diff --git a/core/core.php b/core/core.php index 9f2bdd68..32f8ad8f 100644 --- a/core/core.php +++ b/core/core.php @@ -2762,7 +2762,7 @@ class layout extends common { $rightItems = ''; // if($this->getUser('group') >= self::GROUP_MODERATOR) { if($this->getUser('group') >= self::GROUP_EDITOR) { - $rightItems .= '
  • ' . template::ico('folder') . '
  • '; + $rightItems .= '
  • ' . template::ico('folder') . '
  • '; } if($this->getUser('group') >= self::GROUP_ADMIN) { $rightItems .= '
  • ' . template::ico('users') . '
  • '; diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index c17db810..22afda6d 100644 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -13,14 +13,11 @@ ob_start('mb_output_handler'); date_default_timezone_set('Europe/Paris'); setlocale(LC_CTYPE, 'fr_FR'); //correct transliteration -// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur via cookie et user.json -if( is_file('../../../site/data/user.json')){ - $json = file_get_contents('../../../site/data/user.json'); - $user = json_decode($json, true); - $val = $user['user'][$_COOKIE["ZWII_USER_ID"]]['group'] >= 3 ? true : false; -} -else{ - $val = false; +// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur transmis par l'URL +$access = false; +if ( password_verify('4',$_GET['ext']) + OR password_verify('3',$_GET['ext']) ) { + $access = true; } @@ -347,18 +344,18 @@ $config = array( //************************* //Permissions configuration //****************** - 'delete_files' => $val, + 'delete_files' => $access, 'create_folders' => true, - 'delete_folders' => $val, + 'delete_folders' => $access, 'upload_files' => true, - 'rename_files' => $val, - 'rename_folders' => $val, + 'rename_files' => $access, + 'rename_folders' => $access, 'duplicate_files' => true, 'extract_files' => true, - 'copy_cut_files' => $val, // for copy/cut files - 'copy_cut_dirs' => $val, // for copy/cut directories - 'chmod_files' => $val, // change file permissions - 'chmod_dirs' => $val, // change folder permissions + 'copy_cut_files' => $access, // for copy/cut files + 'copy_cut_dirs' => $access, // for copy/cut directories + 'chmod_files' => $access, // change file permissions + 'chmod_dirs' => $access, // change folder permissions 'preview_text_files' => true, // eg.: txt, log etc. 'edit_text_files' => true, // eg.: txt, log etc. 'create_text_files' => true, // only create files with exts. defined in $config['editable_text_file_exts']