From 6214f6a363c3373e729b0c2006e9f6261e7655f5 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Sun, 18 Jun 2023 17:33:26 +0200 Subject: [PATCH] Interdiction des suppressions depuis le module en sus du routage --- core/module/user/user.php | 4 ++-- module/blog/blog.php | 4 +++- module/blog/changes.md | 3 ++- module/form/changes.md | 2 ++ module/form/form.php | 6 ++++-- module/gallery/changes.md | 2 ++ module/gallery/gallery.php | 5 +++-- module/news/changes.md | 2 ++ module/news/news.php | 5 +++-- 9 files changed, 23 insertions(+), 10 deletions(-) diff --git a/core/module/user/user.php b/core/module/user/user.php index a72025bb..e6eb621f 100644 --- a/core/module/user/user.php +++ b/core/module/user/user.php @@ -601,7 +601,7 @@ class user extends common 'news' => [ 'add' => $this->getInput('profilEditNewsAdd', helper::FILTER_BOOLEAN), 'edit' => $this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN), - 'delete' => $this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN), + 'delete' => $this->getInput('profilEditNewsDelete', helper::FILTER_BOOLEAN), 'option' => $this->getInput('profilEditNewsOption', helper::FILTER_BOOLEAN), 'config' => $this->getInput('profilEditNewsAdd', helper::FILTER_BOOLEAN) || $this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN) || @@ -729,7 +729,7 @@ class user extends common 'news' => [ 'add' => $this->getInput('profilAddNewsAdd', helper::FILTER_BOOLEAN), 'edit' => $this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN), - 'delete' => $this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN), + 'delete' => $this->getInput('profilAddNewsDelete', helper::FILTER_BOOLEAN), 'option' => $this->getInput('profilAddNewsOption', helper::FILTER_BOOLEAN), 'config' => $this->getInput('profilAddNewsAdd', helper::FILTER_BOOLEAN) || $this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN) || diff --git a/module/blog/blog.php b/module/blog/blog.php index a8ffbad5..19c3e198 100755 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -592,7 +592,9 @@ class blog extends common */ public function delete() { - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { + if ( + $this->getUser('permission', 'blog', 'delete') === false || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false diff --git a/module/blog/changes.md b/module/blog/changes.md index 0022a6f5..1f330b57 100755 --- a/module/blog/changes.md +++ b/module/blog/changes.md @@ -1,4 +1,5 @@ - +# version 6.9 +- Bloque l'effacement de l'article selon le profil # version 6.8 - Erreur de décompte des commentaires approuvés ou non dans l'index # version 6.7 diff --git a/module/form/changes.md b/module/form/changes.md index cabf62e4..acef3dea 100644 --- a/module/form/changes.md +++ b/module/form/changes.md @@ -1,3 +1,5 @@ +# Version 3.10 +- Bloque l'effacement selon le profil # Version 3.9 - Redirection des pages orphelines # Version 3.8 diff --git a/module/form/form.php b/module/form/form.php index 93cd67db..728dcb92 100644 --- a/module/form/form.php +++ b/module/form/form.php @@ -17,7 +17,7 @@ class form extends common { - const VERSION = '3.9'; + const VERSION = '3.10'; const REALNAME = 'Formulaire'; const DATADIRECTORY = ''; // Contenu localisé inclus par défaut (page.json et module.json) @@ -344,7 +344,9 @@ class form extends common public function delete() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ( + $this->getUser('permission', 'form', 'delete') === false || + $this->getUrl(3) !== $_SESSION['csrf']) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', diff --git a/module/gallery/changes.md b/module/gallery/changes.md index a2860585..692cd895 100644 --- a/module/gallery/changes.md +++ b/module/gallery/changes.md @@ -1,3 +1,5 @@ +# Version 3.9 +- Bloque l'effacement de la galerie selon le profil # Version 3.8 - Version compare null, dataversion not initialize - Bug de positionnement des boutons de retour diff --git a/module/gallery/gallery.php b/module/gallery/gallery.php index 66c5cd57..cfeaa0ed 100644 --- a/module/gallery/gallery.php +++ b/module/gallery/gallery.php @@ -18,7 +18,7 @@ class gallery extends common { - const VERSION = '3.8'; + const VERSION = '3.9'; const REALNAME = 'Galerie'; const DATADIRECTORY = self::DATA_DIR . 'gallery/'; @@ -500,7 +500,8 @@ class gallery extends common { // $url prend l'adresse sans le token // La galerie n'existe pas - if ($this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) { + if ($this->getUser('permission', 'gallery', 'delete') === false || + $this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false diff --git a/module/news/changes.md b/module/news/changes.md index 0d38a1e7..be0d83a0 100644 --- a/module/news/changes.md +++ b/module/news/changes.md @@ -1,3 +1,5 @@ +# Version 4.5 +- Bloque l'effacement de l'article selon le profil # Version 4.4 - Intl date Formats - Bug un conflit avec le style de la page diff --git a/module/news/news.php b/module/news/news.php index 45c30ed4..410d4758 100644 --- a/module/news/news.php +++ b/module/news/news.php @@ -16,7 +16,7 @@ class news extends common { - const VERSION = '4.3'; + const VERSION = '4.4'; const REALNAME = 'News'; const DATADIRECTORY = self::DATA_DIR . 'news/'; @@ -365,7 +365,8 @@ class news extends common public function delete() { // La news n'existe pas - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { + if ($this->getUser('permission', 'news', 'delete') === false || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false