lapervenche
/
ZwiiCMS
forked from ZwiiCMS-Team/ZwiiCMS
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

permissions sur modules externes

This commit is contained in:
Fred Tempez 2020-10-11 05:16:20 +02:00
parent 32e727eb71
commit f9569b1085
3 changed files with 87 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
module/blog/blog.php
View File

@ -27,7 +27,7 @@ class blog extends common {
'commentDelete' => self::GROUP_MODERATOR,
'commentDeleteAll' => self::GROUP_MODERATOR,
'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR,
'delete' => self::GROUP_MODERATOR,
'edit' => self::GROUP_EDITOR,
'index' => self::GROUP_VISITOR
];
@ -375,29 +375,37 @@ class blog extends common {
* Suppression
*/
public function delete() {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Contrôle d'accès
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Article supprimé',
'state' => true
]);
} else {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Article supprimé',
'state' => true
]);
}
}
}

52
module/gallery/gallery.php
View File

@ -37,7 +37,7 @@ class gallery extends common {
public static $actions = [
'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR,
'delete' => self::GROUP_MODERATOR,
'dirs' => self::GROUP_EDITOR,
'sortGalleries' => self::GROUP_EDITOR,
'sortPictures' => self::GROUP_EDITOR,
@ -287,31 +287,39 @@ class gallery extends common {
* Suppression
*/
public function delete() {
// $url prend l'adresse sans le token
// La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Contrôle d'accès
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Galerie supprimée',
'state' => true
]);
} else {
// $url prend l'adresse sans le token
// La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Galerie supprimée',
'state' => true
]);
}
}
}

50
module/news/news.php
View File

@ -17,7 +17,7 @@ class news extends common {
public static $actions = [
'add' => self::GROUP_EDITOR,
'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR,
'delete' => self::GROUP_MODERATOR,
'edit' => self::GROUP_EDITOR,
'index' => self::GROUP_VISITOR
];
@ -117,30 +117,38 @@ class news extends common {
* Suppression
*/
public function delete() {
// La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Contrôle d'accès
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'News supprimée',
'state' => true
]);
} else {
// La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'News supprimée',
'state' => true
]);
}
}
}