본인의 회원 정보만 저장하도록 개선함

만약 member_srl 를 파라미터로 넘겼을 때 본인이 아닌 경우 차단설정을 조회할 수 있는 문제점이 있다.
이를 막고 조회하지 못하도록 개선

modules/ncenterlite/ncenterlite.view.php

@@ -71,7 +71,11 @@ class ncenterliteView extends ncenterlite
 		Context::set('user_config', $output->data);
 		$this->setTemplateFile('userconfig');
 	}
-	
+
+	/**
+	 * Get to unsubscribe list.
+	 * @throws \Rhymix\Framework\Exception
+	 */
 	function dispNcenterliteUnsubscribeList()
 	{
 		/** @var ncenterliteModel $oNcenterliteModel */
@@ -95,6 +99,11 @@ class ncenterliteView extends ncenterlite
 			$member_srl = $this->user->member_srl;
 		}
 		
+		if($this->user->is_admin !== 'Y' && $this->user->member_srl != $member_srl)
+		{
+			throw new \Rhymix\Framework\Exception('msg_unsubscribe_not_permission');
+		}
+		
 		$args = new stdClass();
 		$args->page = Context::get('page');
 		$args->list_count = '20';
@@ -121,6 +130,16 @@ class ncenterliteView extends ncenterlite
 		
 		$member_srl = Context::get('member_srl');
 		
+		if(!$member_srl)
+		{
+			$member_srl = $this->user->member_srl;
+		}
+		
+		if($this->user->is_admin !== 'Y' && $member_srl !== $this->user->member_srl)
+		{
+			throw new \Rhymix\Framework\Exception('msg_invalid_request');
+		}
+		
 		if($unsubscribe_srl)
 		{
 			$output = $oNcenterliteModel->getUserUnsubscribeConfigByUnsubscribeSrl($unsubscribe_srl);
@@ -130,8 +149,7 @@ class ncenterliteView extends ncenterlite
 			$output = $oNcenterliteModel->getUserUnsubscribeConfigByTargetSrl($target_srl, $member_srl);
 		}
 		
-		
-		if((!$target_srl || !$unsubscribe_type) && !$output)
+		if((!$target_srl || !$unsubscribe_type) && empty($output))
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}