fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

관리자 권한 코드 개선

Browse source
This commit is contained in:
conory 2017-03-21 21:01:39 +09:00
parent e03d8e7333
commit 926f50ef8d
1 changed files with 19 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

57
classes/module/ModuleHandler.class.php
View file

@ -670,11 +670,20 @@ class ModuleHandler extends Handler
return $oMessageObject; return $oMessageObject;
} }
if($this->module == "admin" && $type == "view") // Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($this->module_info, $logged_info)->root)
{ {
if($logged_info->is_admin == 'Y') self::_setInputErrorToContext();
{ $this->error = 'admin.msg_is_not_administrator';
if($this->act != 'dispLayoutAdminLayoutModify') $oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
// Admin page layout
if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
{ {
$oAdminView = getAdminView('admin'); $oAdminView = getAdminView('admin');
$oAdminView->makeGnbUrl($forward->module); $oAdminView->makeGnbUrl($forward->module);
@ -682,46 +691,6 @@ class ModuleHandler extends Handler
$oModule->setLayoutFile("layout.html"); $oModule->setLayoutFile("layout.html");
} }
} }
else
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if($kind == 'admin')
{
$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
if(!$grant->root)
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
else
{
if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'root')
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
}
}
else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act)) else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
{ {
$this->act = $xml_info->default_index_act; $this->act = $xml_info->default_index_act;