From 6477265a8ad76a8a94350fa51d688a9014484a2a Mon Sep 17 00:00:00 2001 From: Fred Tempez Date: Mon, 12 Oct 2020 19:12:38 +0200 Subject: [PATCH] Permissions en test --- core/core.php | 2 +- module/blog/blog.php | 16 ++++++++-------- module/blog/view/article/article.php | 26 +++++++++++++++++--------- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/core/core.php b/core/core.php index 07468546..b526e568 100644 --- a/core/core.php +++ b/core/core.php @@ -1449,7 +1449,7 @@ class common { $articleIds = array_keys(helper::arrayCollumn($this->getData(['module',$parent]), 'publishedOn', 'SORT_DESC')); foreach ($articleIds as $key => $article) { // Droits les deux groupes - $this->setData(['module', $parent, $article,'editConsent','group']); + $this->setData(['module', $parent, $article,'editConsent', 3]); // Limite de taille 500 $this->setData(['module', $parent, $article,'commentMaxlength', '500']); // Pas d'approbation des commentaires diff --git a/module/blog/blog.php b/module/blog/blog.php index e8383ac6..190ca559 100644 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -78,7 +78,7 @@ class blog extends common { // Permissions d'un article public static $articleConsent = [ self::EDIT_GROUP => 'Groupe du propriétaire', - self::EDIT_OWNER => 'Propiétaire' + self::EDIT_OWNER => 'Propiétaire' ]; @@ -118,7 +118,7 @@ class blog extends common { 'state' => $this->getInput('blogAddState', helper::FILTER_BOOLEAN), 'title' => $this->getInput('blogAddTitle', helper::FILTER_STRING_SHORT, true), 'userId' => $newuserid, - 'editConsent' => $this->getInput('blogAddConsent'), + 'editConsent' => $this->getInput('blogEditConsent') === self::EDIT_GROUP ? $this->getUser('group') : self::EDIT_OWNER, 'commentMaxlength' => $this->getInput('blogAddCommentMaxlength'), 'commentApproved' => $this->getInput('blogAddCommentApproved', helper::FILTER_BOOLEAN), 'commentClose' => $this->getInput('blogAddCommentClose', helper::FILTER_BOOLEAN), @@ -304,14 +304,14 @@ class blog extends common { // Gestion des droits d'accès $filterData=[]; foreach ($articleIds as $key => $value) { - $consent = $this->getData(['module', $this->getUrl(0), $value,'editConsent']); if ( - ( - $consent === self::EDIT_OWNER + ( // Propriétaire + $this->getData(['module', $this->getUrl(0), $value,'editConsent']) === self::EDIT_OWNER AND $this->getData(['module', $this->getUrl(0), $value,'userId']) === $this->getUser('id') ) OR ( - $consent === self::EDIT_GROUP - AND $this->getUser('group') >= $this->getData(['user',$this->getUser('group'),'group']) + // Groupe + $this->getData(['module', $this->getUrl(0), $this->getUrl(1),'editConsent']) !== self::EDIT_OWNER + AND $this->getUser('group') >= $this->getData(['module',$this->getUrl(0), $value,'editConsent']) ) ) { $filterData[] = $value; @@ -448,7 +448,7 @@ class blog extends common { 'state' => $this->getInput('blogEditState', helper::FILTER_BOOLEAN), 'title' => $this->getInput('blogEditTitle', helper::FILTER_STRING_SHORT, true), 'userId' => $newuserid, - 'editConsent' => $this->getInput('blogEditConsent'), + 'editConsent' => $this->getInput('blogEditConsent') === self::EDIT_GROUP ? $this->getUser('group') : self::EDIT_OWNER, 'commentMaxlength' => $this->getInput('blogEditCommentMaxength'), 'commentApproved' => $this->getInput('blogEditCommentApproved', helper::FILTER_BOOLEAN), 'commentClose' => $this->getInput('blogEditCommentClose', helper::FILTER_BOOLEAN), diff --git a/module/blog/view/article/article.php b/module/blog/view/article/article.php index 2d95f295..491de407 100644 --- a/module/blog/view/article/article.php +++ b/module/blog/view/article/article.php @@ -7,16 +7,24 @@ à getData(['module', $this->getUrl(0), $this->getUrl(1), 'publishedOn'])); ?> - getUser('group') >= self::GROUP_ADMIN - AND $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') + getUser('password') === $this->getInput('ZWII_USER_PASSWORD') + AND + ( // Propriétaire + $this->getData(['module', $this->getUrl(0), $this->getUrl(1),'editConsent']) === $module::EDIT_OWNER + AND $this->getData(['module', $this->getUrl(0), $this->getUrl(1),'userId']) === $this->getUser('id') + ) OR ( + // Groupe + $this->getData(['module', $this->getUrl(0), $this->getUrl(1),'editConsent']) !== $module::EDIT_OWNER + AND $this->getUser('group') >= $this->getData(['module',$this->getUrl(0), $this->getUrl(1),'editConsent']) + ) ): ?> -
- helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'], - 'value' => 'Editer' - ]); ?> -
+
+ helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'], + 'value' => 'Editer' + ]); ?> +
getData(['module', $this->getUrl(0), $this->getUrl(1), 'pictureSize']) === null ? '100' : $this->getData(['module', $this->getUrl(0), $this->getUrl(1), 'pictureSize']); ?>