fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 17:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove admin power to modify other user's ncenterlite config; close #1925; close #2148

Browse source
This commit is contained in:
Kijin Sung 2023-07-17 22:02:06 +09:00
parent 31ec3031fe
commit fcf2ad8c3e
3 changed files with 10 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/member/member.model.php
View file

@ -256,6 +256,7 @@ class MemberModel extends Member
if($member_srl != $logged_info->member_srl && $logged_info->member_srl)
{
// Get email config
$email_config = null;
foreach($module_config->signupForm as $field)
{
if($field->name == 'email_address')
@ -266,7 +267,7 @@ class MemberModel extends Member
}
// Send an email only if email address is public
if($email_config->isPublic == 'Y' && $member_info->email_address)
if($email_config && $email_config->isPublic == 'Y' && $member_info->email_address)
{
$oCommunicationModel = CommunicationModel::getInstance();
if($logged_info->is_admin == 'Y' || $oCommunicationModel->isFriend($member_info->member_srl))

17
modules/ncenterlite/ncenterlite.controller.php
View file

@ -72,13 +72,9 @@ class ncenterliteController extends ncenterlite
throw new Rhymix\Framework\Exception('msg_not_use_user_setting');
}
$logged_info = Context::get('logged_info');
$member_srl = Context::get('member_srl');
if(!$member_srl)
{
$member_srl = $logged_info->member_srl;
}
if($logged_info->member_srl != $member_srl && $logged_info->is_admin != 'Y')
// Disable modifying other user's config #1925 #2148
$member_srl = Context::get('member_srl') ?: $this->user->member_srl;
if ($this->user->member_srl !== $member_srl)
{
throw new Rhymix\Framework\Exception('ncenterlite_stop_no_permission_other_user_settings');
}
@ -1171,13 +1167,6 @@ class ncenterliteController extends ncenterlite
if($config->user_notify_setting == 'Y')
{
$oMemberController->addMemberMenu('dispNcenterliteUserConfig', 'ncenterlite_my_settings');
if($logged_info->is_admin == 'Y')
{
$url = getUrl('', 'act', 'dispNcenterliteUserConfig', 'member_srl', $target_srl);
$str = Context::getLang('ncenterlite_user_settings');
$oMemberController->addMemberPopupMenu($url, $str, '');
}
}
}

16
modules/ncenterlite/ncenterlite.view.php
View file

@ -53,17 +53,11 @@ class ncenterliteView extends ncenterlite
throw new Rhymix\Framework\Exceptions\MustLogin;
}
$member_srl = Context::get('member_srl');
if($this->user->isAdmin() && $member_srl)
// Disable modifying other user's config #1925 #2148
$member_srl = Context::get('member_srl') ?: $this->user->member_srl;
if ($this->user->member_srl !== $member_srl)
{
$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);
}
if(!$this->user->isAdmin() && $member_srl)
{
if($member_srl != $this->user->member_srl)
{
throw new Rhymix\Framework\Exceptions\NotPermitted('ncenterlite_stop_no_permission_other_user');
}
throw new Rhymix\Framework\Exceptions\NotPermitted('ncenterlite_stop_no_permission_other_user');
}
$user_selected = [];
@ -83,7 +77,7 @@ class ncenterliteView extends ncenterlite
}
}
Context::set('member_info', $member_info ?? null);
Context::set('member_info', MemberModel::getMemberInfoByMemberSrl($member_srl));
Context::set('notify_types', $notify_types);
Context::set('user_config', $user_config);
Context::set('user_selected', $user_selected);