Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-4257: Smart Block: Admin cannot delete DJ user's block 

-fixed
This commit is contained in:
denise 2012-08-21 15:42:44 -04:00
parent f52cb81c64
commit 2cdaa186e3
3 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
airtime_mvc/application/controllers/PlaylistController.php
View File

@ -140,6 +140,8 @@ class PlaylistController extends Zend_Controller_Action
private function playlistNoPermission($p_type) private function playlistNoPermission($p_type)
{ {
$this->view->error = "You don't have permission to delete selected {$p_type}(s)."; $this->view->error = "You don't have permission to delete selected {$p_type}(s).";
$this->changePlaylist(null, $p_type);
$this->createFullResponse(null);
} }
private function playlistUnknownError($e) private function playlistUnknownError($e)
@ -294,6 +296,8 @@ class PlaylistController extends Zend_Controller_Action
$this->createFullResponse($obj); $this->createFullResponse($obj);
} catch (PlaylistNoPermissionException $e) { } catch (PlaylistNoPermissionException $e) {
$this->playlistNoPermission($type); $this->playlistNoPermission($type);
} catch (BlockNoPermissionException $e) {
$this->playlistNoPermission($type);
} catch (PlaylistNotFoundException $e) { } catch (PlaylistNotFoundException $e) {
$this->playlistNotFound($type); $this->playlistNotFound($type);
} catch (Exception $e) { } catch (Exception $e) {

17
airtime_mvc/application/models/Block.php
View File

@ -875,11 +875,20 @@ EOT;
*/ */
public static function deleteBlocks($p_ids, $p_userId) public static function deleteBlocks($p_ids, $p_userId)
{ {
$leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId); $userInfo = Zend_Auth::getInstance()->getStorage()->read();
if (count($leftOver) == 0) { $user = new Application_Model_User($userInfo->id);
CcBlockQuery::create()->findPKs($p_ids)->delete(); $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) {
CcBlockQuery::create()->findPKs($p_ids)->delete();
} else {
throw new BlockNoPermissionException;
}
} else { } else {
throw new BlockNoPermissionException; CcBlockQuery::create()->findPKs($p_ids)->delete();
} }
} }

16
airtime_mvc/application/models/Playlist.php
View File

@ -874,11 +874,19 @@ SQL;
*/ */
public static function deletePlaylists($p_ids, $p_userId) public static function deletePlaylists($p_ids, $p_userId)
{ {
$leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId); $userInfo = Zend_Auth::getInstance()->getStorage()->read();
if (count($leftOver) == 0) { $user = new Application_Model_User($userInfo->id);
CcPlaylistQuery::create()->findPKs($p_ids)->delete(); $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) {
CcPlaylistQuery::create()->findPKs($p_ids)->delete();
} else {
throw new PlaylistNoPermissionException;
}
} else { } else {
throw new PlaylistNoPermissionException; CcPlaylistQuery::create()->findPKs($p_ids)->delete();
} }
} }