Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-6105: DJs can edit playlists, smartblocks, and webstreams they do not own

This commit is contained in:
drigato 2015-08-28 17:46:03 -04:00
parent 13f62cc118
commit b312189a7b
3 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
airtime_mvc/application/controllers/PlaylistController.php
View File

@ -74,6 +74,16 @@ class PlaylistController extends Zend_Controller_Action
private function createFullResponse($obj = null, $isJson = false, private function createFullResponse($obj = null, $isJson = false,
$formIsValid = false) $formIsValid = false)
{ {
$user = Application_Model_User::getCurrentUser();
$isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $obj->getCreatorId() != $user->getId()) {
$this->view->objType = $obj instanceof Application_Model_Block ? "block" : "playlist";
$this->view->obj = $obj;
$this->view->html = $this->view->render('playlist/permission-denied.phtml');
return;
}
$isBlock = false; $isBlock = false;
$viewPath = 'playlist/playlist.phtml'; $viewPath = 'playlist/playlist.phtml';
if ($obj instanceof Application_Model_Block) { if ($obj instanceof Application_Model_Block) {

15
airtime_mvc/application/controllers/WebstreamController.php
View File

@ -55,7 +55,20 @@ class WebstreamController extends Zend_Controller_Action
if ($webstream) { if ($webstream) {
Application_Model_Library::changePlaylist($id, "stream"); Application_Model_Library::changePlaylist($id, "stream");
} }
$this->view->obj = new Application_Model_Webstream($webstream);
$obj = new Application_Model_Webstream($webstream);
$user = Application_Model_User::getCurrentUser();
$isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $webstream->getDbCreatorId() != $user->getId()) {
$this->view->objType = "webstream";
$this->view->obj = $obj;
$this->view->html = $this->view->render('playlist/permission-denied.phtml');
return;
}
$this->view->obj = $obj;
$this->view->action = "edit"; $this->view->action = "edit";
$this->view->html = $this->view->render('webstream/webstream.phtml'); $this->view->html = $this->view->render('webstream/webstream.phtml');
} }

5
airtime_mvc/application/views/scripts/playlist/permission-denied.phtml Normal file
View File

@ -0,0 +1,5 @@
<?php if ($this->objType == "block") { $displayText = "smart block"; } else { $displayText = $this->escape($this->objType); } ?>
<h3>You do not have permission to edit this <?php echo $displayText; ?>.</h3>
<input class="obj_id" type="hidden" value="<?php echo $this->obj->getId(); ?>"/>
<input class='obj_type' type='hidden' value="<?php echo $this->escape($this->objType); ?>"/>
<input type="hidden" class="playlist_name_display" contenteditable="true" value="<?php echo $this->escape($this->obj->getName()); ?>">