hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-10 03:23:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-315 Do not expose not downloadable subdef

Browse Source
This commit is contained in:
Nicolas Le Goff
2015-01-12 16:00:01 +01:00
parent 87dbd0150d
commit 0275ede43c
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/classes/API/V1/adapter.php
View File

@@ -1460,6 +1460,7 @@ class API_V1_adapter extends API_V1_Abstract
return null;
}
if ($this->app['authentication']->isAuthenticated()) {
if ($media->get_name() !== 'document' && false === $this->app['authentication']->getUser()->ACL()->has_access_to_subdef($record, $media->get_name())) {
return null;
@@ -1470,6 +1471,17 @@ class API_V1_adapter extends API_V1_Abstract
}
}
$databox = $record->get_databox();
try {
$subDefDefinition = $databox->get_subdef_structure()->get_subdef($record->get_type(), $media->get_name());
} catch (Exception_Databox_SubdefNotFound $e) {
return null;
}
if (false === $subDefDefinition->is_downloadable()) {
return null;
}
if ($media->get_permalink() instanceof media_Permalink_Adapter) {
$permalink = $this->list_permalink($media->get_permalink(), $registry);
} else {