Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5981: Admin users can't delete webstreams created by other users

This commit is contained in:
drigato 2015-01-21 11:31:28 -05:00
parent 6ac5a2950f
commit 62f2a0babf
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
airtime_mvc/application/models/Webstream.php
View File

@ -88,11 +88,19 @@ class Application_Model_Webstream implements Application_Model_LibraryEditable
public static function deleteStreams($p_ids, $p_userId) public static function deleteStreams($p_ids, $p_userId)
{ {
$leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId); $userInfo = Zend_Auth::getInstance()->getStorage()->read();
if (count($leftOver) == 0) { $user = new Application_Model_User($userInfo->id);
CcWebstreamQuery::create()->findPKs($p_ids)->delete(); $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM) {
$leftOver = self::streamsNotOwnedByUser($p_ids, $p_userId);
if (count($leftOver) == 0) {
CcWebstreamQuery::create()->findPKs($p_ids)->delete();
} else {
throw new WebstreamNoPermissionException;
}
} else { } else {
throw new WebstreamNoPermissionException; CcWebstreamQuery::create()->findPKs($p_ids)->delete();
} }
} }