CC-5981: Admin users can't delete webstreams created by other users

This commit is contained in:
drigato 2015-01-21 11:31:28 -05:00
parent 6ac5a2950f
commit 62f2a0babf
1 changed files with 12 additions and 4 deletions

View File

@ -88,11 +88,19 @@ class Application_Model_Webstream implements Application_Model_LibraryEditable
public static function deleteStreams($p_ids, $p_userId)
{
$leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) {
CcWebstreamQuery::create()->findPKs($p_ids)->delete();
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) {
CcWebstreamQuery::create()->findPKs($p_ids)->delete();
} else {
throw new WebstreamNoPermissionException;
}
} else {
throw new WebstreamNoPermissionException;
CcWebstreamQuery::create()->findPKs($p_ids)->delete();
}
}