Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5981: Admin users can't delete webstreams created by other users

This commit is contained in:
drigato 2015-01-21 11:31:28 -05:00
parent 6ac5a2950f
commit 62f2a0babf
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
airtime_mvc/application/models/Webstream.php
View File

@ -88,12 +88,20 @@ class Application_Model_Webstream implements Application_Model_LibraryEditable
public static function deleteStreams($p_ids, $p_userId) public static function deleteStreams($p_ids, $p_userId)
{ {
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId); $leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) { if (count($leftOver) == 0) {
CcWebstreamQuery::create()->findPKs($p_ids)->delete(); CcWebstreamQuery::create()->findPKs($p_ids)->delete();
} else { } else {
throw new WebstreamNoPermissionException; throw new WebstreamNoPermissionException;
} }
} else {
CcWebstreamQuery::create()->findPKs($p_ids)->delete();
}
} }
// This function returns that are not owen by $p_user_id among $p_ids // This function returns that are not owen by $p_user_id among $p_ids