forked from ZwiiCMS-Team/ZwiiCMS
permissions sur modules externes
This commit is contained in:
parent
32e727eb71
commit
f9569b1085
|
@ -27,7 +27,7 @@ class blog extends common {
|
||||||
'commentDelete' => self::GROUP_MODERATOR,
|
'commentDelete' => self::GROUP_MODERATOR,
|
||||||
'commentDeleteAll' => self::GROUP_MODERATOR,
|
'commentDeleteAll' => self::GROUP_MODERATOR,
|
||||||
'config' => self::GROUP_EDITOR,
|
'config' => self::GROUP_EDITOR,
|
||||||
'delete' => self::GROUP_EDITOR,
|
'delete' => self::GROUP_MODERATOR,
|
||||||
'edit' => self::GROUP_EDITOR,
|
'edit' => self::GROUP_EDITOR,
|
||||||
'index' => self::GROUP_VISITOR
|
'index' => self::GROUP_VISITOR
|
||||||
];
|
];
|
||||||
|
@ -375,29 +375,37 @@ class blog extends common {
|
||||||
* Suppression
|
* Suppression
|
||||||
*/
|
*/
|
||||||
public function delete() {
|
public function delete() {
|
||||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
// Contrôle d'accès
|
||||||
|
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'access' => false
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
} else {
|
||||||
// Jeton incorrect
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
// Valeurs en sortie
|
||||||
// Valeurs en sortie
|
$this->addOutput([
|
||||||
$this->addOutput([
|
'access' => false
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
]);
|
||||||
'notification' => 'Action non autorisée'
|
}
|
||||||
]);
|
// Jeton incorrect
|
||||||
}
|
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||||
// Suppression
|
// Valeurs en sortie
|
||||||
else {
|
$this->addOutput([
|
||||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
// Valeurs en sortie
|
'notification' => 'Action non autorisée'
|
||||||
$this->addOutput([
|
]);
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
}
|
||||||
'notification' => 'Article supprimé',
|
// Suppression
|
||||||
'state' => true
|
else {
|
||||||
]);
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||||
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
|
'notification' => 'Article supprimé',
|
||||||
|
'state' => true
|
||||||
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ class gallery extends common {
|
||||||
|
|
||||||
public static $actions = [
|
public static $actions = [
|
||||||
'config' => self::GROUP_EDITOR,
|
'config' => self::GROUP_EDITOR,
|
||||||
'delete' => self::GROUP_EDITOR,
|
'delete' => self::GROUP_MODERATOR,
|
||||||
'dirs' => self::GROUP_EDITOR,
|
'dirs' => self::GROUP_EDITOR,
|
||||||
'sortGalleries' => self::GROUP_EDITOR,
|
'sortGalleries' => self::GROUP_EDITOR,
|
||||||
'sortPictures' => self::GROUP_EDITOR,
|
'sortPictures' => self::GROUP_EDITOR,
|
||||||
|
@ -287,31 +287,39 @@ class gallery extends common {
|
||||||
* Suppression
|
* Suppression
|
||||||
*/
|
*/
|
||||||
public function delete() {
|
public function delete() {
|
||||||
// $url prend l'adresse sans le token
|
// Contrôle d'accès
|
||||||
// La galerie n'existe pas
|
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'access' => false
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
} else {
|
||||||
// Jeton incorrect
|
// $url prend l'adresse sans le token
|
||||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
// La galerie n'existe pas
|
||||||
// Valeurs en sortie
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||||
$this->addOutput([
|
// Valeurs en sortie
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
$this->addOutput([
|
||||||
'notification' => 'Suppression non autorisée'
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
// Suppression
|
// Jeton incorrect
|
||||||
else {
|
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
// Valeurs en sortie
|
||||||
// Valeurs en sortie
|
$this->addOutput([
|
||||||
$this->addOutput([
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
'notification' => 'Suppression non autorisée'
|
||||||
'notification' => 'Galerie supprimée',
|
]);
|
||||||
'state' => true
|
}
|
||||||
]);
|
// Suppression
|
||||||
|
else {
|
||||||
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||||
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
|
'notification' => 'Galerie supprimée',
|
||||||
|
'state' => true
|
||||||
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ class news extends common {
|
||||||
public static $actions = [
|
public static $actions = [
|
||||||
'add' => self::GROUP_EDITOR,
|
'add' => self::GROUP_EDITOR,
|
||||||
'config' => self::GROUP_EDITOR,
|
'config' => self::GROUP_EDITOR,
|
||||||
'delete' => self::GROUP_EDITOR,
|
'delete' => self::GROUP_MODERATOR,
|
||||||
'edit' => self::GROUP_EDITOR,
|
'edit' => self::GROUP_EDITOR,
|
||||||
'index' => self::GROUP_VISITOR
|
'index' => self::GROUP_VISITOR
|
||||||
];
|
];
|
||||||
|
@ -117,30 +117,38 @@ class news extends common {
|
||||||
* Suppression
|
* Suppression
|
||||||
*/
|
*/
|
||||||
public function delete() {
|
public function delete() {
|
||||||
// La news n'existe pas
|
// Contrôle d'accès
|
||||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
if ( self::$actions[__FUNCTION__] >= $this->getUser('group')) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'access' => false
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
} else {
|
||||||
// Jeton incorrect
|
// La news n'existe pas
|
||||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
'access' => false
|
||||||
'notification' => 'Action non autorisée'
|
]);
|
||||||
]);
|
}
|
||||||
}
|
// Jeton incorrect
|
||||||
// Suppression
|
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||||
else {
|
// Valeurs en sortie
|
||||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
$this->addOutput([
|
||||||
// Valeurs en sortie
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
$this->addOutput([
|
'notification' => 'Action non autorisée'
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
]);
|
||||||
'notification' => 'News supprimée',
|
}
|
||||||
'state' => true
|
// Suppression
|
||||||
]);
|
else {
|
||||||
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||||
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
|
'notification' => 'News supprimée',
|
||||||
|
'state' => true
|
||||||
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue