lapervenche
/
ZwiiCMS
forked from ZwiiCMS-Team/ZwiiCMS
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

permissions sur modules externes

This commit is contained in:
Fred Tempez 2020-10-11 05:16:20 +02:00
parent 32e727eb71
commit f9569b1085
3 changed files with 87 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
module/blog/blog.php
View File

@ -27,7 +27,7 @@ class blog extends common {
'commentDelete' => self::GROUP_MODERATOR, 'commentDelete' => self::GROUP_MODERATOR,
'commentDeleteAll' => self::GROUP_MODERATOR, 'commentDeleteAll' => self::GROUP_MODERATOR,
'config' => self::GROUP_EDITOR, 'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR, 'delete' => self::GROUP_MODERATOR,
'edit' => self::GROUP_EDITOR, 'edit' => self::GROUP_EDITOR,
'index' => self::GROUP_VISITOR 'index' => self::GROUP_VISITOR
]; ];
@ -375,29 +375,37 @@ class blog extends common {
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { // Contrôle d'accès
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} } else {
// Jeton incorrect if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
elseif ($this->getUrl(3) !== $_SESSION['csrf']) { // Valeurs en sortie
// Valeurs en sortie $this->addOutput([
$this->addOutput([ 'access' => false
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', ]);
'notification' => 'Action non autorisée' }
]); // Jeton incorrect
} elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Suppression // Valeurs en sortie
else { $this->addOutput([
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
// Valeurs en sortie 'notification' => 'Action non autorisée'
$this->addOutput([ ]);
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', }
'notification' => 'Article supprimé', // Suppression
'state' => true else {
]); $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Article supprimé',
'state' => true
]);
}
} }
} }

52
module/gallery/gallery.php
View File

@ -37,7 +37,7 @@ class gallery extends common {
public static $actions = [ public static $actions = [
'config' => self::GROUP_EDITOR, 'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR, 'delete' => self::GROUP_MODERATOR,
'dirs' => self::GROUP_EDITOR, 'dirs' => self::GROUP_EDITOR,
'sortGalleries' => self::GROUP_EDITOR, 'sortGalleries' => self::GROUP_EDITOR,
'sortPictures' => self::GROUP_EDITOR, 'sortPictures' => self::GROUP_EDITOR,
@ -287,31 +287,39 @@ class gallery extends common {
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
// $url prend l'adresse sans le token // Contrôle d'accès
// La galerie n'existe pas if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} } else {
// Jeton incorrect // $url prend l'adresse sans le token
if ($this->getUrl(3) !== $_SESSION['csrf']) { // La galerie n'existe pas
// Valeurs en sortie if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
$this->addOutput([ // Valeurs en sortie
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', $this->addOutput([
'notification' => 'Suppression non autorisée' 'access' => false
]); ]);
} }
// Suppression // Jeton incorrect
else { if ($this->getUrl(3) !== $_SESSION['csrf']) {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); // Valeurs en sortie
// Valeurs en sortie $this->addOutput([
$this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'notification' => 'Suppression non autorisée'
'notification' => 'Galerie supprimée', ]);
'state' => true }
]); // Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Galerie supprimée',
'state' => true
]);
}
} }
} }

50
module/news/news.php
View File

@ -17,7 +17,7 @@ class news extends common {
public static $actions = [ public static $actions = [
'add' => self::GROUP_EDITOR, 'add' => self::GROUP_EDITOR,
'config' => self::GROUP_EDITOR, 'config' => self::GROUP_EDITOR,
'delete' => self::GROUP_EDITOR, 'delete' => self::GROUP_MODERATOR,
'edit' => self::GROUP_EDITOR, 'edit' => self::GROUP_EDITOR,
'index' => self::GROUP_VISITOR 'index' => self::GROUP_VISITOR
]; ];
@ -117,30 +117,38 @@ class news extends common {
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
// La news n'existe pas // Contrôle d'accès
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} } else {
// Jeton incorrect // La news n'existe pas
elseif ($this->getUrl(3) !== $_SESSION['csrf']) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'access' => false
'notification' => 'Action non autorisée' ]);
]); }
} // Jeton incorrect
// Suppression elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
else { // Valeurs en sortie
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); $this->addOutput([
// Valeurs en sortie 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
$this->addOutput([ 'notification' => 'Action non autorisée'
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', ]);
'notification' => 'News supprimée', }
'state' => true // Suppression
]); else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'News supprimée',
'state' => true
]);
}
} }
} }