fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 04:24:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove admin power to modify other user's ncenterlite config; close #1925; close #2148

Browse source
This commit is contained in:
Kijin Sung 2023-07-17 22:02:06 +09:00
parent 31ec3031fe
commit fcf2ad8c3e
3 changed files with 10 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/member/member.model.php
View file

@ -256,6 +256,7 @@ class MemberModel extends Member
if($member_srl != $logged_info->member_srl && $logged_info->member_srl) if($member_srl != $logged_info->member_srl && $logged_info->member_srl)
{ {
// Get email config // Get email config
$email_config = null;
foreach($module_config->signupForm as $field) foreach($module_config->signupForm as $field)
{ {
if($field->name == 'email_address') if($field->name == 'email_address')
@ -266,7 +267,7 @@ class MemberModel extends Member
} }
// Send an email only if email address is public // Send an email only if email address is public
if($email_config->isPublic == 'Y' && $member_info->email_address) if($email_config && $email_config->isPublic == 'Y' && $member_info->email_address)
{ {
$oCommunicationModel = CommunicationModel::getInstance(); $oCommunicationModel = CommunicationModel::getInstance();
if($logged_info->is_admin == 'Y' || $oCommunicationModel->isFriend($member_info->member_srl)) if($logged_info->is_admin == 'Y' || $oCommunicationModel->isFriend($member_info->member_srl))

17
modules/ncenterlite/ncenterlite.controller.php
View file

@ -72,13 +72,9 @@ class ncenterliteController extends ncenterlite
throw new Rhymix\Framework\Exception('msg_not_use_user_setting'); throw new Rhymix\Framework\Exception('msg_not_use_user_setting');
} }
$logged_info = Context::get('logged_info'); // Disable modifying other user's config #1925 #2148
$member_srl = Context::get('member_srl'); $member_srl = Context::get('member_srl') ?: $this->user->member_srl;
if(!$member_srl) if ($this->user->member_srl !== $member_srl)
{
$member_srl = $logged_info->member_srl;
}
if($logged_info->member_srl != $member_srl && $logged_info->is_admin != 'Y')
{ {
throw new Rhymix\Framework\Exception('ncenterlite_stop_no_permission_other_user_settings'); throw new Rhymix\Framework\Exception('ncenterlite_stop_no_permission_other_user_settings');
} }
@ -1171,13 +1167,6 @@ class ncenterliteController extends ncenterlite
if($config->user_notify_setting == 'Y') if($config->user_notify_setting == 'Y')
{ {
$oMemberController->addMemberMenu('dispNcenterliteUserConfig', 'ncenterlite_my_settings'); $oMemberController->addMemberMenu('dispNcenterliteUserConfig', 'ncenterlite_my_settings');
if($logged_info->is_admin == 'Y')
{
$url = getUrl('', 'act', 'dispNcenterliteUserConfig', 'member_srl', $target_srl);
$str = Context::getLang('ncenterlite_user_settings');
$oMemberController->addMemberPopupMenu($url, $str, '');
}
} }
} }

14
modules/ncenterlite/ncenterlite.view.php
View file

@ -53,18 +53,12 @@ class ncenterliteView extends ncenterlite
throw new Rhymix\Framework\Exceptions\MustLogin; throw new Rhymix\Framework\Exceptions\MustLogin;
} }
$member_srl = Context::get('member_srl'); // Disable modifying other user's config #1925 #2148
if($this->user->isAdmin() && $member_srl) $member_srl = Context::get('member_srl') ?: $this->user->member_srl;
{ if ($this->user->member_srl !== $member_srl)
$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);
}
if(!$this->user->isAdmin() && $member_srl)
{
if($member_srl != $this->user->member_srl)
{ {
throw new Rhymix\Framework\Exceptions\NotPermitted('ncenterlite_stop_no_permission_other_user'); throw new Rhymix\Framework\Exceptions\NotPermitted('ncenterlite_stop_no_permission_other_user');
} }
}
$user_selected = []; $user_selected = [];
$user_config = NcenterliteModel::getUserConfig($member_srl) ?: new stdClass; $user_config = NcenterliteModel::getUserConfig($member_srl) ?: new stdClass;
@ -83,7 +77,7 @@ class ncenterliteView extends ncenterlite
} }
} }
Context::set('member_info', $member_info ?? null); Context::set('member_info', MemberModel::getMemberInfoByMemberSrl($member_srl));
Context::set('notify_types', $notify_types); Context::set('notify_types', $notify_types);
Context::set('user_config', $user_config); Context::set('user_config', $user_config);
Context::set('user_selected', $user_selected); Context::set('user_selected', $user_selected);