Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-4655: DJ's can delete files that they do not own

Browse source 
-fixed
This commit is contained in:
denise 2012-10-31 16:51:29 -04:00
parent fc613aa597
commit 2507e0f8a4
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
airtime_mvc/application/models/StoredFile.php
View file

@ -344,6 +344,13 @@ SQL;
throw new DeleteScheduledFileException();
}
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $this->getFileOwnerId() != $user->getId()) {
throw new FileNoPermissionException();
}
$music_dir = Application_Model_MusicDir::getDirByPK($this->_file->getDbDirectory());
$type = $music_dir->getType();
@ -1213,3 +1220,4 @@ SQL;
class DeleteScheduledFileException extends Exception {}
class FileDoesNotExistException extends Exception {}
class FileNoPermissionException extends Exception {}