diff --git a/modules/ncenterlite/lang/ko.php b/modules/ncenterlite/lang/ko.php
index 8c5377215..015302bdb 100644
--- a/modules/ncenterlite/lang/ko.php
+++ b/modules/ncenterlite/lang/ko.php
@@ -179,3 +179,4 @@ $lang->msg_not_use_user_setting = '유저 세팅을 제공하지 않습니다.
$lang->msg_denger_rhymix_user = '경고! 라이믹스에서는 코어에 포함된 순정 알림센터를 사용해야 합니다.
XE용 알림센터를 삭제하고, 라이믹스 알림센터를 다시 설치해 주시기 바랍니다.';
$lang->msg_test_notifycation_success = '테스트알림더미를 정상적으로 생성하였습니다.';
$lang->msg_unsubscribe_block_not_support = '개별 수신 거부 기능을 제공하지 않습니다. 관리자에게 문의하세요.';
+$lang->msg_unsubscribe_not_permission = '다른 회원의 구독리스트를 조회할 권한이 없습니다.';
diff --git a/modules/ncenterlite/ncenterlite.view.php b/modules/ncenterlite/ncenterlite.view.php
index a7ec81dbe..1e3744674 100644
--- a/modules/ncenterlite/ncenterlite.view.php
+++ b/modules/ncenterlite/ncenterlite.view.php
@@ -71,7 +71,11 @@ class ncenterliteView extends ncenterlite
Context::set('user_config', $output->data);
$this->setTemplateFile('userconfig');
}
-
+
+ /**
+ * Get to unsubscribe list.
+ * @throws \Rhymix\Framework\Exception
+ */
function dispNcenterliteUnsubscribeList()
{
/** @var ncenterliteModel $oNcenterliteModel */
@@ -95,6 +99,11 @@ class ncenterliteView extends ncenterlite
$member_srl = $this->user->member_srl;
}
+ if($this->user->is_admin !== 'Y' && $this->user->member_srl != $member_srl)
+ {
+ throw new \Rhymix\Framework\Exception('msg_unsubscribe_not_permission');
+ }
+
$args = new stdClass();
$args->page = Context::get('page');
$args->list_count = '20';
@@ -121,6 +130,16 @@ class ncenterliteView extends ncenterlite
$member_srl = Context::get('member_srl');
+ if(!$member_srl)
+ {
+ $member_srl = $this->user->member_srl;
+ }
+
+ if($this->user->is_admin !== 'Y' && $member_srl !== $this->user->member_srl)
+ {
+ throw new \Rhymix\Framework\Exception('msg_invalid_request');
+ }
+
if($unsubscribe_srl)
{
$output = $oNcenterliteModel->getUserUnsubscribeConfigByUnsubscribeSrl($unsubscribe_srl);
@@ -130,8 +149,7 @@ class ncenterliteView extends ncenterlite
$output = $oNcenterliteModel->getUserUnsubscribeConfigByTargetSrl($target_srl, $member_srl);
}
-
- if((!$target_srl || !$unsubscribe_type) && !$output)
+ if((!$target_srl || !$unsubscribe_type) && empty($output))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}