fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-22 11:52:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #961 from conory/pr/isAccessible

Browse source 
comment, document 모듈의 권한 정리
This commit is contained in:
CONORY 2017-12-14 12:02:33 +09:00 committed by GitHub
commit 8fe6528e4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 351 additions and 270 deletions
Download patch file Download diff file Expand all files Collapse all files

2
addons/blogapi/blogapi.addon.php
View file

@ -233,7 +233,7 @@ if($called_position == 'before_module_proc')
{
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
if(!$oDocument->isExists() || !$oDocument->isGranted())
if(!$oDocument->isGranted())
{
printContent(getXmlRpcFailure(1, 'no permission'));
}

7
classes/module/ModuleHandler.class.php
View file

@ -228,12 +228,9 @@ class ModuleHandler extends Handler
{
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($this->document_srl);
if($oDocument->isSecret() || $oDocument->get('status') === $oDocumentModel->getConfigStatus('temp'))
if(!$oDocument->isAccessible())
{
if(!$oDocument->isGranted() && !$oDocument->isAccessible())
{
$this->httpStatusCode = '403';
}
$this->httpStatusCode = '403';
}
}
}

7
modules/board/board.view.php
View file

@ -328,13 +328,12 @@ class boardView extends board
));
// update the document view count (if the document is not secret)
if(!$oDocument->isSecret() || $oDocument->isGranted())
if($oDocument->isAccessible())
{
$oDocument->updateReadedCount();
}
// disappear the document if it is secret
if($oDocument->isSecret() && !$oDocument->isGranted())
else
{
$oDocument->add('content',lang('thisissecret'));
}
@ -783,7 +782,7 @@ class boardView extends board
// if the document is not granted, then back to the password input form
$oModuleModel = getModel('module');
if($oDocument->isExists()&&!$oDocument->isGranted())
if($oDocument->isExists() && !$oDocument->isGranted())
{
return $this->setTemplateFile('input_password_form');
}

2
modules/board/m.skins/default/read.html
View file

@ -8,7 +8,7 @@
<a href="{getUrl('act','dispBoardWrite','document_srl','')}" class="write">{$lang->cmd_write}</a>
</div>
<div class="co">
<!--@if($oDocument->isSecret() && !$oDocument->isGranted())-->
<!--@if(!$oDocument->isAccessible())-->
<form action="./" method="get" class="ff" onsubmit="return procFilter(this, input_password)">
<input type="hidden" name="mid" value="{$mid}" />
<input type="hidden" name="page" value="{$page}" />

2
modules/board/m.skins/simpleGray/read.html
View file

@ -9,7 +9,7 @@
<span>{$oDocument->getRegdate()}</span>
</div>
<div class="co">
<!--@if($oDocument->isSecret() && !$oDocument->isGranted())-->
<!--@if(!$oDocument->isAccessible())-->
<div class="secretContent">
<form action="./" method="get" onsubmit="return procFilter(this, input_password)">
<input type="hidden" name="mid" value="{$mid}" />

4
modules/board/skins/default/_read.html
View file

@ -20,7 +20,7 @@
</div>
<!-- /READ HEADER -->
<!-- Extra Output -->
<div class="exOut" cond="$oDocument->isExtraVarsExists() && (!$oDocument->isSecret() || $oDocument->isGranted())">
<div class="exOut" cond="$oDocument->isExtraVarsExists() && $oDocument->isAccessible()">
<table border="1" cellspacing="0" summary="Extra Form Output">
<tr loop="$oDocument->getExtraVars() => $key,$val">
<th scope="row">{$val->name}</th>
@ -31,7 +31,7 @@
<!-- /Extra Output -->
<!-- READ BODY -->
<div class="read_body">
<!--@if($oDocument->isSecret() && !$oDocument->isGranted())-->
<!--@if(!$oDocument->isAccessible())-->
<form action="./" method="get" onsubmit="return procFilter(this, input_password)">
<input type="hidden" name="mid" value="{$mid}" />
<input type="hidden" name="page" value="{$page}" />

4
modules/board/skins/xedition/_read.html
View file

@ -24,7 +24,7 @@
</div>
<!-- /READ HEADER -->
<!-- Extra Output -->
<div class="exOut" cond="$oDocument->isExtraVarsExists() && (!$oDocument->isSecret() || $oDocument->isGranted())">
<div class="exOut" cond="$oDocument->isExtraVarsExists() && $oDocument->isAccessible()">
<table border="1" cellspacing="0" summary="Extra Form Output">
<tr loop="$oDocument->getExtraVars() => $key,$val">
<th scope="row">{$val->name}</th>
@ -35,7 +35,7 @@
<!-- /Extra Output -->
<!-- READ BODY -->
<div class="read_body">
<!--@if($oDocument->isSecret() && !$oDocument->isGranted())-->
<!--@if(!$oDocument->isAccessible())-->
<form action="./" method="get" onsubmit="return procFilter(this, input_password)" class="secretForm">
<input type="hidden" name="mid" value="{$mid}" />
<input type="hidden" name="page" value="{$page}" />

2
modules/comment/comment.controller.php
View file

@ -1257,7 +1257,7 @@ class commentController extends comment
$oDocument = $oDocumentModel->getDocument($document_srl);
}
if(!$oDocument->isExists() || !$oDocument->isGranted())
if(!$oDocument->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}

154
modules/comment/comment.item.php
View file

@ -17,7 +17,11 @@ class commentItem extends BaseObject
* @var int
*/
var $comment_srl = 0;
/**
* grant
* @var bool
*/
var $grant_cache = null;
/**
* Get the column list int the table
* @var array
@ -88,52 +92,95 @@ class commentItem extends BaseObject
function isExists()
{
return $this->comment_srl ? TRUE : FALSE;
return (bool) ($this->comment_srl);
}
function isGranted()
{
if($_SESSION['granted_comment'][$this->comment_srl])
if(!$this->isExists())
{
return TRUE;
return false;
}
if(!Context::get('is_logged'))
if (isset($_SESSION['granted_comment'][$this->comment_srl]))
{
return FALSE;
return true;
}
if ($this->grant_cache !== null)
{
return $this->grant_cache;
}
$logged_info = Context::get('logged_info');
if($logged_info->is_admin == 'Y')
if (!$logged_info->member_srl)
{
return TRUE;
return $this->grant_cache = false;
}
$grant = Context::get('grant');
if($grant->manager)
if ($logged_info->is_admin == 'Y')
{
return TRUE;
return $this->grant_cache = true;
}
if($this->get('member_srl') && ($this->get('member_srl') == $logged_info->member_srl || $this->get('member_srl') * -1 == $logged_info->member_srl))
if ($this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl)
{
return TRUE;
return $this->grant_cache = true;
}
return FALSE;
$oModuleModel = getModel('module');
$grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($this->get('module_srl')), $logged_info);
if ($grant->manager)
{
return $this->grant_cache = true;
}
return $this->grant_cache = false;
}
function setGrant()
{
$this->is_granted = TRUE;
$this->grant_cache = true;
}
function setGrantForSession()
{
$_SESSION['granted_comment'][$this->comment_srl] = true;
$this->setGrant();
}
function isAccessible()
{
if(!$this->isExists())
{
return false;
}
if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update'))
{
return true;
}
if ($this->get('status') == RX_STATUS_PUBLIC)
{
$this->setAccessible();
return true;
}
if ($this->isGranted())
{
$this->setAccessible();
return true;
}
$oDocument = getModel('document')->getDocument($this->get('document_srl'));
if ($oDocument->isGranted())
{
$this->setAccessible();
return true;
}
return false;
}
function setAccessible()
{
if(Context::getSessionStatus())
@ -141,58 +188,30 @@ class commentItem extends BaseObject
$_SESSION['accessible'][$this->comment_srl] = $this->get('last_update');
}
}
function isEditable()
{
if($this->isGranted() || !$this->get('member_srl'))
{
return TRUE;
}
return FALSE;
return !$this->get('member_srl') || $this->isGranted();
}
function isSecret()
{
return $this->get('is_secret') == 'Y' ? TRUE : FALSE;
return $this->get('is_secret') == 'Y';
}
function isDeleted()
{
return $this->get('status') == RX_STATUS_DELETED || $this->get('status') == RX_STATUS_DELETED_BY_ADMIN;
}
function isDeletedByAdmin()
{
return $this->get('status') == RX_STATUS_DELETED_BY_ADMIN;
}
function isAccessible()
{
if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update'))
{
return TRUE;
}
if (!$this->isSecret() || $this->isGranted())
{
$this->setAccessible();
return TRUE;
}
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($this->get('document_srl'));
if ($oDocument->isExists() && $oDocument->isGranted())
{
$this->setAccessible();
return TRUE;
}
return FALSE;
}
function useNotify()
{
return $this->get('notify_message') == 'Y' ? TRUE : FALSE;
return $this->get('notify_message') == 'Y';
}
/**
@ -506,25 +525,26 @@ class commentItem extends BaseObject
function hasUploadedFiles()
{
if(($this->isSecret() && !$this->isAccessible()) && !$this->isGranted())
if(!$this->isAccessible())
{
return FALSE;
return false;
}
return $this->get('uploaded_count') ? TRUE : FALSE;
}
function getUploadedFiles()
{
if(($this->isSecret() && !$this->isAccessible()) && !$this->isGranted())
if(!$this->isAccessible())
{
return;
}
if(!$this->get('uploaded_count'))
{
return;
}
$oFileModel = getModel('file');
$file_list = $oFileModel->getFiles($this->comment_srl, array(), 'file_srl', TRUE);
return $file_list;
@ -637,11 +657,11 @@ class commentItem extends BaseObject
$thumbnail_type = $config->thumbnail_type ?: 'crop';
}
if($this->isSecret() && !$this->isGranted())
if(!$this->isAccessible())
{
return;
}
// If signiture height setting is omitted, create a square
if(!$height)
{

2
modules/comment/comment.model.php
View file

@ -297,7 +297,7 @@ class commentModel extends comment
* @param bool $published
* @return int
*/
function getCommentAllCount($module_srl, $published = null)
function getCommentAllCount($module_srl, $published = false)
{
$args = new stdClass();
$args->module_srl = $module_srl;

3
modules/document/document.class.php
View file

@ -373,8 +373,7 @@ class document extends ModuleObject
*/
function getConfigStatus($key)
{
if(array_key_exists(strtolower($key), $this->statusList)) return $this->statusList[$key];
else $this->getDefaultStatus();
return $this->statusList[$key];
}
}
/* End of file document.class.php */

420
modules/document/document.item.php
View file

@ -62,7 +62,6 @@ class documentItem extends BaseObject
{
$this->document_srl = $document_srl;
$this->columnList = $columnList;
$this->_loadFromDB($load_extra_vars);
}
@ -79,10 +78,12 @@ class documentItem extends BaseObject
*/
function _loadFromDB($load_extra_vars = true)
{
if(!$this->document_srl) return;
if(!$this->document_srl)
{
return;
}
$document_item = false;
$cache_put = false;
$columnList = array();
$reload_counts = true;
@ -127,17 +128,18 @@ class documentItem extends BaseObject
$this->setAttribute($document_item, $load_extra_vars);
}
function setAttribute($attribute, $load_extra_vars=true)
function setAttribute($attribute, $load_extra_vars = true)
{
if(!$attribute->document_srl)
{
$this->document_srl = null;
return;
}
$this->document_srl = $attribute->document_srl;
$this->lang_code = $attribute->lang_code;
$this->adds($attribute);
// Tags
if($this->get('tags'))
{
@ -145,26 +147,30 @@ class documentItem extends BaseObject
$tag_list = array_map('utf8_trim', $tag_list);
$this->add('tag_list', $tag_list);
}
$oDocumentModel = getModel('document');
if($load_extra_vars)
{
$GLOBALS['XE_DOCUMENT_LIST'][$attribute->document_srl] = $this;
$oDocumentModel->setToAllDocumentExtraVars();
getModel('document')->setToAllDocumentExtraVars();
}
$GLOBALS['XE_DOCUMENT_LIST'][$this->document_srl] = $this;
}
function isExists()
{
return $this->document_srl ? true : false;
return (bool) ($this->document_srl);
}
function isGranted()
{
if ($_SESSION['granted_document'][$this->document_srl])
if(!$this->isExists())
{
return $this->grant_cache = true;
return false;
}
if (isset($_SESSION['granted_document'][$this->document_srl]))
{
return true;
}
if ($this->grant_cache !== null)
@ -185,17 +191,17 @@ class documentItem extends BaseObject
{
return $this->grant_cache = true;
}
$oModuleModel = getModel('module');
$grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($this->get('module_srl')), $logged_info);
if ($grant->manager)
{
return $this->grant_cache = true;
}
return $this->grant_cache = false;
}
function setGrant()
{
$this->grant_cache = true;
@ -206,52 +212,35 @@ class documentItem extends BaseObject
$_SESSION['granted_document'][$this->document_srl] = true;
$this->setGrant();
}
function isAccessible()
{
if(!$this->isExists())
{
return false;
}
if (isset($_SESSION['accessible'][$this->document_srl]) && $_SESSION['accessible'][$this->document_srl] === $this->get('last_update'))
{
return true;
}
if ($this->grant_cache === true)
$status_list = getModel('document')->getStatusList();
if ($this->get('status') === $status_list['public'])
{
$this->setAccessible();
return true;
}
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin == 'Y')
if ($this->isGranted())
{
$this->setAccessible();
return true;
}
$status = $this->get('status');
if (empty($status))
{
return false;
}
$configStatusList = getModel('document')->getStatusList();
if ($status == $configStatusList['public'] || $status == $configStatusList['publish'])
{
$this->setAccessible();
return true;
}
elseif ($status == $configStatusList['private'] || $status == $configStatusList['secret'])
{
if ($this->get('member_srl') == $logged_info->member_srl)
{
$this->setAccessible();
return true;
}
}
return false;
}
function setAccessible()
{
if(Context::getSessionStatus())
@ -259,13 +248,16 @@ class documentItem extends BaseObject
$_SESSION['accessible'][$this->document_srl] = $this->get('last_update');
}
}
function allowComment()
{
// init write, document is not exists. so allow comment status is true
if(!$this->isExists()) return true;
return $this->get('comment_status') == 'ALLOW' ? true : false;
if(!$this->isExists())
{
return true;
}
return (bool) ($this->get('comment_status') == 'ALLOW');
}
function allowTrackback()
@ -307,38 +299,42 @@ class documentItem extends BaseObject
function isLocked()
{
if(!$this->isExists()) return false;
return $this->get('comment_status') == 'ALLOW' ? false : true;
if(!$this->isExists())
{
return false;
}
return (bool) ($this->get('comment_status') != 'ALLOW');
}
function isEditable()
{
if($this->isGranted() || !$this->get('member_srl')) return true;
return false;
return (bool) (!$this->get('member_srl') || $this->isGranted());
}
function isSecret()
{
$oDocumentModel = getModel('document');
return $this->get('status') == $oDocumentModel->getConfigStatus('secret') ? true : false;
return (bool) ($this->get('status') == getModel('document')->getConfigStatus('secret'));
}
function isNotice()
{
return $this->get('is_notice') == 'Y' ? true : false;
return (bool) ($this->get('is_notice') == 'Y');
}
function useNotify()
{
return $this->get('notify_message')=='Y' ? true : false;
return (bool) ($this->get('notify_message') == 'Y');
}
function doCart()
{
if(!$this->document_srl) return false;
if($this->isCarted()) $this->removeCart();
else $this->addCart();
if(!$this->isExists())
{
return false;
}
$this->isCarted() ? $this->removeCart() : $this->addCart();
}
function addCart()
@ -353,7 +349,7 @@ class documentItem extends BaseObject
function isCarted()
{
return $_SESSION['document_management'][$this->document_srl];
return isset($_SESSION['document_management'][$this->document_srl]);
}
/**
@ -364,23 +360,35 @@ class documentItem extends BaseObject
*/
function notify($type, $content)
{
if(!$this->document_srl) return;
if(!$this->isExists())
{
return;
}
// return if it is not useNotify
if(!$this->useNotify()) return;
if(!$this->useNotify())
{
return;
}
// Pass if an author is not a logged-in user
if(!$this->get('member_srl')) return;
if(!$this->get('member_srl'))
{
return;
}
// Return if the currently logged-in user is an author
$logged_info = Context::get('logged_info');
if($logged_info->member_srl == $this->get('member_srl')) return;
if($logged_info->member_srl == $this->get('member_srl'))
{
return;
}
// List variables
if($type) $title = "[".$type."] ";
$title .= cut_str(strip_tags($content), 10, '...');
$content = sprintf('%s<br /><br />from : <a href="%s" target="_blank">%s</a>',$content, getFullUrl('','document_srl',$this->document_srl), getFullUrl('','document_srl',$this->document_srl));
$receiver_srl = $this->get('member_srl');
$sender_member_srl = $logged_info->member_srl;
$title = ($type ? sprintf('[%s] ', $type) : '') . cut_str(strip_tags($content), 10, '...');
$content = sprintf('%s<br><br>from : <a href="%s" target="_blank">%s</a>',$content, getFullUrl('', 'document_srl', $this->document_srl), getFullUrl('', 'document_srl', $this->document_srl));
// Send a message
$oCommunicationController = getController('communication');
$oCommunicationController->sendMessage($sender_member_srl, $receiver_srl, $title, $content, false);
$sender_member_srl = $logged_info->member_srl ?: $this->get('member_srl');
getController('communication')->sendMessage($sender_member_srl, $this->get('member_srl'), $title, $content, false);
}
function getLangCode()
@ -394,23 +402,27 @@ class documentItem extends BaseObject
{
return $this->get('ipaddress');
}
return '*' . strstr($this->get('ipaddress'), '.');
}
function isExistsHomepage()
{
if(trim($this->get('homepage'))) return true;
return false;
return (bool) trim($this->get('homepage'));
}
function getHomepageUrl()
{
$url = trim($this->get('homepage'));
if(!$url) return;
if(strncasecmp('http://', $url, 7) !== 0 && strncasecmp('https://', $url, 8) !== 0) $url = 'http://' . $url;
if(!$url = trim($this->get('homepage')))
{
return;
}
if(!preg_match('@^[a-z]+://@i', $url))
{
$url = 'http://' . $url;
}
return $url;
}
@ -421,120 +433,135 @@ class documentItem extends BaseObject
function getUserID()
{
return htmlspecialchars($this->get('user_id'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('user_id'), false);
}
function getUserName()
{
return htmlspecialchars($this->get('user_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('user_name'), false);
}
function getNickName()
{
return htmlspecialchars($this->get('nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('nick_name'), false);
}
function getLastUpdater()
{
return htmlspecialchars($this->get('last_updater'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
return escape($this->get('last_updater'), false);
}
function getTitleText($cut_size = 0, $tail='...')
function getTitleText($cut_size = 0, $tail = '...')
{
if(!$this->document_srl) return;
if($cut_size) $title = cut_str($this->get('title'), $cut_size, $tail);
else $title = $this->get('title');
return $title;
if(!$this->isExists())
{
return;
}
return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
}
function getVoted()
{
if(!$this->document_srl) return false;
if(!$this->isExists())
{
return false;
}
$logged_info = Context::get('logged_info');
if(!$logged_info->member_srl)
{
return false;
}
if(isset($_SESSION['voted_document'][$this->document_srl]))
{
return $_SESSION['voted_document'][$this->document_srl];
}
$logged_info = Context::get('logged_info');
if(!$logged_info->member_srl) return false;
$args = new stdClass();
$args = new stdClass;
$args->member_srl = $logged_info->member_srl;
$args->document_srl = $this->document_srl;
$output = executeQuery('document.getDocumentVotedLog', $args);
if($output->data->point)
{
return $_SESSION['voted_document'][$this->document_srl] = $output->data->point;
}
return $_SESSION['voted_document'][$this->document_srl] = false;
}
function getTitle($cut_size = 0, $tail='...')
function getTitle($cut_size = 0, $tail = '...')
{
if(!$this->document_srl) return;
$title = $this->getTitleText($cut_size, $tail);
$attrs = array();
if(!$this->isExists())
{
return false;
}
$title = escape($this->getTitleText($cut_size, $tail), false);
$this->add('title_color', trim($this->get('title_color')));
if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;";
if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".ltrim($this->get('title_color'), '#');
$attrs = array();
if($this->get('title_bold') == 'Y')
{
$attrs[] = 'font-weight:bold';
}
if($this->get('title_color') && $this->get('title_color') != 'N')
{
$attrs[] = 'color:#' . ltrim($this->get('title_color'), '#');
}
if(count($attrs))
{
return sprintf("<span style=\"%s\">%s</span>", implode(';', $attrs), escape($title, false));
}
else
{
return escape($title, false);
return sprintf('<span style="%s">%s</span>', implode(';', $attrs), $title);
}
return $title;
}
function getContentPlainText($strlen = 0)
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
$result = $this->_checkAccessibleFromStatus();
if($result && Context::getSessionStatus())
if(!$this->isExists())
{
$this->setAccessible();
return;
}
if(!$this->isAccessible())
{
return lang('msg_is_secret');
}
$content = $this->get('content');
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = cut_str($content, $strlen, '...');
}
return escape($content);
}
function getContentText($strlen = 0)
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
$result = $this->_checkAccessibleFromStatus();
if($result && Context::getSessionStatus())
if(!$this->isExists())
{
$this->setAccessible();
return;
}
if(!$this->isAccessible())
{
return lang('msg_is_secret');
}
$content = $this->get('content');
$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
if($strlen)
{
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
$content = cut_str($content, $strlen, '...');
}
return escape($content);
}
@ -583,21 +610,24 @@ class documentItem extends BaseObject
function getContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true, $stripEmbedTagException = false)
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
$result = $this->_checkAccessibleFromStatus();
if($result)
if(!$this->isExists())
{
$this->setAccessible();
return;
}
if(!$this->isAccessible())
{
return lang('msg_is_secret');
}
$content = $this->get('content');
if(!$stripEmbedTagException) stripEmbedTagForAdmin($content, $this->get('member_srl'));
if(!$stripEmbedTagException)
{
stripEmbedTagForAdmin($content, $this->get('member_srl'));
}
// Define a link if using a rewrite module
$oContext = &Context::getInstance();
$oContext = Context::getInstance();
if($oContext->allow_rewrite)
{
$content = preg_replace('/<a([ \t]+)href=("|\')\.\/\?/i',"<a href=\\2". Context::getRequestUri() ."?", $content);
@ -627,18 +657,18 @@ class documentItem extends BaseObject
$this->document_srl, $memberSrl,
$this->document_srl, $memberSrl
);
// Add xe_content class although accessing content is not required
}
else
// Add xe_content class although accessing content is not required
elseif($add_xe_content_class)
{
if($add_xe_content_class) $content = sprintf('<div class="xe_content">%s</div>', $content);
$content = sprintf('<div class="xe_content">%s</div>', $content);
}
// Change the image path to a valid absolute path if resource_realpath is true
if($resource_realpath)
{
$content = preg_replace_callback('/<img([^>]+)>/i',array($this,'replaceResourceRealPath'), $content);
}
return $content;
}
@ -652,11 +682,14 @@ class documentItem extends BaseObject
*/
function getTransContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true)
{
$oEditorController = getController('editor');
if(!$this->isExists())
{
return;
}
$content = $this->getContent($add_popup_menu, $add_content_info, $resource_realpath, $add_xe_content_class);
$content = $oEditorController->transComponent($content);
$content = getController('editor')->transComponent($content);
return $content;
}
@ -724,11 +757,16 @@ class documentItem extends BaseObject
function getTrackbackUrl()
{
if(!$this->document_srl) return;
if(!$this->isExists())
{
return;
}
// Generate a key to prevent spams
$oTrackbackModel = getModel('trackback');
if($oTrackbackModel) return $oTrackbackModel->getTrackbackUrl($this->document_srl, $this->getDocumentMid());
if($oTrackbackModel = getModel('trackback'))
{
return $oTrackbackModel->getTrackbackUrl($this->document_srl, $this->getDocumentMid());
}
}
/**
@ -843,12 +881,19 @@ class documentItem extends BaseObject
function getComments()
{
if(!$this->getCommentCount()) return;
if(!$this->isGranted() && $this->isSecret()) return;
if(!$this->getCommentCount())
{
return;
}
if(!$this->isAccessible())
{
return;
}
// cpage is a number of comment pages
$cpageStr = sprintf('%d_cpage', $this->document_srl);
$cpage = Context::get($cpageStr);
if(!$cpage)
{
$cpage = Context::get('cpage');
@ -966,11 +1011,11 @@ class documentItem extends BaseObject
$thumbnail_type = $config->thumbnail_type ?: 'crop';
}
if($this->isSecret() && !$this->isGranted())
if(!$this->isAccessible())
{
return;
}
// If not specify its height, create a square
if(!$height) $height = $width;
if($this->get('content'))
@ -1223,25 +1268,42 @@ class documentItem extends BaseObject
function hasUploadedFiles()
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted()) return false;
if(!$this->document_srl)
{
return false;
}
if(!$this->isAccessible())
{
return false;
}
return $this->get('uploaded_count')? true : false;
}
function getUploadedFiles($sortIndex = 'file_srl')
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted()) return;
if(!$this->get('uploaded_count')) return;
if(!$this->document_srl)
{
return;
}
if(!$this->isAccessible())
{
return;
}
if(!$this->get('uploaded_count'))
{
return;
}
if(!$this->uploadedFiles[$sortIndex])
{
$oFileModel = getModel('file');
$this->uploadedFiles[$sortIndex] = $oFileModel->getFiles($this->document_srl, array(), $sortIndex, true);
}
return $this->uploadedFiles[$sortIndex];
}
@ -1266,9 +1328,16 @@ class documentItem extends BaseObject
function isEnableComment()
{
// Return false if not authorized, if a secret document, if the document is set not to allow any comment
if (!$this->allowComment()) return false;
if(!$this->isGranted() && $this->isSecret()) return false;
if (!$this->allowComment())
{
return false;
}
if(!$this->isAccessible())
{
return false;
}
return true;
}
@ -1336,9 +1405,8 @@ class documentItem extends BaseObject
}
/**
* Check accessible by document status
* @param array $matches
* @return mixed
* Compatible function
* For only XE third party
*/
function _checkAccessibleFromStatus()
{

6
modules/document/tpl/print_page.html
View file

@ -2,14 +2,12 @@
<h1 class="h1">{$oDocument->getTitleText()}</h1>
<a href="#popup_menu_area" class="member_{$oDocument->get('member_srl')}">{$oDocument->get('nick_name')}</a>
{$oDocument->getRegdate()}
<!--@if($oDocument->isExtraVarsExists() && (!$oDocument->isSecret() || $oDocument->isGranted()) )-->
<!--@if($oDocument->isExtraVarsExists() && $oDocument->isAccessible())-->
<!--@foreach($oDocument->getExtraVars() as $key => $val)-->
{$val->name}: {$val->getValueHtml()}
<!--@end-->
<!--@end-->
{$oDocument->getContent(false, false)}
<script>
//<![CDATA[
jQuery(window).load(function() { window.print(); } );
//]]>
jQuery(window).load(function() { window.print(); } );
</script>

4
modules/file/file.model.php
View file

@ -43,7 +43,7 @@ class fileModel extends file
if(!$oDocument->isExists())
{
$oComment = $oCommentModel->getComment($upload_target_srl);
if($oComment->isExists() && $oComment->isSecret() && !$oComment->isGranted())
if($oComment->isExists() && !$oComment->isAccessible())
{
return $this->setError('msg_not_permitted');
}
@ -52,7 +52,7 @@ class fileModel extends file
}
// document 권한 확인
if($oDocument->isExists() && $oDocument->isSecret() && !$oDocument->isGranted())
if($oDocument->isExists() && !$oDocument->isAccessible())
{
return $this->setError('msg_not_permitted');
}

2
modules/member/member.controller.php
View file

@ -130,7 +130,7 @@ class memberController extends member
$oDocument = $oDocumentModel->getDocument($document_srl);
// Check document
if($oDocument->isSecret() && !$oDocument->isGranted())
if(!$oDocument->isAccessible())
{
return $this->setError('msg_is_secret');
}