CC-4655: DJ's can delete files that they do not own
-fixed
This commit is contained in:
parent
fc613aa597
commit
2507e0f8a4
|
@ -319,6 +319,8 @@ class LibraryController extends Zend_Controller_Action
|
|||
if (isset($file)) {
|
||||
try {
|
||||
$res = $file->delete(true);
|
||||
} catch (FileNoPermissionException $e) {
|
||||
$this->view->message = "You don't have permission to delete selected items.";
|
||||
} catch (Exception $e) {
|
||||
//could throw a scheduled in future exception.
|
||||
$message = "Could not delete some scheduled files.";
|
||||
|
|
|
@ -344,6 +344,13 @@ SQL;
|
|||
throw new DeleteScheduledFileException();
|
||||
}
|
||||
|
||||
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
|
||||
$user = new Application_Model_User($userInfo->id);
|
||||
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
|
||||
if (!$isAdminOrPM && $this->getFileOwnerId() != $user->getId()) {
|
||||
throw new FileNoPermissionException();
|
||||
}
|
||||
|
||||
$music_dir = Application_Model_MusicDir::getDirByPK($this->_file->getDbDirectory());
|
||||
$type = $music_dir->getType();
|
||||
|
||||
|
@ -1213,3 +1220,4 @@ SQL;
|
|||
|
||||
class DeleteScheduledFileException extends Exception {}
|
||||
class FileDoesNotExistException extends Exception {}
|
||||
class FileNoPermissionException extends Exception {}
|
||||
|
|
Loading…
Reference in New Issue