From c20d5e99d234880ed46662d7dba4d34159c692fe Mon Sep 17 00:00:00 2001 From: Fred Tempez Date: Tue, 10 Nov 2020 19:18:17 +0100 Subject: [PATCH] Revert "permissions RFM" This reverts commit d7ca5f13fc556fcc73bd832c471eeeb30ece1ddd. --- core/core.php | 2 +- core/vendor/filemanager/config/config.php | 29 +++++++++++++---------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/core/core.php b/core/core.php index 32f8ad8f..9f2bdd68 100644 --- a/core/core.php +++ b/core/core.php @@ -2762,7 +2762,7 @@ class layout extends common { $rightItems = ''; // if($this->getUser('group') >= self::GROUP_MODERATOR) { if($this->getUser('group') >= self::GROUP_EDITOR) { - $rightItems .= '
  • ' . template::ico('folder') . '
    • '; + $rightItems .= '
  • ' . template::ico('folder') . '
    • '; } if($this->getUser('group') >= self::GROUP_ADMIN) { $rightItems .= '
  • ' . template::ico('users') . '
    • '; diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index 22afda6d..c17db810 100644 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -13,11 +13,14 @@ ob_start('mb_output_handler'); date_default_timezone_set('Europe/Paris'); setlocale(LC_CTYPE, 'fr_FR'); //correct transliteration -// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur transmis par l'URL -$access = false; -if ( password_verify('4',$_GET['ext']) - OR password_verify('3',$_GET['ext']) ) { - $access = true; +// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur via cookie et user.json +if( is_file('../../../site/data/user.json')){ + $json = file_get_contents('../../../site/data/user.json'); + $user = json_decode($json, true); + $val = $user['user'][$_COOKIE["ZWII_USER_ID"]]['group'] >= 3 ? true : false; +} +else{ + $val = false; } @@ -344,18 +347,18 @@ $config = array( //************************* //Permissions configuration //****************** - 'delete_files' => $access, + 'delete_files' => $val, 'create_folders' => true, - 'delete_folders' => $access, + 'delete_folders' => $val, 'upload_files' => true, - 'rename_files' => $access, - 'rename_folders' => $access, + 'rename_files' => $val, + 'rename_folders' => $val, 'duplicate_files' => true, 'extract_files' => true, - 'copy_cut_files' => $access, // for copy/cut files - 'copy_cut_dirs' => $access, // for copy/cut directories - 'chmod_files' => $access, // change file permissions - 'chmod_dirs' => $access, // change folder permissions + 'copy_cut_files' => $val, // for copy/cut files + 'copy_cut_dirs' => $val, // for copy/cut directories + 'chmod_files' => $val, // change file permissions + 'chmod_dirs' => $val, // change folder permissions 'preview_text_files' => true, // eg.: txt, log etc. 'edit_text_files' => true, // eg.: txt, log etc. 'create_text_files' => true, // only create files with exts. defined in $config['editable_text_file_exts']