From 2cdaa186e32f879dc4bac1870e3d514c4951025b Mon Sep 17 00:00:00 2001 From: denise Date: Tue, 21 Aug 2012 15:42:44 -0400 Subject: [PATCH] CC-4257: Smart Block: Admin cannot delete DJ user's block -fixed --- .../controllers/PlaylistController.php | 4 ++++ airtime_mvc/application/models/Block.php | 17 +++++++++++++---- airtime_mvc/application/models/Playlist.php | 16 ++++++++++++---- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/airtime_mvc/application/controllers/PlaylistController.php b/airtime_mvc/application/controllers/PlaylistController.php index 28ea6b5f6..2a069d5af 100644 --- a/airtime_mvc/application/controllers/PlaylistController.php +++ b/airtime_mvc/application/controllers/PlaylistController.php @@ -140,6 +140,8 @@ class PlaylistController extends Zend_Controller_Action private function playlistNoPermission($p_type) { $this->view->error = "You don't have permission to delete selected {$p_type}(s)."; + $this->changePlaylist(null, $p_type); + $this->createFullResponse(null); } private function playlistUnknownError($e) @@ -294,6 +296,8 @@ class PlaylistController extends Zend_Controller_Action $this->createFullResponse($obj); } catch (PlaylistNoPermissionException $e) { $this->playlistNoPermission($type); + } catch (BlockNoPermissionException $e) { + $this->playlistNoPermission($type); } catch (PlaylistNotFoundException $e) { $this->playlistNotFound($type); } catch (Exception $e) { diff --git a/airtime_mvc/application/models/Block.php b/airtime_mvc/application/models/Block.php index 28991a0eb..2fc580892 100644 --- a/airtime_mvc/application/models/Block.php +++ b/airtime_mvc/application/models/Block.php @@ -875,11 +875,20 @@ EOT; */ public static function deleteBlocks($p_ids, $p_userId) { - $leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId); - if (count($leftOver) == 0) { - CcBlockQuery::create()->findPKs($p_ids)->delete(); + $userInfo = Zend_Auth::getInstance()->getStorage()->read(); + $user = new Application_Model_User($userInfo->id); + $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER)); + + if (!$isAdminOrPM) { + $leftOver = self::blocksNotOwnedByUser($p_ids, $p_userId); + + if (count($leftOver) == 0) { + CcBlockQuery::create()->findPKs($p_ids)->delete(); + } else { + throw new BlockNoPermissionException; + } } else { - throw new BlockNoPermissionException; + CcBlockQuery::create()->findPKs($p_ids)->delete(); } } diff --git a/airtime_mvc/application/models/Playlist.php b/airtime_mvc/application/models/Playlist.php index 82bfb4eb3..fee5211a2 100644 --- a/airtime_mvc/application/models/Playlist.php +++ b/airtime_mvc/application/models/Playlist.php @@ -874,11 +874,19 @@ SQL; */ public static function deletePlaylists($p_ids, $p_userId) { - $leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId); - if (count($leftOver) == 0) { - CcPlaylistQuery::create()->findPKs($p_ids)->delete(); + $userInfo = Zend_Auth::getInstance()->getStorage()->read(); + $user = new Application_Model_User($userInfo->id); + $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER)); + + if (!$isAdminOrPM) { + $leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId); + if (count($leftOver) == 0) { + CcPlaylistQuery::create()->findPKs($p_ids)->delete(); + } else { + throw new PlaylistNoPermissionException; + } } else { - throw new PlaylistNoPermissionException; + CcPlaylistQuery::create()->findPKs($p_ids)->delete(); } }