Merge pull request #684 from izuzero/develop

프로그램에 의해 글 작성 시 로그인한 회원에게 작성된 문서의 권한이 생기는 문제.

modules/comment/comment.controller.php

@@ -199,18 +199,25 @@ class commentController extends comment
 		// check if comment's module is using comment validation and set the publish status to 0 (false)
 		// for inserting query, otherwise default is 1 (true - means comment is published)
 		$using_validation = $this->isModuleUsingPublishValidation($obj->module_srl);
-		if(Context::get('is_logged'))
+		if(!$manual_inserted)
 		{
-			$logged_info = Context::get('logged_info');
-			if($logged_info->is_admin == 'Y')
+			if(Context::get('is_logged'))
 			{
-				$is_admin = TRUE;
-			}
-			else
-			{
-				$is_admin = FALSE;
+				$logged_info = Context::get('logged_info');
+				if($logged_info->is_admin == 'Y')
+				{
+					$is_admin = TRUE;
+				}
+				else
+				{
+					$is_admin = FALSE;
+				}
 			}
 		}
+		else
+		{
+			$is_admin = FALSE;
+		}
 
 		if(!$using_validation)
 		{
@@ -441,7 +448,10 @@ class commentController extends comment
 		}
 
 		// grant autority of the comment
-		$this->addGrant($obj->comment_srl);
+		if(!$manual_inserted)
+		{
+			$this->addGrant($obj->comment_srl);
+		}
 
 		// call a trigger(after)
 		if($output->toBool())

modules/document/document.controller.php

@@ -333,7 +333,10 @@ class documentController extends document
 		$oDB->commit();
 
 		// return
-		$this->addGrant($obj->document_srl);
+		if(!$manual_inserted)
+		{
+			$this->addGrant($obj->document_srl);
+		}
 		$output->add('document_srl',$obj->document_srl);
 		$output->add('category_srl',$obj->category_srl);