CC-4095: Media Library -> Playlist: dj user can delete the playlist owned by
others on some situation. - fixed
This commit is contained in:
James
parent
d90d83200e
commit
39506740eb
3 changed files with 37 additions and 22 deletions
|
|
@ -129,27 +129,11 @@ class LibraryController extends Zend_Controller_Action
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$hasPermission = true;
|
try{
|
||||||
if (count($playlists)) {
|
Application_Model_Playlist::DeletePlaylists($playlists, $user->getId());
|
||||||
// make sure use has permission to delete all playslists in the list
|
}catch (PlaylistNoPermissionException $e){
|
||||||
if(!$isAdminOrPM){
|
|
||||||
foreach($playlists as $pid){
|
|
||||||
$pl = new Application_Model_Playlist($pid);
|
|
||||||
if($pl->getCreatorId() != $user->getId()){
|
|
||||||
$hasPermission = false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$isAdminOrPM && count($files)) {
|
|
||||||
$hasPermission = false;
|
|
||||||
}
|
|
||||||
if(!$hasPermission){
|
|
||||||
$this->view->message = "You don't have a permission to delete all playlists/files that are selected.";
|
$this->view->message = "You don't have a permission to delete all playlists/files that are selected.";
|
||||||
return;
|
return;
|
||||||
}else{
|
|
||||||
Application_Model_Playlist::DeletePlaylists($playlists);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($files as $id) {
|
foreach ($files as $id) {
|
||||||
|
|
|
||||||
|
|
@ -97,6 +97,10 @@ class PlaylistController extends Zend_Controller_Action
|
||||||
$this->createFullResponse(null);
|
$this->createFullResponse(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function playlistNoPermission(){
|
||||||
|
$this->view->error = "You don't have permission to deleted playlist(s)";
|
||||||
|
}
|
||||||
|
|
||||||
private function playlistUnknownError($e)
|
private function playlistUnknownError($e)
|
||||||
{
|
{
|
||||||
$this->view->error = "Something went wrong.";
|
$this->view->error = "Something went wrong.";
|
||||||
|
|
@ -198,6 +202,9 @@ class PlaylistController extends Zend_Controller_Action
|
||||||
$ids = (!is_array($ids)) ? array($ids) : $ids;
|
$ids = (!is_array($ids)) ? array($ids) : $ids;
|
||||||
$pl = null;
|
$pl = null;
|
||||||
|
|
||||||
|
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
|
||||||
|
$user = new Application_Model_User($userInfo->id);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
Logging::log("Currently active playlist {$this->pl_sess->id}");
|
Logging::log("Currently active playlist {$this->pl_sess->id}");
|
||||||
|
|
@ -210,9 +217,12 @@ class PlaylistController extends Zend_Controller_Action
|
||||||
$pl = new Application_Model_Playlist($this->pl_sess->id);
|
$pl = new Application_Model_Playlist($this->pl_sess->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
Application_Model_Playlist::DeletePlaylists($ids);
|
Application_Model_Playlist::DeletePlaylists($ids, $userInfo->id);
|
||||||
$this->createFullResponse($pl);
|
$this->createFullResponse($pl);
|
||||||
}
|
}
|
||||||
|
catch (PlaylistNoPermissionException $e){
|
||||||
|
$this->playlistNoPermission();
|
||||||
|
}
|
||||||
catch (PlaylistNotFoundException $e) {
|
catch (PlaylistNotFoundException $e) {
|
||||||
$this->playlistNotFound();
|
$this->playlistNotFound();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -802,12 +802,33 @@ class Application_Model_Playlist {
|
||||||
* Delete playlists that match the ids..
|
* Delete playlists that match the ids..
|
||||||
* @param array $p_ids
|
* @param array $p_ids
|
||||||
*/
|
*/
|
||||||
public static function DeletePlaylists($p_ids)
|
public static function DeletePlaylists($p_ids, $p_userId)
|
||||||
{
|
{
|
||||||
|
$leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId);
|
||||||
|
if(count($leftOver) == 0){
|
||||||
CcPlaylistQuery::create()->findPKs($p_ids)->delete();
|
CcPlaylistQuery::create()->findPKs($p_ids)->delete();
|
||||||
|
}else{
|
||||||
|
throw new PlaylistNoPermissionException;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// This function returns that are not owen by $p_user_id among $p_ids
|
||||||
|
private static function playlistsNotOwnedByUser($p_ids, $p_userId){
|
||||||
|
$ownedByUser = CcPlaylistQuery::create()->filterByDbCreatorId($p_userId)->find()->getData();
|
||||||
|
$selectedPls = $p_ids;
|
||||||
|
$ownedPls = array();
|
||||||
|
foreach($ownedByUser as $pl){
|
||||||
|
if( in_array($pl->getDbId(), $selectedPls) ){
|
||||||
|
$ownedPls[] = $pl->getDbId();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$leftOvers = array_diff($selectedPls, $ownedPls);
|
||||||
|
return $leftOvers;
|
||||||
}
|
}
|
||||||
|
|
||||||
} // class Playlist
|
} // class Playlist
|
||||||
|
|
||||||
class PlaylistNotFoundException extends Exception {}
|
class PlaylistNotFoundException extends Exception {}
|
||||||
|
class PlaylistNoPermissionException extends Exception {}
|
||||||
class PlaylistOutDatedException extends Exception {}
|
class PlaylistOutDatedException extends Exception {}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue