diff --git a/core/module/page/view/edit/edit.php b/core/module/page/view/edit/edit.php index a6b63d17..b4b3418e 100644 --- a/core/module/page/view/edit/edit.php +++ b/core/module/page/view/edit/edit.php @@ -271,18 +271,21 @@ echo template::formOpen('pageEditForm');
'Groupe requis pour accéder à la page :', - 'selected' => $this->getData(['page', $this->getUrl(2), 'group']) + 'selected' => $this->getData(['page', $this->getUrl(2), 'group']), + 'disabled' => $this->getUser('group') < self::GROUP_MODERATOR ? true : false ]); ?>
'Méta-titre', - 'value' => $this->getData(['page', $this->getUrl(2), 'metaTitle']) + 'value' => $this->getData(['page', $this->getUrl(2), 'metaTitle']), + 'disabled' => $this->getUser('group') < self::GROUP_MODERATOR ? true : false ]); ?> 'Méta-description', //'maxlength' => '500', - 'value' => $this->getData(['page', $this->getUrl(2), 'metaDescription']) + 'value' => $this->getData(['page', $this->getUrl(2), 'metaDescription']), + 'disabled' => $this->getUser('group') < self::GROUP_MODERATOR ? true : false ]); ?>
diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index 73e03b8b..c17db810 100644 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -13,6 +13,17 @@ ob_start('mb_output_handler'); date_default_timezone_set('Europe/Paris'); setlocale(LC_CTYPE, 'fr_FR'); //correct transliteration +// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur via cookie et user.json +if( is_file('../../../site/data/user.json')){ + $json = file_get_contents('../../../site/data/user.json'); + $user = json_decode($json, true); + $val = $user['user'][$_COOKIE["ZWII_USER_ID"]]['group'] >= 3 ? true : false; +} +else{ + $val = false; +} + + /* |-------------------------------------------------------------------------- | Optional security @@ -336,18 +347,18 @@ $config = array( //************************* //Permissions configuration //****************** - 'delete_files' => true, + 'delete_files' => $val, 'create_folders' => true, - 'delete_folders' => true, + 'delete_folders' => $val, 'upload_files' => true, - 'rename_files' => true, - 'rename_folders' => true, + 'rename_files' => $val, + 'rename_folders' => $val, 'duplicate_files' => true, 'extract_files' => true, - 'copy_cut_files' => true, // for copy/cut files - 'copy_cut_dirs' => true, // for copy/cut directories - 'chmod_files' => true, // change file permissions - 'chmod_dirs' => true, // change folder permissions + 'copy_cut_files' => $val, // for copy/cut files + 'copy_cut_dirs' => $val, // for copy/cut directories + 'chmod_files' => $val, // change file permissions + 'chmod_dirs' => $val, // change folder permissions 'preview_text_files' => true, // eg.: txt, log etc. 'edit_text_files' => true, // eg.: txt, log etc. 'create_text_files' => true, // only create files with exts. defined in $config['editable_text_file_exts'] diff --git a/module/blog/blog.php b/module/blog/blog.php index 795cff2e..f8562735 100644 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -493,7 +493,7 @@ class blog extends common { ksort(self::$users); foreach(self::$users as $userId => &$userFirstname) { // Les membres ne sont pas éditeurs, les exclure de la liste - if ( $this->getData(['user', $userId, 'group']) < self::GROUP_MODERATOR) { + if ( $this->getData(['user', $userId, 'group']) < self::GROUP_EDITOR) { unset(self::$users[$userId]); } $userFirstname = $userFirstname . ' ' . $this->getData(['user', $userId, 'lastname']) . ' (' . self::$groupEdits[$this->getData(['user', $userId, 'group'])] . ')'; diff --git a/module/blog/view/edit/edit.php b/module/blog/view/edit/edit.php index 1b8c37a6..38f06390 100644 --- a/module/blog/view/edit/edit.php +++ b/module/blog/view/edit/edit.php @@ -96,7 +96,8 @@ 'Edition / Suppression', 'selected' => is_numeric($this->getData(['module', $this->getUrl(0), $this->getUrl(2), 'editConsent'])) ? $module::EDIT_GROUP : $this->getData(['module', $this->getUrl(0), $this->getUrl(2), 'editConsent']), - 'help' => 'Les utilisateurs des groupes supérieurs accèdent à l\'article sans restriction' + 'help' => 'Les utilisateurs des groupes supérieurs accèdent à l\'article sans restriction', + 'disabled' => $this->getUser('group') < self::GROUP_MODERATOR ? true : false ]); ?>