hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 15:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

raise unauthorized exception when authenticated user do not have proper rights

Browse Source
This commit is contained in:
Nicolas Le Goff
2012-01-17 16:31:57 +01:00
parent 6dfbdb040c
commit ba4dd7ddb9
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php
View File

@@ -100,10 +100,18 @@ class MoveCollection extends RecordHelper
$appbox = \appbox::get_instance();
$user = $this->getCore()->getAuthenticatedUser();
$baseId = $request->get('base_id');
$base_dest =
$user->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord') ?
$user->ACL()->has_right_on_base($baseId, 'canaddrecord') ?
$request->get('base_id') : false;
if(!$user->ACL()->has_right_on_base($baseId, 'canaddrecord'))
{
throw new \Exception_Unauthorized(sprintf("%s do not have the permission to move records to %s", $user->get_login()));
}
if (!$this->is_possible())
throw new Exception('This action is not possible');
@@ -123,6 +131,7 @@ class MoveCollection extends RecordHelper
}
}
$collection = \collection::get_from_base_id($base_dest);
foreach ($this->selection as $record)