth" target="manager" />
-	</permissions>
+	<permissions />
 	<actions>
 		<action name="dispMenuMenu" type="mobile" />
 		
-		<!-- admin -->
-		<action name="dispMenuAdminMidList" type="view" />
 		<action name="dispMenuAdminSiteMap" type="view" admin_index="true" menu_name="siteMap" menu_index="true" />
 		<action name="dispMenuAdminSiteDesign" type="view" menu_name="siteDesign" menu_index="true" />
 		
-		<action name="getMenuAdminTplInfo" type="model" />
-		<action name="getMenuAdminItemInfo" type="model" />
 		<action name="getMenuAdminSiteMap" type="model" />
+		<action name="getMenuAdminItemInfo" type="model" />
+		<action name="getMenuAdminTplInfo" type="model" />
 		<action name="getMenuAdminInstalledMenuType" type="model" />
 		<action name="getMenuAdminDetailSetup" type="model" />
 		
@@ -24,18 +19,17 @@
 		<action name="procMenuAdminDelete" type="controller" />
 		<action name="procMenuAdminInsertItem" type="controller" ruleset="insertMenuItem" />
 		<action name="procMenuAdminUpdateItem" type="controller" ruleset="updateMenuItem" />
-		<action name="procMenuAdminButtonUpload" type="controller" />
-		<action name="procMenuAdminInsertItemForAdminMenu" type="controller" />
 		<action name="procMenuAdminDeleteItem" type="controller" />
-		<action name="procMenuAdminMakeXmlFile" type="controller" />
 		<action name="procMenuAdminMoveItem" type="controller" />
 		<action name="procMenuAdminCopyItem" type="controller" />
-		<action name="procMenuAdminArrangeItem" type="controller" />
-
+		<action name="procMenuAdminUpdateAuth" type="controller" />
+		<action name="procMenuAdminButtonUpload" type="controller" />
 		<action name="procMenuAdminUploadButton" type="controller" />
 		<action name="procMenuAdminDeleteButton" type="controller" />
+		<action name="procMenuAdminInsertItemForAdminMenu" type="controller" />
+		<action name="procMenuAdminMakeXmlFile" type="controller" />
+		<action name="procMenuAdminArrangeItem" type="controller" />
 		<action name="procMenuAdminAllActList" type="controller" />
-		<action name="procMenuAdminUpdateAuth" type="controller" />
 	</actions>
 	<menus>
 		<menu name="siteMap">

modules/message/conf/module.xml

@@ -5,7 +5,6 @@
 	<actions>
 		<action name="dispMessage" type="view" index="true" />
 		
-		<!-- admin -->
 		<action name="dispMessageAdminConfig" type="view" admin_index="true" />
 		<action name="procMessageAdminInsertConfig" type="controller" />
 		<action name="getMessageAdminColorset" type="model" />

modules/module/conf/module.xml

@@ -2,71 +2,73 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="dispModuleSelectList" target="member" />
-
+		<permission action="dispModuleSelectList" target="root" />
+		<permission action="dispModuleSkinInfo" target="all-managers" />
+		<permission action="dispModuleFileBox" target="root" />
+		<permission action="dispModuleFileBoxAdd" target="root" />
 		
+		<permission action="getModuleSkinInfoList" target="root" />
+		<permission action="getFileBoxListHtml" target="root" />
+		<permission action="getModuleInfoByMenuItemSrl" target="root" />
 		<permission action="getLangListByLangcodeForAutoComplete" target="manager" />
-		<permission action="getLangByLangcode" target="manager" />
-		<permission action="getModuleAdminMultilingualHtml" target="manager" />
 		
-		<permission action="getModuleAdminGrant" target="manager" />
-		<permission action="procModuleAdminInsertGrant" target="manager" />
+		<permission action="procModuleFileBoxAdd" target="root" />
+		<permission action="procModuleFileBoxDelete" target="root" />
 		
 		<permission action="getModuleAdminLangCode" target="manager" />
-		<permission action="getModuleAdminLangListHtml" target="manager" />
 		<permission action="getModuleAdminLangListByName" target="manager" />
 		<permission action="getModuleAdminLangListByValue" target="manager" />
+		<permission action="getModuleAdminMultilingualHtml" target="manager" />
+		<permission action="getModuleAdminLangListHtml" target="manager" />
+		
+		<permission action="procModuleAdminInsertGrant" target="manager" check_var="module_srl" />
+		<permission action="procModuleAdminUpdateSkinInfo" target="manager" check_var="module_srl" />
 		<permission action="procModuleAdminInsertLang" target="manager" />
-		<permission action="procModuleAdminUpdateSkinInfo" target="manager" />
 	</permissions>
 	<actions>
 		<action name="dispModuleSelectList" type="view" />
 		<action name="dispModuleSkinInfo" type="view" />
-
 		<action name="dispModuleFileBox" type="view" />
 		<action name="dispModuleFileBoxAdd" type="view" />
+		<action name="dispModuleChangeLang" type="mobile" />
+		
+		<action name="getModuleSkinInfoList" type="model" />
+		<action name="getFileBoxListHtml" type="model" />
+		<action name="getModuleInfoByMenuItemSrl" type="model" />
+		<action name="getLangListByLangcodeForAutoComplete" type="model" />
+		<action name="getLangByLangcode" type="model" />
 		
-		<action name="procModuleFileBoxAdd" type="controller" />
 		<action name="procModuleFileBoxAdd" type="controller" />
 		<action name="procModuleFileBoxDelete" type="controller" />
 		
-		<action name="getModuleSkinInfoList" type="model" />
-		<action name="getModuleAdminModuleList" type="model" />
-		<action name="getModuleAdminLangCode" type="model" />
-		<action name="getModuleAdminLangListByName" type="model" />
-		<action name="getModuleAdminLangListByValue" type="model" />
-		<action name="getLangListByLangcodeForAutoComplete" type="model" />
-		<action name="getFileBoxListHtml" type="model" />
-		<action name="getLangByLangcode" type="model" />
-		<action name="getModuleInfoByMenuItemSrl" type="model" />
-		<action name="dispModuleChangeLang" type="mobile" />
-
-		<!-- admin -->
 		<action name="dispModuleAdminContent" type="view" menu_name="installedModule" menu_index="true" admin_index="true" />
-		<action name="dispModuleAdminList" type="view" />
 		<action name="dispModuleAdminCategory" type="view" menu_name="installedModule" />
 		<action name="dispModuleAdminInfo" type="view" />
 		<action name="dispModuleAdminModuleSetup" type="view" />
 		<action name="dispModuleAdminModuleAdditionSetup" type="view" />
 		<action name="dispModuleAdminModuleGrantSetup" type="view" />
 		<action name="dispModuleAdminCopyModule" type="view" />
-		<action name="dispModuleAdminLangcode" type="view" menu_name="multilingual" menu_index="true" />
 		<action name="dispModuleAdminFileBox" type="view" menu_name="filebox" menu_index="true" />
+		<action name="dispModuleAdminLangcode" type="view" menu_name="multilingual" menu_index="true" />
 		
+		<action name="getModuleAdminModuleList" type="model" />
+		<action name="getModuleAdminModuleInfo" type="model" />
 		<action name="getModuleAdminGrant" type="model" />
+		<action name="getModuleAdminLangCode" type="model" />
+		<action name="getModuleAdminLangListByName" type="model" />
+		<action name="getModuleAdminLangListByValue" type="model" />
+		<action name="getModuleAdminModuleSearcherHtml" type="model" />
 		<action name="getModuleAdminMultilingualHtml" type="model" />
 		<action name="getModuleAdminLangListHtml" type="model" />
-		<action name="getModuleAdminModuleSearcherHtml" type="model" />
-		<action name="getModuleAdminModuleInfo" type="model" />
 		
 		<action name="procModuleAdminInsertCategory" type="controller" ruleset="insertCategory" />
 		<action name="procModuleAdminUpdateCategory" type="controller" ruleset="updateCategory" />
 		<action name="procModuleAdminDeleteCategory" type="controller" ruleset="deleteCategory" />
+		<action name="procModuleAdminModuleSetup" type="controller" ruleset="insertModuleSetup" />
+		<action name="procModuleAdminModuleGrantSetup" type="controller" ruleset="insertModulesGrant" />		
 		<action name="procModuleAdminCopyModule" type="controller" ruleset="copyModule" />
 		<action name="procModuleAdminInsertGrant" type="controller" />
 		<action name="procModuleAdminUpdateSkinInfo" type="controller" />
-		<action name="procModuleAdminModuleSetup" type="controller" ruleset="insertModuleSetup" />
-		<action name="procModuleAdminModuleGrantSetup" type="controller" ruleset="insertModulesGrant" />
 		<action name="procModuleAdminInsertLang" type="controller" />
 		<action name="procModuleAdminDeleteLang" type="controller" />
 		<action name="procModuleAdminGetList" type="controller" />

modules/module/module.model.php

@@ -858,8 +858,12 @@ class moduleModel extends module
 					$target = $permission->attrs->target;
 
 					$info->permission->{$action} = $target;
+					$info->permission_check->{$action}->key = $permission->attrs->check_var ?: '';
+					$info->permission_check->{$action}->type = $permission->attrs->check_type ?: '';
 					
 					$buff[] = sprintf('$info->permission->%s = \'%s\';', $action, $target);
+					$buff[] = sprintf('$info->permission_check->%s->key = \'%s\';', $action, $info->permission_check->{$action}->key);
+					$buff[] = sprintf('$info->permission_check->%s->type = \'%s\';', $action, $info->permission_check->{$action}->type);
 				}
 			}
 			// for admin menus
@@ -1912,162 +1916,254 @@ class moduleModel extends module
 	}
 	
 	/**
-	 * @brief Return permission by using module info, xml info and member info
+	 * @brief Return privileges(granted) information by using module info, xml info and member info
 	 */
 	function getGrant($module_info, $member_info, $xml_info = '')
 	{
-		if (!$xml_info && isset($GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)]))
+		$__cache = &$GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl)][intval($member_info->member_srl)];
+		
+		if (!$xml_info && is_object($__cache))
 		{
-			return $GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)];
+			return $__cache;
 		}
 		
-		$grant = new stdClass();
+		$grant = new stdClass;
+		
+		// Get information of module.xml 
 		if(!$xml_info)
 		{
-			$module = $module_info->module;
-			$xml_info = $this->getModuleActionXml($module);
+			$xml_info = $this->getModuleActionXml($module_info->module);
 		}
 		
-		// Set variables to grant group permission
-		$module_srl = $module_info->module_srl;
-		$grant_info = $xml_info->grant;
+		// Get group information of member
+		if(is_array($member_info->group_list))
+		{
+			$member_group = array_keys($member_info->group_list);
+		}
+		else
+		{
+			$member_group = array();
+		}
+		
+		$is_module_admin = $module_info->module_srl ? $this->isModuleAdmin($member_info, $module_info->module_srl) : false;
+		
+		// Get 'privilege name' list from module.xml
+		$privilege_list = array_keys((array) $xml_info->grant);
+		
+		// Prepend default 'privilege name'
+		// is_admin, manager, is_site_admin not distinguish because of compatibility.
+		array_unshift($privilege_list, 'access', 'is_admin', 'manager', 'is_site_admin', 'root');
+		
+		// Unique
+		$privilege_list = array_unique($privilege_list, SORT_STRING);
+		
+		// Grant first
+		foreach($privilege_list as $val)
+		{
+			// If an administrator, grant all
+			if($member_info->is_admin == 'Y')
+			{
+				$grant->{$val} = true;
+			}
+			// If a module manager, grant all (except 'root')
+			else if($is_module_admin === true && $val !== 'root')
+			{
+				$grant->{$val} = true;
+			}
+			// If module_srl doesn't exist, grant access
+			else if(!$module_info->module_srl && $val === 'access')
+			{
+				$grant->{$val} = true;
+			}
+			// Default : not grant
+			else
+			{
+				$grant->{$val} = false;
+			}
+		}
+		
+		// If access were not granted, check more
+		if(!$grant->access)
+		{
+			$checked = array();
+			
+			// Grant privileges by information that get from the DB
+			foreach($this->getModuleGrants($module_info->module_srl)->data as $val)
+			{
+				if(isset($checked[$val->name]))
+				{
+					continue;
+				}
+				
+				$checked[$val->name] = true;
+				
+				// All user
+				if($val->group_srl == 0)
+				{
+					$grant->{$val->name} = true;
+					
+					continue;
+				}
+				
+				// Log-in member only
 				if($member_info->member_srl)
 				{
-			if(is_array($member_info->group_list)) $group_list = array_keys($member_info->group_list);
-			else $group_list = array();
-		}
-		else
-		{
-			$group_list = array();
-		}
-		// If module_srl doesn't exist(if unable to set permissions)
-		if(!$module_srl)
-		{
-			$grant->access = true;
-			$grant->is_admin = $grant->manager = $grant->is_site_admin = ($member_info->is_admin == 'Y') ? true : false;
-		}
-		else
-		{
-			// If module_srl exists
-			// Get a type of granted permission
-			$grant->access = $grant->is_admin = $grant->manager = $grant->is_site_admin = ($member_info->is_admin == 'Y') ? true : false;
-			
-			// If a just logged-in member is, check if the member is a module administrator
-			if (!$grant->manager && $member_info->member_srl && $this->isModuleAdmin($member_info, $module_srl))
-			{
-				$grant->manager = true;
-			}
-			
-			// If not an administrator, get information from the DB and grant manager privilege.
-			if(!$grant->manager)
-			{
-				$args = new stdClass();
-				// If planet, get permission settings from the planet home
-				if($module_info->module == 'planet')
-				{
-					$output = executeQueryArray('module.getPlanetGrants', $args);
-				}
-				else
-				{
-					$output = $this->getModuleGrants($module_srl);
-				}
-
-				$grant_exists = $granted = array();
-
-				if($output->data)
-				{
-					// Arrange names and groups who has privileges
-					foreach($output->data as $val)
-					{
-						$grant_exists[$val->name] = true;
-						if($granted[$val->name]) continue;
-						// Log-in member only
 					if($val->group_srl == -1)
 					{
-							$granted[$val->name] = true;
-							if($member_info->member_srl) $grant->{$val->name} = true;
-							// Site-joined member only
+						$grant->{$val->name} = true;
 					}
+					// Site-joined member only
 					else if($val->group_srl == -2)
 					{
-							$granted[$val->name] = true;
-							// Do not grant any permission for non-logged member
-							if(!$member_info->member_srl) $grant->{$val->name} = false;
-							// Log-in member
-							else
+						// Grant if no information of the currently connected site exists
+						if(!Context::get('site_module_info')->site_srl)
 						{
-								$site_module_info = Context::get('site_module_info');
-								// Permission granted if no information of the currently connected site exists
-								if(!$site_module_info->site_srl) $grant->{$val->name} = true;
-								// Permission is not granted if information of the currently connected site exists
-								elseif(count($group_list)) $grant->{$val->name} = true;
-							}
-							// All of non-logged members
-						}
-						elseif($val->group_srl == 0)
-						{
-							$granted[$val->name] = true;
 							$grant->{$val->name} = true;
+						}
+						else if(count($member_group))
+						{
+							$grant->{$val->name} = true;
+						}
+					}
 					// If a target is a group
-						}
-						else
-						{
-							if($group_list && count($group_list) && in_array($val->group_srl, $group_list))
+					else if(count($member_group) && in_array($val->group_srl, $member_group))
 					{
 						$grant->{$val->name} = true;
-								$granted[$val->name] = true;
 					}
 				}
 			}
-				}
-				// Separate processing for the virtual group access
-				if(!$grant_exists['access']) $grant->access = true;
-				if(count($grant_info))
-				{
-					foreach($grant_info as  $grant_name => $grant_item)
-					{
-						if($grant_exists[$grant_name]) continue;
-						switch($grant_item->default)
-						{
-							case 'guest' :
-								$grant->{$grant_name} = true;
-								break;
-							case 'member' :
-								if($member_info->member_srl) $grant->{$grant_name} = true;
-								else $grant->{$grant_name} = false;
-								break;
-							case 'site' :
-								$site_module_info = Context::get('site_module_info');
-								if($member_info->member_srl && (($site_module_info->site_srl && count($group_list)) || !$site_module_info->site_srl)) $grant->{$grant_name} = true;
-								else $grant->{$grant_name} = false;
-								break;
-							case 'manager' :
-							case 'root' :
-								if($member_info->is_admin == 'Y') $grant->{$grant_name} = true;
-								else $grant->{$grant_name} = false;
-								break;
-						}
-					}
-				}
-			}
-			// Set true to grant all privileges if an administrator is
-			if($grant->manager)
+			
+			// Grant access by default
+			if(!isset($checked['access']))
 			{
 				$grant->access = true;
-				if(count($grant_info))
+			}
+			
+			// Grant privileges by default information of module
+			if(is_array($xml_info->grant))
 			{
-					foreach($grant_info as $key => $val)
+				foreach($xml_info->grant as $name => $item)
 				{
-						$grant->{$key} = true;
+					if(isset($checked[$name]))
+					{
+						continue;
+					}
+					
+					// All user
+					if($item->default == 'guest')
+					{
+						$grant->{$name} = true;
+						
+						continue;
+					}
+					
+					// Log-in member only
+					if($member_info->member_srl)
+					{
+						if($item->default == 'member')
+						{
+							$grant->{$name} = true;
+						}
+						else if($item->default == 'site')
+						{
+							// Grant if no information of the currently connected site exists
+							if(!Context::get('site_module_info')->site_srl)
+							{
+								$grant->{$name} = true;
+							}
+							else if(count($member_group))
+							{
+								$grant->{$name} = true;
+							}
+						}
 					}
 				}
 			}
 		}
 		
-		$GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)] = $grant;
+		return $__cache = $grant;
+	}
 	
+	/**
+	 * Get privileges(granted) information of the member for target module by target_srl
+	 * @param string $target_srl as module_srl. It may be a reference serial number
+	 * @param string $type module name. get module_srl from module
+	 * @param object $member_info member information
+	 * @return mixed success : object, fail : false
+	 * */
+	function getPrivilegesBySrl($target_srl, $type = null, $member_info = null)
+	{
+		if(empty($target_srl = trim($target_srl)) || !preg_match('/^([0-9]+)$/', $target_srl) && $type != 'module')
+		{
+			return false;
+		}
+		
+		if($type)
+		{
+			if($type == 'document')
+			{
+				$target_srl = getModel('document')->getDocument($target_srl, false, false)->get('module_srl');
+			}
+			else if($type == 'comment')
+			{
+				$target_srl = getModel('comment')->getComment($target_srl)->get('module_srl');
+			}
+			else if($type == 'file')
+			{
+				$target_srl = getModel('file')->getFile($target_srl)->module_srl;
+			}
+			else if($type == 'module')
+			{
+				$module_info = $this->getModuleInfoByMid($target_srl);
+			}
+		}
+		
+		if(!isset($module_info))
+		{
+			$module_info = $this->getModuleInfoByModuleSrl($target_srl);
+		}
+		
+		if(!$module_info->module_srl)
+		{
+			return false;
+		}
+		
+		if(!$member_info)
+		{
+			$member_info = Context::get('logged_info');
+		}
+		
+		return $this->getGrant($module_info, $member_info);
+	}
+	
+	/**
+	 * @brief Search all modules to find manager privilege of the member
+	 * @param object $member_info member information
+	 * @param string $module module name. if used, search scope is same module
+	 * @return mixed success : object, fail : false
+	 */
+	function findManagerPrivilege($member_info, $module = null)
+	{
+		if(!$member_info->member_srl || empty($mid_list = $this->getMidList()))
+		{
+			return false;
+		}
+		
+		foreach($mid_list as $module_info)
+		{
+			if($module && $module_info->module != $module)
+			{
+				continue;
+			}
+			
+			if(($grant = $this->getGrant($module_info, $member_info)) && $grant->manager)
+			{
 				return $grant;
 			}
+		}
+		
+		return false;
+	}
 	
 	/**
 	 * @brief Get module grants

modules/ncenterlite/conf/module.xml

@@ -1,27 +1,39 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module>
 	<grants />
-	<permissions />
+	<permissions>
+		<permission action="dispNcenterliteNotifyList" target="member" />
+		<permission action="dispNcenterliteUserConfig" target="member" />
+		
+		<permission action="getColorsetList" target="root" />
+		<permission action="getMyNotifyListTpl" target="member" />
+		
+		<permission action="procNcenterliteUserConfig" target="member" />
+		<permission action="procNcenterliteNotifyReadAll" target="member" />
+		<permission action="procNcenterliteRedirect" target="member" />
+	</permissions>
 	<actions>
-		<action name="dispNcenterliteAdminConfig" type="view" admin_index="true" menu_name="ncenterlite" menu_index="true" />
-		<action name="dispNcenterliteAdminSeletedmid" type="view" />
-		<action name="dispNcenterliteAdminTest" type="view" />
-		<action name="dispNcenterliteAdminSkinsetting" type="view" />
-		<action name="dispNcenterliteAdminAdvancedconfig" type="view" />
 		<action name="dispNcenterliteNotifyList" type="view" />
-		<action name="dispNcenterliteAdminList" type="view" />
 		<action name="dispNcenterliteUserConfig" type="view" />
-		<action name="procNcenterliteUserConfig" type="controller" />
-		<action name="procNcenterliteAdminInsertConfig" type="controller" ruleset="insertConfig" />
-		<action name="procNcenterliteAdminDeleteNofity" type="controller" />
-		<action name="procNcenterliteAdminInsertDummyData" type="controller" />
-		<action name="procNcenterliteAdminInsertPushData" type="controller" />
-		<action name="procNcenterliteAdminEnviromentGatheringAgreement" type="controller" />
-		<action name="procNcenterliteNotifyReadAll" type="controller" />
-		<action name="procNcenterliteRedirect" type="controller" method="GET|POST" />
 		
 		<action name="getColorsetList" type="model" />
 		<action name="getMyNotifyListTpl" type="model" />
+		
+		<action name="procNcenterliteUserConfig" type="controller" />
+		<action name="procNcenterliteNotifyReadAll" type="controller" />
+		<action name="procNcenterliteRedirect" type="controller" method="GET|POST" />
+		
+		<action name="dispNcenterliteAdminConfig" type="view" admin_index="true" menu_name="ncenterlite" menu_index="true" />
+		<action name="dispNcenterliteAdminAdvancedconfig" type="view" menu_name="ncenterlite" />
+		<action name="dispNcenterliteAdminSeletedmid" type="view" menu_name="ncenterlite" />
+		<action name="dispNcenterliteAdminSkinsetting" type="view" menu_name="ncenterlite" />
+		<action name="dispNcenterliteAdminTest" type="view"  menu_name="ncenterlite" />
+		<action name="dispNcenterliteAdminList" type="view" menu_name="ncenterlite" />
+		
+		<action name="procNcenterliteAdminInsertConfig" type="controller" ruleset="insertConfig" />
+		<action name="procNcenterliteAdminInsertDummyData" type="controller" />
+		<action name="procNcenterliteAdminInsertPushData" type="controller" />
+		<action name="procNcenterliteAdminDeleteNofity" type="controller" />
 	</actions>
 	<menus>
 		<menu name="ncenterlite" type="all">

modules/page/conf/module.xml

@@ -2,34 +2,41 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procPageAdminRemoveWidgetCache" target="manager" />
+		<permission action="dispPageAdminInfo" target="manager" check_var="module_srl" />
+		<permission action="dispPageAdminPageAdditionSetup" target="manager" check_var="module_srl" />
+		<permission action="dispPageAdminGrantInfo" target="manager" check_var="module_srl" />
+		<permission action="dispPageAdminSkinInfo" target="manager" check_var="module_srl" />
+		<permission action="dispPageAdminMobileSkinInfo" target="manager" check_var="module_srl" />
 		<permission action="dispPageAdminContentModify" target="manager" />
-		<permission action="procPageAdminInsert" target="manager" />
-		<permission action="procPageAdminInsertContent" target="manager" />
+		<permission action="dispPageAdminMobileContent" target="manager" />
+		<permission action="dispPageAdminMobileContentModify" target="manager" />
+		
+		<permission action="procPageAdminUpdate" target="manager" check_var="module_srl" />
+		<permission action="procPageAdminInsertContent" target="manager" check_var="module_srl" />
+		<permission action="procPageAdminArticleDocumentInsert" target="manager" />
+		<permission action="procPageAdminRemoveWidgetCache" target="manager" check_var="module_srl" />
 	</permissions>
 	<actions>
-		<action name="dispPageIndex" type="view" index="true" />
+		<action name="dispPageIndex" type="view" standalone="false" index="true" />
 		
-		<!-- admin -->
 		<action name="dispPageAdminContent" type="view" admin_index="true" menu_name="page" menu_index="true" />
-		<action name="dispPageAdminGrantInfo" type="view" menu_name="page" />
+		<action name="dispPageAdminDelete" type="view" menu_name="page" />
 		<action name="dispPageAdminInfo" type="view" setup_index="true" menu_name="page" />
 		<action name="dispPageAdminPageAdditionSetup" type="view" menu_name="page" />
-		<action name="dispPageAdminDelete" type="view" />
+		<action name="dispPageAdminGrantInfo" type="view" menu_name="page" />
+		<action name="dispPageAdminSkinInfo" type="view" menu_name="page" />
+		<action name="dispPageAdminMobileSkinInfo" type="view" menu_name="page" />
 		<action name="dispPageAdminContentModify" type="view" />
-		<action name="dispPageAdminAddContent" type="view" />
-		<action name="dispPageAdminMobileContentModify" type="view" />
 		<action name="dispPageAdminMobileContent" type="view" />
-		<action name="dispPageAdminSkinInfo" type="view" />
-		<action name="dispPageAdminMobileSkinInfo" type="view" />
-		<action name="procPageAdminRemoveWidgetCache" type="controller" />
+		<action name="dispPageAdminMobileContentModify" type="view" />
+		
 		<action name="procPageAdminInsert" type="controller" ruleset="insertPage" />
 		<action name="procPageAdminUpdate" type="controller" ruleset="updatePage" />
-		<action name="procPageAdminInsertContent" type="controller" />
 		<action name="procPageAdminDelete" type="controller" ruleset="deletePage" />
 		<action name="procPageAdminInsertConfig" type="controller" />
-		<action name="procPageAdminAddContent" type="controller" />
+		<action name="procPageAdminInsertContent" type="controller" />
 		<action name="procPageAdminArticleDocumentInsert" type="controller" />
+		<action name="procPageAdminRemoveWidgetCache" type="controller" />
 	</actions>
 	<menus>
 		<menu name="page" type="all">

modules/point/conf/module.xml

@@ -2,22 +2,23 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procPointAdminInsertPointModuleConfig" target="manager" />
+		<permission action="getMembersPointInfo" target="member" />
+		<permission action="procPointAdminInsertPointModuleConfig" target="manager" check_var="target_module_srl" />
 	</permissions>
 	<actions>
 		<action name="getMembersPointInfo" type="model" />
 		
-		<!-- admin -->
 		<action name="dispPointAdminConfig" type="view" admin_index="true" menu_name="point" menu_index="true" />
 		<action name="dispPointAdminModuleConfig" type="view" menu_name="point" />
 		<action name="dispPointAdminPointList" type="view" menu_name="point" />
+		
 		<action name="procPointAdminInsertConfig" type="controller" ruleset="insertConfig" />
 		<action name="procPointAdminInsertModuleConfig" type="controller" />
 		<action name="procPointAdminUpdatePoint" type="controller" ruleset="updatePoint" />
 		<action name="procPointAdminInsertPointModuleConfig" type="controller" />
+		<action name="procPointAdminReCal" type="controller" />
 		<action name="procPointAdminApplyPoint" type="controller" />
 		<action name="procPointAdminReset" type="controller" />
-		<action name="procPointAdminReCal" type="controller" />
 	</actions>
 	<menus>
 		<menu name="point">

modules/poll/conf/module.xml

@@ -1,13 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-	<permissions />
+	<permissions>
+		<permission action="procPollInsertItem" target="member" />
+		<permission action="procPollDeleteItem" target="member" />
+		<permission action="procPollGetList" target="root" />
+	</permissions>
 	<actions>
-		<action name="getPollGetColorsetList" type="model" />
-		
 		<action name="getPollstatus" type="model" />
 		<action name="getPollinfo" type="model" />
 		<action name="getPollitemInfo" type="model" />
+		<action name="getPollGetColorsetList" type="model" />
+		
 		<action name="procPollInsert" type="controller" />
 		<action name="procPollInsertItem" type="controller" />
 		<action name="procPollDeleteItem" type="controller" />
@@ -15,14 +19,15 @@
 		<action name="procPollViewResult" type="controller" />
 		<action name="procPollGetList" type="controller" />
 		
-		<!-- admin -->
 		<action name="dispPollAdminList" type="view" admin_index="true" menu_name="poll" menu_index="true" />
 		<action name="dispPollAdminResult" type="view" />
 		<action name="dispPollAdminConfig" type="view" />
+		
 		<action name="getPollAdminTarget" type="model" />
+		
+		<action name="procPollAdminAddCart" type="controller" />
 		<action name="procPollAdminDeleteChecked" type="controller" ruleset="deleteChecked" />
 		<action name="procPollAdminInsertConfig" type="controller" ruleset="insertConfig" />
-		<action name="procPollAdminAddCart" type="controller" />
 	</actions>
 	<menus>
 		<menu name="poll">

modules/rss/conf/module.xml

@@ -2,14 +2,13 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="procRssAdminInsertModuleConfig" target="manager" />
+		<permission action="procRssAdminInsertModuleConfig" target="manager" check_var="target_module_srl" />
 	</permissions>
 	<actions>
-		<action name="dispRssAdminIndex" type="view" index="true" admin_index="true" menu_name="rss" menu_index="true" />
 		<action name="rss" type="view" />
 		<action name="atom" type="view" />
 		
-		<!-- admin -->
+		<action name="dispRssAdminIndex" type="view" index="true" admin_index="true" menu_name="rss" menu_index="true" />
 		<action name="procRssAdminInsertConfig" type="controller" ruleset="insertRssConfig" />
 		<action name="procRssAdminDeleteFeedImage" type="controller" />
 		<action name="procRssAdminInsertModuleConfig" type="controller" />

modules/session/conf/info.xml

@@ -23,7 +23,8 @@
 		Bu modül oturum verisini yönetir.
 		Siz sadece oturum ayarı veya kullanımı değil ayrıca oturum bilgilerini kullanan kullanıcıların oturum-seviyesi verilerini de elde edeceksiniz.
 	</description>
-    <description xml:lang="vi">Module này quản lý dữ liệu Session.
+	<description xml:lang="vi">
+		Module này quản lý dữ liệu Session.
 		Bạn không phải chỉ duy nhất thiết lập Session hay sử dụng, Cấp độ của Session phụ thuộc vào lượng người truy cập trên Website của bạn.
 	</description>
 	<description xml:lang="zh-CN">

modules/spamfilter/conf/module.xml

@@ -8,9 +8,8 @@
 		<action name="dispSpamfilterAdminConfigBlock" type="view" menu_name="spamFilter" />
 		
 		<action name="procSpamfilterAdminInsertDeniedIP" type="controller" />
-		<action name="procSpamfilterAdminInsertDeniedWord" type="controller" />
-
 		<action name="procSpamfilterAdminDeleteDeniedIP" type="controller" />
+		<action name="procSpamfilterAdminInsertDeniedWord" type="controller" />
 		<action name="procSpamfilterAdminDeleteDeniedWord" type="controller" />
 		<action name="procSpamfilterAdminInsertConfig" type="controller" ruleset="insertConfig" />
 	</actions>

modules/trash/conf/info.xml

@@ -9,6 +9,7 @@
 	<version>1.7</version>
 	<date>2013-11-27</date>
 	<category>content</category>
+	
 	<author email_address="developers@xpressengine.com" link="http://xpressengine.com/">
 		<name xml:lang="ko">NAVER</name>
 		<name xml:lang="en">NAVER</name>

modules/trash/conf/module.xml

@@ -1,18 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
 	<grants />
-	<permissions>
-		<permission action="dispTrashAdminList" target="manager" />
-		<permission action="procTrashAdminRestore" target="manager" />
-	</permissions>
+	<permissions />
 	<actions>
 		<action name="dispTrashAdminList" type="view" admin_index="true" menu_name="trash" menu_index="true" />
+		<action name="dispTrashAdminView" type="view" menu_name="trash" />
 		
 		<action name="procTrashAdminEmptyTrash" type="controller" ruleset="emptyTrash" />
 		<action name="procTrashAdminRestore" type="controller" />
 		<action name="procTrashAdminGetList" type="controller" />
-
-		<action name="dispTrashAdminView" type="view" />
 	</actions>
 	<menus>
 		<menu name="trash">

modules/widget/conf/module.xml

@@ -2,37 +2,38 @@
 <module>
 	<grants />
 	<permissions>
-		<permission action="dispWidgetGenerateCode" target="manager" />
-		<permission action="dispWidgetGenerateCodeInPage" target="manager" />
-		<permission action="dispWidgetStyleGenerateCodeInPage" target="manager" />
-		<permission action="procWidgetGenerateCode" target="manager" />
-		<permission action="procWidgetStyleGenerateCodeInPage" target="manager" />
-		<permission action="procWidgetInsertDocument" target="manager" />
-		<permission action="procWidgetCopyDocument" target="manager" />
-		<permission action="procWidgetDeleteDocument" target="manager" />
-		<permission action="procWidgetGenerateCodeInPage" target="manager" />
-		<permission action="procWidgetGetColorsetList" target="manager" />
-		<permission action="procWidgetStyleExtraImageUpload" target="manager" />
+		<permission action="dispWidgetInfo" target="all-managers" />
+		<permission action="dispWidgetGenerateCode" target="root" />
+		<permission action="dispWidgetGenerateCodeInPage" target="all-managers" />
+		<permission action="dispWidgetStyleGenerateCodeInPage" target="all-managers" />
+		
+		<permission action="procWidgetGenerateCode" target="root" />
+		<permission action="procWidgetGenerateCodeInPage" target="all-managers" />
+		<permission action="procWidgetInsertDocument" target="manager" check_var="module_srl" />
+		<permission action="procWidgetDeleteDocument" target="manager" check_type="document" check_var="document_srl" />
+		<permission action="procWidgetCopyDocument" target="manager" check_type="document" check_var="document_srl" />
+		<permission action="procWidgetGetColorsetList" target="all-managers" />
+		<permission action="procWidgetStyleExtraImageUpload" target="all-managers" />
+		
+		<permission action="dispWidgetAdminAddContent" target="manager" check_var="module_srl" />
 	</permissions>
 	<actions>
 		<action name="dispWidgetInfo" type="view" />
 		<action name="dispWidgetGenerateCode" type="view" />
 		<action name="dispWidgetGenerateCodeInPage" type="view" />
 		<action name="dispWidgetStyleGenerateCodeInPage" type="view" />
+		
 		<action name="procWidgetGenerateCode" type="controller" />
-		<action name="procWidgetStyleGenerateCodeInPage" type="controller" />
-		<action name="procWidgetInsertDocument" type="controller" />
-		<action name="procWidgetCopyDocument" type="controller" />
-		<action name="procWidgetDeleteDocument" type="controller" />
 		<action name="procWidgetGenerateCodeInPage" type="controller" ruleset="generateCodeInPage" />
+		<action name="procWidgetInsertDocument" type="controller" />
+		<action name="procWidgetDeleteDocument" type="controller" />
+		<action name="procWidgetCopyDocument" type="controller" />
 		<action name="procWidgetGetColorsetList" type="controller" />
 		<action name="procWidgetStyleExtraImageUpload" type="controller" />
 		
-		<!-- admin -->
 		<action name="dispWidgetAdminDownloadedList" type="view" admin_index="true" menu_name="installedWidget" menu_index="true" />
-		<action name="dispWidgetAdminAddContent" type="view" />
 		<action name="dispWidgetAdminGenerateCode" type="view" menu_name="installedWidget" />
-
+		<action name="dispWidgetAdminAddContent" type="view" />
 	</actions>
 	<menus>
 		<menu name="installedWidget">