Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-4257: Smart Block: Admin cannot delete DJ user's block 

-fixed
This commit is contained in:
denise 2012-08-21 15:42:44 -04:00
parent f52cb81c64
commit 2cdaa186e3
3 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
airtime_mvc/application/controllers/PlaylistController.php
View File

@ -140,6 +140,8 @@ class PlaylistController extends Zend_Controller_Action
private function playlistNoPermission($p_type) private function playlistNoPermission($p_type)
{ {
$this->view->error = "You don't have permission to delete selected {$p_type}(s)."; $this->view->error = "You don't have permission to delete selected {$p_type}(s).";
$this->changePlaylist(null, $p_type);
$this->createFullResponse(null);
} }
private function playlistUnknownError($e) private function playlistUnknownError($e)
@ -294,6 +296,8 @@ class PlaylistController extends Zend_Controller_Action
$this->createFullResponse($obj); $this->createFullResponse($obj);
} catch (PlaylistNoPermissionException $e) { } catch (PlaylistNoPermissionException $e) {
$this->playlistNoPermission($type); $this->playlistNoPermission($type);
} catch (BlockNoPermissionException $e) {
$this->playlistNoPermission($type);
} catch (PlaylistNotFoundException $e) { } catch (PlaylistNotFoundException $e) {
$this->playlistNotFound($type); $this->playlistNotFound($type);
} catch (Exception $e) { } catch (Exception $e) {

9
airtime_mvc/application/models/Block.php
View File

@ -875,12 +875,21 @@ EOT;
*/ */
public static function deleteBlocks($p_ids, $p_userId) public static function deleteBlocks($p_ids, $p_userId)
{ {
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId); $leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) { if (count($leftOver) == 0) {
CcBlockQuery::create()->findPKs($p_ids)->delete(); CcBlockQuery::create()->findPKs($p_ids)->delete();
} else { } else {
throw new BlockNoPermissionException; throw new BlockNoPermissionException;
} }
} else {
CcBlockQuery::create()->findPKs($p_ids)->delete();
}
} }
// This function returns that are not owen by $p_user_id among $p_ids // This function returns that are not owen by $p_user_id among $p_ids

8
airtime_mvc/application/models/Playlist.php
View File

@ -874,12 +874,20 @@ SQL;
*/ */
public static function deletePlaylists($p_ids, $p_userId) public static function deletePlaylists($p_ids, $p_userId)
{ {
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId); $leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) { if (count($leftOver) == 0) {
CcPlaylistQuery::create()->findPKs($p_ids)->delete(); CcPlaylistQuery::create()->findPKs($p_ids)->delete();
} else { } else {
throw new PlaylistNoPermissionException; throw new PlaylistNoPermissionException;
} }
} else {
CcPlaylistQuery::create()->findPKs($p_ids)->delete();
}
} }
// This function returns that are not owen by $p_user_id among $p_ids // This function returns that are not owen by $p_user_id among $p_ids