CC-4655: DJ's can delete files that they do not own

-fixed
This commit is contained in:
denise 2012-10-31 16:51:29 -04:00
parent fc613aa597
commit 2507e0f8a4
2 changed files with 10 additions and 0 deletions

View File

@ -319,6 +319,8 @@ class LibraryController extends Zend_Controller_Action
if (isset($file)) {
try {
$res = $file->delete(true);
} catch (FileNoPermissionException $e) {
$this->view->message = "You don't have permission to delete selected items.";
} catch (Exception $e) {
//could throw a scheduled in future exception.
$message = "Could not delete some scheduled files.";

View File

@ -344,6 +344,13 @@ SQL;
throw new DeleteScheduledFileException();
}
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $this->getFileOwnerId() != $user->getId()) {
throw new FileNoPermissionException();
}
$music_dir = Application_Model_MusicDir::getDirByPK($this->_file->getDbDirectory());
$type = $music_dir->getType();
@ -1213,3 +1220,4 @@ SQL;
class DeleteScheduledFileException extends Exception {}
class FileDoesNotExistException extends Exception {}
class FileNoPermissionException extends Exception {}