Interdiction des suppressions depuis le module en sus du routage

2023-06-18 17:33:26 +02:00 · 2023-06-18 17:33:26 +02:00 · 6214f6a363
commit 6214f6a363
parent 95b7d1f74e
9 changed files with 23 additions and 10 deletions
--- a/core/module/user/user.php
+++ b/core/module/user/user.php
@ -601,7 +601,7 @@ class user extends common
 					'news' => [
 						'add' => $this->getInput('profilEditNewsAdd', helper::FILTER_BOOLEAN),
 						'edit' => $this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN),
-						'delete' => $this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN),
+						'delete' => $this->getInput('profilEditNewsDelete', helper::FILTER_BOOLEAN),
 						'option' => $this->getInput('profilEditNewsOption', helper::FILTER_BOOLEAN),
 						'config' => $this->getInput('profilEditNewsAdd', helper::FILTER_BOOLEAN) ||
 									$this->getInput('profilEditNewsEdit', helper::FILTER_BOOLEAN) ||
@ -729,7 +729,7 @@ class user extends common
 					'news' => [
 						'add' => $this->getInput('profilAddNewsAdd', helper::FILTER_BOOLEAN),
 						'edit' => $this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN),
-						'delete' => $this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN),
+						'delete' => $this->getInput('profilAddNewsDelete', helper::FILTER_BOOLEAN),
 						'option' => $this->getInput('profilAddNewsOption', helper::FILTER_BOOLEAN),
 						'config' => $this->getInput('profilAddNewsAdd', helper::FILTER_BOOLEAN) ||
 									$this->getInput('profilAddNewsEdit', helper::FILTER_BOOLEAN) ||
--- a/module/blog/blog.php
+++ b/module/blog/blog.php
@ -592,7 +592,9 @@ class blog extends common
 	 */
 	public function delete()
 	{
-		if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
+		if (
+			$this->getUser('permission', 'blog', 'delete') === false ||
+			$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'access' => false
--- a/module/blog/changes.md
+++ b/module/blog/changes.md
@ -1,4 +1,5 @@
-
+# version 6.9
+- Bloque l'effacement de l'article selon le profil
 # version 6.8
 - Erreur de décompte des commentaires approuvés ou non dans l'index
 # version 6.7
--- a/module/form/changes.md
+++ b/module/form/changes.md
@ -1,3 +1,5 @@
+# Version 3.10
+- Bloque l'effacement selon le profil
 # Version 3.9
 - Redirection des pages orphelines
 # Version 3.8
--- a/module/form/form.php
+++ b/module/form/form.php
@ -17,7 +17,7 @@
 class form extends common
 {

-	const VERSION = '3.9';
+	const VERSION = '3.10';
 	const REALNAME = 'Formulaire';
 	const DATADIRECTORY = ''; // Contenu localisé inclus par défaut (page.json et module.json)

@ -344,7 +344,9 @@ class form extends common
 	public function delete()
 	{
 		// Jeton incorrect
-		if ($this->getUrl(3) !== $_SESSION['csrf']) {
+		if (
+			$this->getUser('permission', 'form', 'delete') === false ||
+			$this->getUrl(3) !== $_SESSION['csrf']) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
--- a/module/gallery/changes.md
+++ b/module/gallery/changes.md
@ -1,3 +1,5 @@
+# Version 3.9
+- Bloque l'effacement de la galerie selon le profil
 # Version 3.8
 - Version compare null, dataversion not initialize
 - Bug de positionnement des boutons de retour
--- a/module/gallery/gallery.php
+++ b/module/gallery/gallery.php
@ -18,7 +18,7 @@ class gallery extends common
 {


-	const VERSION = '3.8';
+	const VERSION = '3.9';
 	const REALNAME = 'Galerie';
 	const DATADIRECTORY = self::DATA_DIR . 'gallery/';

@ -500,7 +500,8 @@ class gallery extends common
 	{
 		// $url prend l'adresse sans le token
 		// La galerie n'existe pas
-		if ($this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) {
+		if ($this->getUser('permission', 'gallery', 'delete') === false ||
+			$this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'access' => false
--- a/module/news/changes.md
+++ b/module/news/changes.md
@ -1,3 +1,5 @@
+# Version 4.5
+- Bloque l'effacement de l'article selon le profil
 # Version 4.4
 - Intl date Formats
 - Bug un conflit avec le style de la page
--- a/module/news/news.php
+++ b/module/news/news.php
@ -16,7 +16,7 @@
 class news extends common
 {

-	const VERSION = '4.3';
+	const VERSION = '4.4';
 	const REALNAME = 'News';
 	const DATADIRECTORY = self::DATA_DIR . 'news/';

@ -365,7 +365,8 @@ class news extends common
 	public function delete()
 	{
 		// La news n'existe pas
-		if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
+		if ($this->getUser('permission', 'news', 'delete') === false ||
+			$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'access' => false