CC-4095: Media Library -> Playlist: dj user can delete the playlist owned by

others on some situation. - fixed
2012-07-10 17:09:21 -04:00 · 2012-07-10 17:09:21 -04:00 · 39506740eb
commit 39506740eb
parent d90d83200e
3 changed files with 37 additions and 22 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -129,27 +129,11 @@ class LibraryController extends Zend_Controller_Action
            }
        }

-        $hasPermission = true;
-        if (count($playlists)) {
-            // make sure use has permission to delete all playslists in the list
-            if(!$isAdminOrPM){
-                foreach($playlists as $pid){
-                    $pl = new Application_Model_Playlist($pid);
-                    if($pl->getCreatorId() != $user->getId()){
-                        $hasPermission = false;
-                    }
-                }
-            }
-        }
-
-        if (!$isAdminOrPM && count($files)) {
-            $hasPermission = false;
-        }
-        if(!$hasPermission){
+        try{
+            Application_Model_Playlist::DeletePlaylists($playlists, $user->getId());
+        }catch (PlaylistNoPermissionException $e){
            $this->view->message = "You don't have a permission to delete all playlists/files that are selected.";
            return;
-        }else{
-            Application_Model_Playlist::DeletePlaylists($playlists);
        }

        foreach ($files as $id) {
--- a/airtime_mvc/application/controllers/PlaylistController.php
+++ b/airtime_mvc/application/controllers/PlaylistController.php
@ -96,6 +96,10 @@ class PlaylistController extends Zend_Controller_Action
        $this->changePlaylist(null);
        $this->createFullResponse(null);
    }
+    
+    private function playlistNoPermission(){
+        $this->view->error = "You don't have permission to deleted playlist(s)";
+    }

    private function playlistUnknownError($e)
    {
@ -197,6 +201,9 @@ class PlaylistController extends Zend_Controller_Action
        $ids = $this->_getParam('ids');
        $ids = (!is_array($ids)) ? array($ids) : $ids;
        $pl = null;
+        
+        $userInfo = Zend_Auth::getInstance()->getStorage()->read();
+        $user = new Application_Model_User($userInfo->id);

        try {

@ -210,9 +217,12 @@ class PlaylistController extends Zend_Controller_Action
                $pl = new Application_Model_Playlist($this->pl_sess->id);
            }

-            Application_Model_Playlist::DeletePlaylists($ids);
+            Application_Model_Playlist::DeletePlaylists($ids, $userInfo->id);
            $this->createFullResponse($pl);
        }
+        catch (PlaylistNoPermissionException $e){
+            $this->playlistNoPermission();
+        }
        catch (PlaylistNotFoundException $e) {
            $this->playlistNotFound();
        }