CC-6106: Permission problems with bulk and single edit in the Dashboard

2015-08-28 13:40:38 -04:00 · 2015-08-28 13:40:38 -04:00 · 6811646aaa
parent f36ff944c2
commit 6811646aaa
3 changed files with 27 additions and 6 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -434,14 +434,17 @@ class LibraryController extends Zend_Controller_Action
        $file_id = $this->_getParam('id', null);
        $file = Application_Model_StoredFile::RecallById($file_id);

-        if (!$isAdminOrPM && $file->getFileOwnerId() != $user->getId()) {
-            return;
-        }
-
        $form = new Application_Form_EditAudioMD();
        $form->startForm($file_id);
        $form->populate($file->getDbColMetadata());

+        $this->view->permissionDenied = false;
+        if (!$isAdminOrPM && $file->getFileOwnerId() != $user->getId()) {
+            $form->makeReadOnly();
+            $form->removeActionButtons();
+            $this->view->permissionDenied = true;
+        }
+
        if ($request->isPost()) {

            $js = $this->_getParam('data');
@ -460,7 +463,6 @@ class LibraryController extends Zend_Controller_Action
        }

        $this->view->form = $form;
-        Logging::info($this->view->form);
        $this->view->id = $file_id;
        $this->view->title = $file->getPropelOrm()->getDbTrackTitle();
        $this->view->type = "md";
--- a/airtime_mvc/application/forms/EditAudioMD.php
+++ b/airtime_mvc/application/forms/EditAudioMD.php
@ -197,4 +197,17 @@ class Application_Form_EditAudioMD extends Zend_Form
        ));
    }

+    public function makeReadOnly()
+    {
+        foreach ($this as $element) {
+            $element->setAttrib('readonly', 'readonly');
+        }
+    }
+
+    public function removeActionButtons()
+    {
+        $this->removeElement('editmdsave');
+        $this->removeElement('editmdcancel');
+    }
+
 }
--- a/airtime_mvc/application/views/scripts/library/edit-file-md.phtml
+++ b/airtime_mvc/application/views/scripts/library/edit-file-md.phtml
@ -1,6 +1,12 @@
 <div class="ui-widget ui-widget-content block-shadow simple-formblock clearfix padded-strong" id="edit-md-dialog">
    <div class="inner_editor_title">
-        <H2><?php echo(_("Editing "));?>"<span class="title_obj_name"><?php echo($this->title); ?></span>"</H2>
+        <?php if ($this->permissionDenied) { ?> <h3>You do not have permission to edit this track.</h3> <?php } ?>
+        <H2><?php
+            if ($this->permissionDenied) {
+                echo(_("Viewing "));
+            } else {
+                echo(_("Editing "));
+            }?>"<span class="title_obj_name"><?php echo($this->title); ?></span>"</H2>
    </div>
    <?php echo $this->form; ?>
 </div>