fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-30 00:29:58 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fixed a bug that does not check permissions on save temporary document.

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10815 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko 2012-07-02 04:56:02 +00:00
parent b653494b15
commit a2d096f737
1 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/document/document.controller.php
View file

@ -1937,16 +1937,9 @@ class documentController extends document {
{ {
// Check login information // Check login information
if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged'); if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
$module_info = Context::get('module_info'); $module_info = Context::get('module_info');
$logged_info = Context::get('logged_info'); $logged_info = Context::get('logged_info');
// Check whether the member can write document on the mid or vid. (2012-06-30 by CMD)
$oModuleModel = &getModel('module');
$module_info = $oModuleModel->getModuleInfoByMid(Context::get('mid'));
$module_grant = $oModuleModel->getGrant($module_info, $logged_info->member_srl);
if(!$module_grant->write_document) return new Object(-1, 'msg_not_permitted');
// Get form information // Get form information
$obj = Context::getRequestVars(); $obj = Context::getRequestVars();
// Change the target module to log-in information // Change the target module to log-in information
@ -1963,10 +1956,17 @@ class documentController extends document {
$oDocumentController = &getController('document'); $oDocumentController = &getController('document');
// Check if already exist geulinji // Check if already exist geulinji
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager); $oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
// Update if already exists // Update if already exists
if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl) { if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl) {
// Check whether the member can modify. (2012-06-30 by CMD) if($oDocument->get('module_srl') != $obj->module_srl)
if(!$oDocument->isGranted()) return new Object(-1,'msg_not_permitted'); {
return new Object(-1, 'msg_invalid_request');
}
if(!$oDocument->isGranted())
{
return new Object(-1, 'msg_invalid_request');
}
//if exist document status is already public, use temp status can point problem //if exist document status is already public, use temp status can point problem
$obj->status = $oDocument->get('status'); $obj->status = $oDocument->get('status');
$output = $oDocumentController->updateDocument($oDocument, $obj); $output = $oDocumentController->updateDocument($oDocument, $obj);