Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-6105: DJs can edit playlists, smartblocks, and webstreams they do not own

Browse source
This commit is contained in:
drigato 2015-08-28 17:46:03 -04:00
parent 13f62cc118
commit b312189a7b
3 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
airtime_mvc/application/controllers/PlaylistController.php
View file

@ -74,6 +74,16 @@ class PlaylistController extends Zend_Controller_Action
private function createFullResponse($obj = null, $isJson = false,
$formIsValid = false)
{
$user = Application_Model_User::getCurrentUser();
$isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $obj->getCreatorId() != $user->getId()) {
$this->view->objType = $obj instanceof Application_Model_Block ? "block" : "playlist";
$this->view->obj = $obj;
$this->view->html = $this->view->render('playlist/permission-denied.phtml');
return;
}
$isBlock = false;
$viewPath = 'playlist/playlist.phtml';
if ($obj instanceof Application_Model_Block) {

15
airtime_mvc/application/controllers/WebstreamController.php
View file

@ -55,7 +55,20 @@ class WebstreamController extends Zend_Controller_Action
if ($webstream) {
Application_Model_Library::changePlaylist($id, "stream");
}
$this->view->obj = new Application_Model_Webstream($webstream);
$obj = new Application_Model_Webstream($webstream);
$user = Application_Model_User::getCurrentUser();
$isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $webstream->getDbCreatorId() != $user->getId()) {
$this->view->objType = "webstream";
$this->view->obj = $obj;
$this->view->html = $this->view->render('playlist/permission-denied.phtml');
return;
}
$this->view->obj = $obj;
$this->view->action = "edit";
$this->view->html = $this->view->render('webstream/webstream.phtml');
}