fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Use static method calls and consistent permission checks throughout the Board module

Browse source
This commit is contained in:
Kijin Sung 2020-07-03 15:47:52 +09:00
parent ee1ea9729c
commit da73eb7427
6 changed files with 181 additions and 203 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/board/board.admin.view.php
View file

@ -168,14 +168,12 @@ class boardAdminView extends board {
$documentStatusList = $oDocumentModel->getStatusNameList();
Context::set('document_status_list', $documentStatusList);
$oBoardModel = getModel('board');
// setup the extra vaiables
$extra_vars = $oBoardModel->getDefaultListConfig($this->module_info->module_srl);
$extra_vars = BoardModel::getDefaultListConfig($this->module_info->module_srl);
Context::set('extra_vars', $extra_vars);
// setup the list config (install the default value if there is no list config)
Context::set('list_config', $oBoardModel->getListConfig($this->module_info->module_srl));
Context::set('list_config', BoardModel::getListConfig($this->module_info->module_srl));
// setup extra_order_target
$module_extra_vars = $oDocumentModel->getExtraKeys($this->module_info->module_srl);

80
modules/board/board.controller.php
View file

@ -57,21 +57,20 @@ class boardController extends board
$obj->is_admin = 'Y';
}
$oDocumentModel = getModel('document');
$oDocumentController = getController('document');
$_SECRET = $oDocumentModel->getConfigStatus('secret');
$secret_status = DocumentModel::getConfigStatus('secret');
$use_status = explode('|@|', $this->module_info->use_status);
// Set status
if(($obj->is_secret == 'Y' || $obj->status == $_SECRET) && is_array($use_status) && in_array($_SECRET, $use_status))
if(($obj->is_secret == 'Y' || $obj->status == $secret_status) && is_array($use_status) && in_array($secret_status, $use_status))
{
$obj->status = $_SECRET;
$obj->status = $secret_status;
}
else
{
unset($obj->is_secret);
$obj->status = $oDocumentModel->getConfigStatus('public');
$obj->status = DocumentModel::getConfigStatus('public');
}
// Set update log
@ -102,7 +101,7 @@ class boardController extends board
}
// Update if the document already exists.
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
$oDocument = DocumentModel::getDocument($obj->document_srl, $this->grant->manager);
if($oDocument->isExists())
{
if(!$oDocument->isGranted())
@ -111,14 +110,14 @@ class boardController extends board
}
// Protect admin document
$member_info = getModel('member')->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{
throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
}
// if document status is temp
if($oDocument->get('status') == $oDocumentModel->getConfigStatus('temp'))
if($oDocument->get('status') == DocumentModel::getConfigStatus('temp'))
{
// if use anonymous, set the member_srl to a negative number
if($this->module_info->use_anonymous == 'Y')
@ -188,7 +187,7 @@ class boardController extends board
if ($output->toBool())
{
// Set grant for the new document.
$oDocument = $oDocumentModel->getDocument($output->get('document_srl'));
$oDocument = DocumentModel::getDocument($output->get('document_srl'));
$oDocument->setGrantForSession();
// send an email to admin user
@ -240,13 +239,12 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_no_update_id');
}
$oDocumentModel = getModel('document');
$oDocumentController = getController('document');
$update_log = $oDocumentModel->getUpdateLog($update_id);
$update_log = DocumentModel::getUpdateLog($update_id);
if($logged_info->is_admin != 'Y')
{
$Exists_log = $oDocumentModel->getUpdateLogAdminisExists($update_log->document_srl);
$Exists_log = DocumentModel::getUpdateLogAdminisExists($update_log->document_srl);
if($Exists_log === true)
{
throw new Rhymix\Framework\Exception('msg_admin_update_log');
@ -258,7 +256,7 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_no_update_log');
}
$oDocument = $oDocumentModel->getDocument($update_log->document_srl);
$oDocument = DocumentModel::getDocument($update_log->document_srl);
$obj = new stdClass();
$obj->title = $update_log->title;
$obj->document_srl = $update_log->document_srl;
@ -287,8 +285,7 @@ class boardController extends board
throw new Rhymix\Framework\Exception('msg_invalid_document');
}
$oDocumentModel = &getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
// check protect content
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_delete_content == 'Y')
{
@ -396,8 +393,7 @@ class boardController extends board
}
// check if the doument is existed
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($obj->document_srl);
$oDocument = DocumentModel::getDocument($obj->document_srl);
if(!$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
@ -418,9 +414,6 @@ class boardController extends board
$manual = false;
}
// generate comment module model object
$oCommentModel = getModel('comment');
// generate comment module controller object
$oCommentController = getController('comment');
@ -432,10 +425,10 @@ class boardController extends board
}
else
{
$comment = $oCommentModel->getComment($obj->comment_srl, $this->grant->manager);
$comment = CommentModel::getComment($obj->comment_srl, $this->grant->manager);
if($this->module_info->protect_update_comment === 'Y' && $this->grant->manager == false)
{
$childs = $oCommentModel->getChildComments($obj->comment_srl);
$childs = CommentModel::getChildComments($obj->comment_srl);
if(count($childs) > 0)
{
throw new Rhymix\Framework\Exception('msg_board_update_protect_comment');
@ -443,9 +436,7 @@ class boardController extends board
}
}
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($comment->member_srl);
$member_info = MemberModel::getMemberInfo($comment->member_srl);
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{
throw new Rhymix\Framework\Exception('msg_admin_comment_no_modify');
@ -460,7 +451,7 @@ class boardController extends board
// Parent exists.
if($obj->parent_srl)
{
$parent_comment = $oCommentModel->getComment($obj->parent_srl);
$parent_comment = CommentModel::getComment($obj->parent_srl);
if(!$parent_comment->comment_srl)
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
@ -479,7 +470,7 @@ class boardController extends board
// Set grant for the new comment.
if ($output->toBool())
{
$comment = $oCommentModel->getComment($output->get('comment_srl'));
$comment = CommentModel::getComment($output->get('comment_srl'));
$comment->setGrantForSession();
}
}
@ -523,6 +514,10 @@ class boardController extends board
{
// get the comment_srl
$comment_srl = Context::get('comment_srl');
if(!$comment_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
$instant_delete = null;
if($this->grant->manager == true)
@ -530,22 +525,25 @@ class boardController extends board
$instant_delete = Context::get('instant_delete');
}
if(!$comment_srl)
$comment = CommentModel::getComment($comment_srl, $this->grant->manager);
if(!$comment->isExists())
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
if(!$comment->isGranted())
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
$oCommentModel = getModel('comment');
$childs = null;
if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
{
$childs = $oCommentModel->getChildComments($comment_srl);
$childs = CommentModel::getChildComments($comment_srl);
if(count($childs) > 0)
{
throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
}
}
$comment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
{
if($comment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
@ -570,7 +568,7 @@ class boardController extends board
}
elseif(starts_with('only_comm', $this->module_info->comment_delete_message) && $instant_delete != 'Y')
{
$childs = $oCommentModel->getChildComments($comment_srl);
$childs = ($childs !== null) ? $childs : CommentModel::getChildComments($comment_srl);
if(count($childs) > 0)
{
$output = $oCommentController->updateCommentByDelete($comment, $this->grant->manager);
@ -654,21 +652,18 @@ class boardController extends board
$document_srl = Context::get('document_srl');
$comment_srl = Context::get('comment_srl');
$oMemberModel = getModel('member');
// if the comment exists
if($comment_srl)
{
// get the comment information
$oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($comment_srl);
$oComment = CommentModel::getComment($comment_srl);
if(!$oComment->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
// compare the comment password and the user input password
if(!$oMemberModel->isValidPassword($oComment->get('password'),$password))
if(!MemberModel::isValidPassword($oComment->get('password'), $password))
{
throw new Rhymix\Framework\Exception('msg_invalid_password');
}
@ -676,15 +671,14 @@ class boardController extends board
$oComment->setGrantForSession();
} else {
// get the document information
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
if(!$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
}
// compare the document password and the user input password
if(!$oMemberModel->isValidPassword($oDocument->get('password'),$password))
if(!MemberModel::isValidPassword($oDocument->get('password'), $password))
{
throw new Rhymix\Framework\Exception('msg_invalid_password');
}
@ -704,7 +698,7 @@ class boardController extends board
}
// get the module information
$module_info = getModel('module')->getModuleInfoByMid($mid);
$module_info = ModuleModel::getModuleInfoByMid($mid);
if(empty($module_info->module) || $module_info->module !== 'board' || $module_info->use_anonymous === 'Y')
{
return;

17
modules/board/board.model.php
View file

@ -18,20 +18,17 @@ class boardModel extends module
/**
* @brief get the list configuration
**/
function getListConfig($module_srl)
public static function getListConfig($module_srl)
{
$oModuleModel = getModel('module');
$oDocumentModel = getModel('document');
// get the list config value, if it is not exitsted then setup the default value
$list_config = $oModuleModel->getModulePartConfig('board', $module_srl);
$list_config = ModuleModel::getModulePartConfig('board', $module_srl);
if(!is_array($list_config) || count($list_config) <= 0)
{
$list_config = array('no', 'title', 'nick_name','regdate','readed_count');
}
// get the extra variables
$inserted_extra_vars = $oDocumentModel->getExtraKeys($module_srl);
$inserted_extra_vars = DocumentModel::getExtraKeys($module_srl);
foreach($list_config as $key)
{
@ -57,7 +54,7 @@ class boardModel extends module
/**
* @brief return the default list configration value
**/
function getDefaultListConfig($module_srl)
public static function getDefaultListConfig($module_srl)
{
// add virtual srl, title, registered date, update date, nickname, ID, name, readed count, voted count etc.
$virtual_vars = array( 'no', 'title', 'regdate', 'last_update', 'last_post', 'nick_name',
@ -68,9 +65,7 @@ class boardModel extends module
}
// get the extra variables from the document model
$oDocumentModel = getModel('document');
$inserted_extra_vars = $oDocumentModel->getExtraKeys($module_srl);
$inserted_extra_vars = DocumentModel::getExtraKeys($module_srl);
if(count($inserted_extra_vars))
{
foreach($inserted_extra_vars as $obj)
@ -86,7 +81,7 @@ class boardModel extends module
/**
* @brief return module name in sitemap
**/
function triggerModuleListInSitemap(&$obj)
public function triggerModuleListInSitemap(&$obj)
{
array_push($obj, 'board');
}

147
modules/board/board.view.php
View file

@ -38,16 +38,14 @@ class boardView extends board
$this->except_notice = $this->module_info->except_notice == 'N' ? FALSE : TRUE;
// $this->_getStatusNameListecret option backward compatibility
$oDocumentModel = getModel('document');
$statusList = $this->_getStatusNameList($oDocumentModel);
$statusList = $this->_getStatusNameList();
if(isset($statusList['SECRET']))
{
$this->module_info->secret = 'Y';
}
// use_category <=1.5.x, hide_category >=1.7.x
$count_category = count($oDocumentModel->getCategoryList($this->module_info->module_srl));
$count_category = count(DocumentModel::getCategoryList($this->module_info->module_srl));
if($count_category)
{
if($this->module_info->hide_category)
@ -93,8 +91,7 @@ class boardView extends board
/**
* use context::set to setup extra variables
**/
$oDocumentModel = getModel('document');
$extra_keys = $oDocumentModel->getExtraKeys($this->module_info->module_srl);
$extra_keys = DocumentModel::getExtraKeys($this->module_info->module_srl);
Context::set('extra_keys', $extra_keys);
/**
@ -158,7 +155,7 @@ class boardView extends board
}
}
// remove a search option that is not public in member config
$memberConfig = getModel('module')->getModuleConfig('member');
$memberConfig = ModuleModel::getModuleConfig('member');
foreach($memberConfig->signupForm as $signupFormElement)
{
if(in_array($signupFormElement->title, $search_option))
@ -171,8 +168,7 @@ class boardView extends board
}
Context::set('search_option', $search_option);
$oDocumentModel = getModel('document');
$statusNameList = $this->_getStatusNameList($oDocumentModel);
$statusNameList = $this->_getStatusNameList();
if(count($statusNameList) > 0)
{
Context::set('status_list', $statusNameList);
@ -182,8 +178,7 @@ class boardView extends board
$this->dispBoardContentView();
// list config, columnList setting
$oBoardModel = getModel('board');
$this->listConfig = $oBoardModel->getListConfig($this->module_info->module_srl);
$this->listConfig = BoardModel::getListConfig($this->module_info->module_srl);
if(!$this->listConfig) $this->listConfig = array();
$this->_makeListColumnList();
@ -219,8 +214,7 @@ class boardView extends board
return;
}
$oDocumentModel = getModel('document');
Context::set('category_list', $oDocumentModel->getCategoryList($this->module_srl));
Context::set('category_list', DocumentModel::getCategoryList($this->module_srl));
$oSecurity = new Security();
$oSecurity->encodeHTML('category_list.', 'category_list.childs.');
@ -235,15 +229,12 @@ class boardView extends board
$document_srl = Context::get('document_srl');
$page = Context::get('page');
// generate document model object
$oDocumentModel = getModel('document');
/**
* if the document exists, then get the document information
**/
if($document_srl)
{
$oDocument = $oDocumentModel->getDocument($document_srl, false, true);
$oDocument = DocumentModel::getDocument($document_srl, false, true);
// if the document is existed
if($oDocument->isExists())
@ -263,7 +254,7 @@ class boardView extends board
$logged_info = Context::get('logged_info');
if(abs($oDocument->get('member_srl')) != $logged_info->member_srl)
{
$oDocument = $oDocumentModel->getDocument(0);
$oDocument = DocumentModel::getDocument(0);
}
}
@ -272,7 +263,7 @@ class boardView extends board
{
if(!$oDocument->isGranted())
{
$oDocument = $oDocumentModel->getDocument(0);
$oDocument = DocumentModel::getDocument(0);
}
}
@ -290,7 +281,7 @@ class boardView extends board
}
else
{
$oDocument = $oDocumentModel->getDocument(0);
$oDocument = DocumentModel::getDocument(0);
}
/**
@ -300,7 +291,7 @@ class boardView extends board
{
if(!$this->grant->view && !$oDocument->isGranted())
{
$oDocument = $oDocumentModel->getDocument(0);
$oDocument = DocumentModel::getDocument(0);
Context::set('document_srl','',true);
$this->alertMessage('msg_not_permitted', 403);
}
@ -360,8 +351,7 @@ class boardView extends board
// Check if a permission for file download is granted
// Get configurations (using module model object)
$oModuleModel = getModel('module');
$file_module_config = $oModuleModel->getModulePartConfig('file',$this->module_srl);
$file_module_config = ModuleModel::getModulePartConfig('file',$this->module_srl);
$downloadGrantCount = 0;
if(is_array($file_module_config->download_grant))
@ -380,14 +370,12 @@ class boardView extends board
$logged_info = Context::get('logged_info');
if($logged_info->is_admin != 'Y')
{
$oModuleModel =& getModel('module');
$columnList = array('module_srl', 'site_srl');
$module_info = $oModuleModel->getModuleInfoByModuleSrl($this->module_srl, $columnList);
$module_info = ModuleModel::getModuleInfoByModuleSrl($this->module_srl, $columnList);
if(!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
if(!ModuleModel::isSiteAdmin($logged_info, $module_info->site_srl))
{
$oMemberModel =& getModel('member');
$member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl);
$member_groups = MemberModel::getMemberGroups($logged_info->member_srl, $module_info->site_srl);
$is_permitted = false;
for($i=0;$i<count($file_module_config->download_grant);$i++)
@ -407,9 +395,8 @@ class boardView extends board
}
}
$oDocumentModel = getModel('document');
$document_srl = Context::get('document_srl');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
Context::set('oDocument', $oDocument);
Context::set('file_list',$oDocument->getUploadedFiles());
@ -424,9 +411,8 @@ class boardView extends board
// check document view grant
$this->dispBoardContentView();
$oDocumentModel = getModel('document');
$document_srl = Context::get('document_srl');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
$comment_list = $oDocument->getComments();
// setup the comment list
@ -455,10 +441,9 @@ class boardView extends board
return;
}
$oDocumentModel = getModel('document');
$args = new stdClass();
$args->module_srl = $this->module_srl;
$notice_output = $oDocumentModel->getNoticeList($args, $this->columnList);
$notice_output = DocumentModel::getNoticeList($args, $this->columnList);
Context::set('notice_list', $notice_output->data);
}
@ -477,8 +462,6 @@ class boardView extends board
return;
}
$oDocumentModel = getModel('document');
// setup module_srl/page number/ list number/ page count
$args = new stdClass();
$args->module_srl = $this->module_srl;
@ -534,7 +517,7 @@ class boardView extends board
}
elseif(!$args->page && $document_srl)
{
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
if($oDocument->isExists() && !$oDocument->isNotice())
{
$days = $this->module_info->skip_bottom_list_days ?: 30;
@ -544,7 +527,7 @@ class boardView extends board
}
else
{
$args->page = $oDocumentModel->getDocumentPage($oDocument, $args);
$args->page = DocumentModel::getDocumentPage($oDocument, $args);
Context::set('page', $args->page);
}
}
@ -575,7 +558,7 @@ class boardView extends board
Context::set('list_config', $this->listConfig);
// setup document list variables on context
$output = $oDocumentModel->getDocumentList($args, $this->except_notice, TRUE, $this->columnList);
$output = DocumentModel::getDocumentList($args, $this->except_notice, TRUE, $this->columnList);
Context::set('document_list', $output->data);
Context::set('total_count', $output->total_count);
Context::set('total_page', $output->total_page);
@ -690,7 +673,7 @@ class boardView extends board
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
$oDocument = getModel('document')->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
if(!$oDocument->isExists())
{
throw new Rhymix\Framework\Exceptions\TargetNotFound;
@ -713,9 +696,6 @@ class boardView extends board
return $this->dispBoardMessage('msg_not_permitted');
}
$oDocumentModel = getModel('document');
$logged_info = Context::get('logged_info');
/**
* check if the category option is enabled not not
**/
@ -724,7 +704,7 @@ class boardView extends board
// get the user group information
if(Context::get('is_logged'))
{
$group_srls = array_keys($logged_info->group_list);
$group_srls = array_keys($this->user->group_list);
}
else
{
@ -734,7 +714,7 @@ class boardView extends board
// check the grant after obtained the category list
$category_list = array();
$normal_category_list = $oDocumentModel->getCategoryList($this->module_srl);
$normal_category_list = DocumentModel::getCategoryList($this->module_srl);
if(count($normal_category_list))
{
foreach($normal_category_list as $category_srl => $category)
@ -773,11 +753,10 @@ class boardView extends board
// GET parameter document_srl from request
$document_srl = Context::get('document_srl');
$oDocument = $oDocumentModel->getDocument(0, $this->grant->manager);
$oDocument = DocumentModel::getDocument(0, $this->grant->manager);
$oDocument->setDocument($document_srl);
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
if($oDocument->get('module_srl') == $oDocument->get('member_srl')) $savedDoc = TRUE;
$oDocument->add('module_srl', $this->module_srl);
@ -801,13 +780,12 @@ class boardView extends board
}
}
}
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
if($member_info->is_admin == 'Y' && $this->user->is_admin != 'Y')
{
throw new Rhymix\Framework\Exception('msg_admin_document_no_modify');
}
// if the document is not granted, then back to the password input form
$oModuleModel = getModel('module');
if($oDocument->isExists() && !$oDocument->isGranted())
{
return $this->setTemplateFile('input_password_form');
@ -815,7 +793,7 @@ class boardView extends board
if(!$oDocument->isExists())
{
$point_config = $oModuleModel->getModulePartConfig('point',$this->module_srl);
$point_config = ModuleModel::getModulePartConfig('point',$this->module_srl);
if ($point_config)
{
$pointForInsert = is_object($point_config) ? $point_config->insert_document : $point_config["insert_document"];
@ -824,23 +802,22 @@ class boardView extends board
{
$pointForInsert = 0;
}
$logged_info = Context::get('logged_info');
if($pointForInsert < 0)
{
if(!Context::get('is_logged'))
if(!$this->user->isMember())
{
return $this->dispBoardMessage('msg_not_permitted');
}
else if((getModel('point')->getPoint($logged_info->member_srl) + $pointForInsert) < 0)
else if((getModel('point')->getPoint($this->user->member_srl) + $pointForInsert) < 0)
{
return $this->dispBoardMessage('msg_not_enough_point');
}
}
}
if(!$oDocument->get('status')) $oDocument->add('status', $oDocumentModel->getDefaultStatus());
if(!$oDocument->get('status')) $oDocument->add('status', DocumentModel::getDefaultStatus());
$statusList = $this->_getStatusNameList($oDocumentModel);
$statusList = $this->_getStatusNameList();
if(count($statusList) > 0) Context::set('status_list', $statusList);
// get Document status config value
@ -872,12 +849,12 @@ class boardView extends board
$this->setTemplateFile('write_form');
}
function _getStatusNameList(&$oDocumentModel)
function _getStatusNameList()
{
$resultList = array();
if(!empty($this->module_info->use_status))
{
$statusNameList = $oDocumentModel->getStatusNameList();
$statusNameList = DocumentModel::getStatusNameList();
$statusList = explode('|@|', $this->module_info->use_status);
if(is_array($statusList))
@ -908,8 +885,7 @@ class boardView extends board
// if document exists, get the document information
if($document_srl)
{
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
}
// if the document is not existed, then back to the board content page
@ -966,8 +942,7 @@ class boardView extends board
}
// get the document information
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
$oDocument = DocumentModel::getDocument($document_srl);
if(!$oDocument->isExists())
{
return $this->dispBoardMessage('msg_not_founded');
@ -980,8 +955,7 @@ class boardView extends board
}
// obtain the comment (create an empty comment document for comment_form usage)
$oCommentModel = getModel('comment');
$oSourceComment = $oComment = $oCommentModel->getComment(0);
$oSourceComment = $oComment = CommentModel::getComment(0);
$oComment->add('document_srl', $document_srl);
$oComment->add('module_srl', $this->module_srl);
@ -1019,8 +993,7 @@ class boardView extends board
}
// get the comment
$oCommentModel = getModel('comment');
$oSourceComment = $oCommentModel->getComment($parent_srl, $this->grant->manager);
$oSourceComment = CommentModel::getComment($parent_srl, $this->grant->manager);
// if the comment is not existed, opoup an error message
if(!$oSourceComment->isExists())
@ -1033,15 +1006,14 @@ class boardView extends board
}
// Check allow comment
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($oSourceComment->get('document_srl'));
$oDocument = DocumentModel::getDocument($oSourceComment->get('document_srl'));
if(!$oDocument->allowComment())
{
return $this->dispBoardMessage('msg_not_allow_comment');
}
// get the comment information
$oComment = $oCommentModel->getComment();
$oComment = CommentModel::getComment();
$oComment->add('parent_srl', $parent_srl);
$oComment->add('document_srl', $oSourceComment->get('document_srl'));
@ -1081,11 +1053,9 @@ class boardView extends board
}
// get comment information
$oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
$oComment = CommentModel::getComment($comment_srl, $this->grant->manager);
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oComment->member_srl);
$member_info = MemberModel::getMemberInfo($oComment->member_srl);
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
{
if($oComment->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
@ -1097,7 +1067,7 @@ class boardView extends board
}
if($this->module_info->protect_update_comment === 'Y' && $this->grant->manager == false)
{
$childs = $oCommentModel->getChildComments($comment_srl);
$childs = CommentModel::getChildComments($comment_srl);
if(count($childs) > 0)
{
throw new Rhymix\Framework\Exception('msg_board_update_protect_comment');
@ -1122,7 +1092,7 @@ class boardView extends board
}
// setup the comment variables on context
Context::set('oSourceComment', $oCommentModel->getComment());
Context::set('oSourceComment', CommentModel::getComment());
Context::set('oComment', $oComment);
/**
@ -1150,8 +1120,7 @@ class boardView extends board
// if the comment exists, then get the comment information
if($comment_srl)
{
$oCommentModel = getModel('comment');
$oComment = $oCommentModel->getComment($comment_srl, $this->grant->manager);
$oComment = CommentModel::getComment($comment_srl, $this->grant->manager);
}
if($this->module_info->protect_comment_regdate > 0 && $this->grant->manager == false)
@ -1166,8 +1135,7 @@ class boardView extends board
if($this->module_info->protect_delete_comment === 'Y' && $this->grant->manager == false)
{
$oCommentModel = getModel('comment');
$childs = $oCommentModel->getChildComments($comment_srl);
$childs = CommentModel::getChildComments($comment_srl);
if(count($childs) > 0)
{
throw new Rhymix\Framework\Exception('msg_board_delete_protect_comment');
@ -1202,7 +1170,6 @@ class boardView extends board
function dispBoardDeleteTrackback()
{
$oTrackbackModel = getModel('trackback');
if(!$oTrackbackModel)
{
return;
@ -1245,15 +1212,13 @@ class boardView extends board
function dispBoardUpdateLog()
{
$oDocumentModel = getModel('document');
$document_srl = Context::get('document_srl');
if($this->grant->update_view !== true)
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
$updatelog = $oDocumentModel->getDocumentUpdateLog($document_srl);
$document_srl = Context::get('document_srl');
$updatelog = DocumentModel::getDocumentUpdateLog($document_srl);
Context::set('total_count', $updatelog->page_navigation->total_count);
Context::set('total_page', $updatelog->page_navigation->total_page);
Context::set('page', $updatelog->page);
@ -1265,16 +1230,14 @@ class boardView extends board
function dispBoardUpdateLogView()
{
$oDocumentModel = getModel('document');
$update_id = Context::get('update_id');
if($this->grant->update_view !== true)
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
$update_log = $oDocumentModel->getUpdateLog($update_id);
$oDocument = $oDocumentModel->getDocument($update_log->document_srl);
$update_id = Context::get('update_id');
$update_log = DocumentModel::getUpdateLog($update_id);
$oDocument = DocumentModel::getDocument($update_log->document_srl);
$extra_vars = unserialize($update_log->extra_vars);
@ -1309,8 +1272,6 @@ class boardView extends board
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
$oMemberModel = getModel('member');
$target = Context::get('target');
$target_srl = Context::get('target_srl');
@ -1348,7 +1309,7 @@ class boardView extends board
{
continue;
}
$vote_member_infos[$log->member_srl] = $oMemberModel->getMemberInfoByMemberSrl($log->member_srl);
$vote_member_infos[$log->member_srl] = MemberModel::getMemberInfo($log->member_srl);
}
else
{
@ -1356,7 +1317,7 @@ class boardView extends board
{
continue;
}
$blame_member_infos[$log->member_srl] = $oMemberModel->getMemberInfoByMemberSrl($log->member_srl);
$blame_member_infos[$log->member_srl] = MemberModel::getMemberInfo($log->member_srl);
}
}
}

69
modules/comment/comment.controller.php
View file

@ -883,9 +883,16 @@ class commentController extends comment
return $output;
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// check if comment exists and permission is granted
$comment = CommentModel::getComment($obj->comment_srl);
if(!$comment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
// If the case manager to delete comments, it indicated that the administrator deleted.
$logged_info = Context::get('logged_info');
@ -899,6 +906,12 @@ class commentController extends comment
$obj->content = lang('msg_deleted_comment');
$obj->status = RX_STATUS_DELETED;
}
// Begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Update
$obj->member_srl = 0;
unset($obj->last_update);
$output = executeQuery('comment.updateCommentByDelete', $obj);
@ -931,7 +944,6 @@ class commentController extends comment
$oDB->commit();
$output->add('document_srl', $obj->document_srl);
return $output;
}
@ -992,13 +1004,16 @@ class commentController extends comment
// check if comment already exists
$comment = CommentModel::getComment($comment_srl);
if($comment->comment_srl != $comment_srl)
if(!$comment->isExists())
{
return new BaseObject(-1, 'msg_invalid_request');
return new BaseObject(-1, 'msg_not_founded');
}
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
$member_info = MemberModel::getMemberInfoByMemberSrl($comment->member_srl);
$member_info = MemberModel::getMemberInfo($comment->member_srl);
$document_srl = $comment->document_srl;
// call a trigger (before)
@ -1009,14 +1024,8 @@ class commentController extends comment
return $output;
}
// check if permission is granted
if(!$is_admin && !$comment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
// check if child comment exists on the comment
if(!$childs)
if($childs === null)
{
$childs = CommentModel::getChildComments($comment_srl);
}
@ -1144,7 +1153,7 @@ class commentController extends comment
*/
function moveCommentToTrash($obj, $updateComment = false)
{
$logged_info = Context::get('logged_info');
// Initialize trash arguments
$trash_args = new stdClass();
if(!$obj->trash_srl)
{
@ -1155,13 +1164,24 @@ class commentController extends comment
$trash_args->trash_srl = $obj->trash_srl;
}
// check if comment exists and permission is granted
$oComment = CommentModel::getComment($obj->comment_srl);
$member_info = MemberModel::getMemberInfoByMemberSrl($oComment->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
if(!$oComment->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$oComment->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
if($this->user->is_admin !== 'Y')
{
$member_info = MemberModel::getMemberInfo($oComment->get('member_srl'));
if($member_info->is_admin === 'Y')
{
return new BaseObject(-1, 'msg_admin_comment_no_move_to_trash');
}
}
$obj->module_srl = $oComment->get('module_srl');
$trash_args->module_srl = $obj->module_srl;
@ -1172,13 +1192,12 @@ class commentController extends comment
$trash_args->document_srl = $obj->document_srl;
$trash_args->comment_srl = $obj->comment_srl;
$trash_args->description = $obj->description;
if(!Context::get('is_logged'))
if($this->user->isMember())
{
$trash_args->member_Srl = $logged_info->member_srl;
$trash_args->user_id = htmlspecialchars_decode($logged_info->user_id);
$trash_args->user_name = htmlspecialchars_decode($logged_info->user_name);
$trash_args->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$trash_args->member_srl = $this->user->member_srl;
$trash_args->user_id = htmlspecialchars_decode($this->user->user_id);
$trash_args->user_name = htmlspecialchars_decode($this->user->user_name);
$trash_args->nick_name = htmlspecialchars_decode($this->user->nick_name);
}
$oDB = &DB::getInstance();

57
modules/document/document.controller.php
View file

@ -1024,26 +1024,31 @@ class documentController extends document
$oDB = &DB::getInstance();
$oDB->begin();
// Check if the document exists
if(!$isEmptyTrash)
{
// Check if the documnet exists
$oDocument = DocumentModel::getDocument($document_srl, $is_admin);
}
else if($isEmptyTrash && $oDocument == null) return new BaseObject(-1, 'document is not exists');
else if($isEmptyTrash && $oDocument == null)
{
return new BaseObject(-1, 'msg_not_founded');
}
$member_info = MemberModel::getMemberInfoByMemberSrl($oDocument->get('member_srl'));
$logged_info = Context::get('logged_info');
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
// Check permission
if(!$oDocument->isExists())
{
return new BaseObject(-1, 'msg_invalid_document');
}
if(!$oDocument->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
if($member_info->is_admin === 'Y' && $this->user->is_admin !== 'Y')
{
return new BaseObject(-1, 'msg_document_is_admin_not_permitted');
}
if(!$oDocument->isExists() || $oDocument->document_srl != $document_srl) return new BaseObject(-1, 'msg_invalid_document');
// Check if a permossion is granted
if(!$oDocument->isGranted()) return new BaseObject(-1, 'msg_not_permitted');
//if empty trash, document already deleted, therefore document not delete
$args = new stdClass();
$args->document_srl = $document_srl;
@ -1136,19 +1141,28 @@ class documentController extends document
*/
function moveDocumentToTrash($obj)
{
$logged_info = Context::get('logged_info');
$trash_args = new stdClass();
// Get trash_srl if a given trash_srl doesn't exist
if(!$obj->trash_srl) $trash_args->trash_srl = getNextSequence();
else $trash_args->trash_srl = $obj->trash_srl;
// Get its module_srl which the document belongs to
$oDocument = DocumentModel::getDocument($obj->document_srl);
$member_info = MemberModel::getMemberInfoByMemberSrl($oDocument->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
if(!$oDocument->isExists())
{
return new BaseObject(-1, 'msg_not_founded');
}
if(!$oDocument->isGranted())
{
return new BaseObject(-1, 'msg_not_permitted');
}
if($this->user->is_admin !== 'Y')
{
$member_info = MemberModel::getMemberInfo($oDocument->get('member_srl'));
if($member_info->is_admin === 'Y')
{
return new BaseObject(-1, 'msg_admin_document_no_move_to_trash');
}
}
$trash_args->module_srl = $oDocument->get('module_srl');
$obj->module_srl = $oDocument->get('module_srl');
@ -1161,15 +1175,12 @@ class documentController extends document
$trash_args->document_srl = $obj->document_srl;
$trash_args->description = $obj->description;
// Insert member's information only if the member is logged-in and not manually registered.
if(Context::get('is_logged'))
if($this->user->isMember())
{
$logged_info = Context::get('logged_info');
$trash_args->member_srl = $logged_info->member_srl;
// user_id, user_name and nick_name already encoded
$trash_args->user_id = htmlspecialchars_decode($logged_info->user_id);
$trash_args->user_name = htmlspecialchars_decode($logged_info->user_name);
$trash_args->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$trash_args->member_srl = $this->user->member_srl;
$trash_args->user_id = htmlspecialchars_decode($this->user->user_id);
$trash_args->user_name = htmlspecialchars_decode($this->user->user_name);
$trash_args->nick_name = htmlspecialchars_decode($this->user->nick_name);
}
// Date setting for updating documents
$document_args = new stdClass;