hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 15:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

raise unauthorized exception when authenticated user do not have proper rights

Browse Source
This commit is contained in:
Nicolas Le Goff
2012-01-17 16:31:57 +01:00
parent 6dfbdb040c
commit ba4dd7ddb9
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php
View File

@@ -100,10 +100,18 @@ class MoveCollection extends RecordHelper
$appbox = \appbox::get_instance(); $appbox = \appbox::get_instance();
$user = $this->getCore()->getAuthenticatedUser(); $user = $this->getCore()->getAuthenticatedUser();
$baseId = $request->get('base_id');
$base_dest = $base_dest =
$user->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord') ? $user->ACL()->has_right_on_base($baseId, 'canaddrecord') ?
$request->get('base_id') : false; $request->get('base_id') : false;
if(!$user->ACL()->has_right_on_base($baseId, 'canaddrecord'))
{
throw new \Exception_Unauthorized(sprintf("%s do not have the permission to move records to %s", $user->get_login()));
}
if (!$this->is_possible()) if (!$this->is_possible())
throw new Exception('This action is not possible'); throw new Exception('This action is not possible');
@@ -122,7 +130,8 @@ class MoveCollection extends RecordHelper
} }
} }
} }
$collection = \collection::get_from_base_id($base_dest); $collection = \collection::get_from_base_id($base_dest);
foreach ($this->selection as $record) foreach ($this->selection as $record)