#511 fixed

2005-04-22 13:37:16 +00:00 · 2005-04-22 13:37:16 +00:00 · 18f08574a3
commit 18f08574a3
parent fd5903d582
3 changed files with 56 additions and 18 deletions
--- a/livesupport/modules/htmlUI/var/ui_handler.class.php
+++ b/livesupport/modules/htmlUI/var/ui_handler.class.php
@ -530,8 +530,11 @@ class uiHandler extends uiBase {
     */
    function addPerm($subj, $permAction, $id, $allowDeny)
    {
-        #if($this->gb->checkPerm($this->userid, 'editPerms', $id)){
-        if (PEAR::isError($this->gb->addPerm($subj, $permAction, $id, $allowDeny))) {
+        if (PEAR::isError(
+            $this->gb->addPerm(
+                $this->sessid, $subj, $permAction, $id, $allowDeny
+            )
+        )) {
            $this->_retMsg('Access denied.');
            return FALSE;
        }
@ -549,8 +552,7 @@ class uiHandler extends uiBase {
     */
    function removePerm($permid, $oid)
    {
-        #if($this->gb->checkPerm($this->userid, 'editPerms', $oid))
-        if (PEAR::isError($this->gb->removePerm($permid))) {
+        if (PEAR::isError($this->gb->removePerm($this->sessid, $permid))) {
            $this->_retMsg('Access denied.');
            return FALSE;
        }
--- a/livesupport/modules/storageServer/var/GreenBox.php
+++ b/livesupport/modules/storageServer/var/GreenBox.php
@ -23,7 +23,7 @@


    Author   : $Author: tomas $
-    Version  : $Revision: 1.56 $
+    Version  : $Revision: 1.57 $
    Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/storageServer/var/GreenBox.php,v $

 ------------------------------------------------------------------------------*/
@ -35,7 +35,7 @@ require_once "BasicStor.php";
 *  LiveSupport file storage module
 *
 *  @author  $Author: tomas $
- *  @version $Revision: 1.56 $
+ *  @version $Revision: 1.57 $
 *  @see BasicStor
 */
 class GreenBox extends BasicStor{
@ -867,5 +867,46 @@ class GreenBox extends BasicStor{
        return $pa;
    }

+    /**
+     *   Insert permission record
+     *
+     *   @param sessid string, session id
+     *   @param sid int - local user/group id
+     *   @param action string
+     *   @param oid int - local object id
+     *   @param type char - 'A'|'D' (allow/deny)
+     *   @return int - local permission id
+     */
+    function addPerm($sessid, $sid, $action, $oid, $type='A')
+    {
+        $parid = $this->getParent($oid);
+        if(($res = $this->_authorize('editPerms', $parid, $sessid)) !== TRUE){
+            return $res;
+        }
+        return parent::addPerm($sid, $action, $oid, $type);
+    }
+    
+    /**
+     *   Remove permission record
+     *
+     *   @param sessid string, session id
+     *   @param permid int OPT - local permission id
+     *   @param subj int OPT - local user/group id
+     *   @param obj int OPT - local object id
+     *   @return boolean/error
+     */
+    function removePerm($sessid, $permid=NULL, $subj=NULL, $obj=NULL)
+    {
+        $oid = $this->_getPermOid($permid);
+        if(PEAR::isError($oid)) return $oid;
+        if(!is_null($oid)){
+            $parid = $this->getParent($oid);
+            if(($res = $this->_authorize('editPerms', $parid, $sessid)) !== TRUE)
+                return $res;
+        }
+        $res = parent::removePerm($permid, $subj, $obj);
+        return $res;
+    }
+    
 }
 ?>
--- a/livesupport/modules/storageServer/var/html/gbHttp.php
+++ b/livesupport/modules/storageServer/var/html/gbHttp.php
@ -23,7 +23,7 @@
 
 
    Author   : $Author: tomas $
-    Version  : $Revision: 1.16 $
+    Version  : $Revision: 1.17 $
    Location : $ $

 ------------------------------------------------------------------------------*/
@ -33,7 +33,7 @@ require_once"gbHtml_h.php";
 *  storageServer WWW-form interface
 *
 *  @author  $Author: tomas $
- *  @version $Revision: 1.16 $
+ *  @version $Revision: 1.17 $
 *  @see Alib
 *  @see GreenBox
 */
@ -363,13 +363,8 @@ switch($_REQUEST['act']){
 *  @param allowDeny char, A or D
 */
    case"addPerm";
-        $parid = $gb->getParent($_REQUEST['oid']);
        $redirUrl="gbHtmlPerms.php?id=$id";
-        if(!$gb->checkPerm($userid, 'editPerms', $parid)){
-            $_SESSION['alertMsg']='Access denied.';
-            break;
-        }
-        $res = $gb->addPerm($_REQUEST['subj'], $_REQUEST['permAction'],
+        $res = $gb->addPerm($sessid, $_REQUEST['subj'], $_REQUEST['permAction'],
            $_REQUEST['id'], $_REQUEST['allowDeny']);
        if($dbc->isError($res)){
            $_SESSION['alertMsg'] = $res->getMessage()." (".$res->getCode().")";
@ -383,10 +378,10 @@ switch($_REQUEST['act']){
 *  @param permid int, local id of permission record
 */
    case"removePerm";
-        $parid = $gb->getParent($_REQUEST['oid']);
-        if($gb->checkPerm($userid, 'editPerms', $parid))
-            $gb->removePerm($_REQUEST['permid']);
-        else $_SESSION['alertMsg']='Access denied.';
+        $res = $gb->removePerm($sessid, $_REQUEST['permid']);
+        if($dbc->isError($res)){
+            $_SESSION['alertMsg'] = $res->getMessage()." (".$res->getCode().")";
+        }
        $redirUrl="gbHtmlPerms.php?id=$id";
    break;