forked from ZwiiCMS-Team/ZwiiCMS
permissions sur modules externes
This commit is contained in:
parent
32e727eb71
commit
f9569b1085
|
@ -27,7 +27,7 @@ class blog extends common {
|
|||
'commentDelete' => self::GROUP_MODERATOR,
|
||||
'commentDeleteAll' => self::GROUP_MODERATOR,
|
||||
'config' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_MODERATOR,
|
||||
'edit' => self::GROUP_EDITOR,
|
||||
'index' => self::GROUP_VISITOR
|
||||
];
|
||||
|
@ -375,29 +375,37 @@ class blog extends common {
|
|||
* Suppression
|
||||
*/
|
||||
public function delete() {
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Contrôle d'accès
|
||||
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Action non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Article supprimé',
|
||||
'state' => true
|
||||
]);
|
||||
} else {
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Action non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Article supprimé',
|
||||
'state' => true
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ class gallery extends common {
|
|||
|
||||
public static $actions = [
|
||||
'config' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_MODERATOR,
|
||||
'dirs' => self::GROUP_EDITOR,
|
||||
'sortGalleries' => self::GROUP_EDITOR,
|
||||
'sortPictures' => self::GROUP_EDITOR,
|
||||
|
@ -287,31 +287,39 @@ class gallery extends common {
|
|||
* Suppression
|
||||
*/
|
||||
public function delete() {
|
||||
// $url prend l'adresse sans le token
|
||||
// La galerie n'existe pas
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Contrôle d'accès
|
||||
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Suppression non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Galerie supprimée',
|
||||
'state' => true
|
||||
]);
|
||||
} else {
|
||||
// $url prend l'adresse sans le token
|
||||
// La galerie n'existe pas
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Suppression non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Galerie supprimée',
|
||||
'state' => true
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ class news extends common {
|
|||
public static $actions = [
|
||||
'add' => self::GROUP_EDITOR,
|
||||
'config' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_EDITOR,
|
||||
'delete' => self::GROUP_MODERATOR,
|
||||
'edit' => self::GROUP_EDITOR,
|
||||
'index' => self::GROUP_VISITOR
|
||||
];
|
||||
|
@ -117,30 +117,38 @@ class news extends common {
|
|||
* Suppression
|
||||
*/
|
||||
public function delete() {
|
||||
// La news n'existe pas
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Contrôle d'accès
|
||||
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Action non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'News supprimée',
|
||||
'state' => true
|
||||
]);
|
||||
} else {
|
||||
// La news n'existe pas
|
||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'access' => false
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'Action non autorisée'
|
||||
]);
|
||||
}
|
||||
// Suppression
|
||||
else {
|
||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
'notification' => 'News supprimée',
|
||||
'state' => true
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue