From 63f1c6844f1020054364641d76c46bdc39064a45 Mon Sep 17 00:00:00 2001
From: Fred Tempez <ftempez@gmail.com>
Date: Mon, 12 Oct 2020 19:27:53 +0200
Subject: [PATCH] =?UTF-8?q?permission=20accord=C3=A9e=20=C3=A0=20l'autorit?=
 =?UTF-8?q?=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 module/blog/blog.php                 | 8 ++++++--
 module/blog/view/article/article.php | 7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/module/blog/blog.php b/module/blog/blog.php
index 190ca559..864411b3 100644
--- a/module/blog/blog.php
+++ b/module/blog/blog.php
@@ -306,8 +306,12 @@ class blog extends common {
 		foreach ($articleIds as $key => $value) {
 			if (
 				(  // Propriétaire
-					$this->getData(['module',  $this->getUrl(0), $value,'editConsent']) === self::EDIT_OWNER
-					AND $this->getData(['module',  $this->getUrl(0), $value,'userId']) === $this->getUser('id')
+					(
+					 $this->getData(['module',  $this->getUrl(0), $value,'editConsent']) === self::EDIT_OWNER
+					 AND $this->getData(['module',  $this->getUrl(0), $value,'userId']) === $this->getUser('id')
+					) // Ou une autorité
+					OR $this->getUser('group') >  $this->getData(['module',$this->getUrl(0), $value,'editConsent'])
+
 				) OR (
 					// Groupe
 					$this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'editConsent']) !== self::EDIT_OWNER
diff --git a/module/blog/view/article/article.php b/module/blog/view/article/article.php
index 491de407..e72f759a 100644
--- a/module/blog/view/article/article.php
+++ b/module/blog/view/article/article.php
@@ -11,8 +11,11 @@
 					$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')
 					AND
 					(  // Propriétaire
-						$this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'editConsent']) === $module::EDIT_OWNER
-						AND $this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'userId']) === $this->getUser('id')
+						(
+							$this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'editConsent']) === $module::EDIT_OWNER
+							AND $this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'userId']) === $this->getUser('id')
+						) // Ou une autorité
+						OR $this->getUser('group') >  $this->getData(['module',$this->getUrl(0), $value,'editConsent'])
 					) OR (
 						// Groupe
 						$this->getData(['module',  $this->getUrl(0), $this->getUrl(1),'editConsent']) !== $module::EDIT_OWNER