hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 15:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

check right on subdef

Browse Source
This commit is contained in:
aynsix
2022-02-01 16:44:24 +03:00
parent 720b8ba232
commit 6240f1f888
2 changed files with 44 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/Alchemy/Phrasea/Out/Module/PDFRecords.php
View File

@@ -59,6 +59,7 @@ class PDFRecords extends PDF
$this->pdf->setPrintOwnerUser($app->getAuthenticatedUser());
$records = $printer->get_elements();
$aclUser = $this->app->getAclForUser($this->app->getAuthenticatedUser());
$list = [];
@@ -77,13 +78,21 @@ class PDFRecords extends PDF
// fallback to thumbnail ( video, sound, doc ) ..
if ($subdef->get_type() !== \media_subdef::TYPE_IMAGE) {
$subdef = $record->get_subdef($this->thumbnailName);
// $subdef = $record->get_thumbnail();
}
if (!$subdef->is_physically_present()) {
continue 2;
}
// check access right on the subdef
if (
($subdef->get_name() != 'document' && !$aclUser->has_access_to_subdef($record, $subdef->get_name()))
||
($subdef->get_name() == 'document' && !$aclUser->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD))
) {
continue 2;
}
if ($subdef->get_type() !== \media_subdef::TYPE_IMAGE) {
continue 2;
}
@@ -99,6 +108,15 @@ class PDFRecords extends PDF
continue 2;
}
// check access right on the subdef
if (
($subdef->get_name() != 'document' && !$aclUser->has_access_to_subdef($record, $subdef->get_name()))
||
($subdef->get_name() == 'document' && !$aclUser->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD))
) {
continue 2;
}
if ($subdef->get_type() !== \media_subdef::TYPE_IMAGE) {
continue 2;
}