gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-28 20:47:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add missing access check for FolderNotify

Browse Source
This commit is contained in:
Uwe Steinmann 2020-09-21 18:00:34 +02:00
parent 1de3bf1d41
commit 62cf4f3fba
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
views/bootstrap/class.Bootstrap.php
View File

@ -654,6 +654,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
if ($accessMode == M_ALL) { if ($accessMode == M_ALL) {
$menuitems['edit_folder_access'] = array('link'=>"../out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>'edit_folder_access'); $menuitems['edit_folder_access'] = array('link'=>"../out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>'edit_folder_access');
} }
if ($accessobject->check_view_access('FolderNotify'))
$menuitems['edit_existing_notify'] = array('link'=>"../out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>'edit_existing_notify'); $menuitems['edit_existing_notify'] = array('link'=>"../out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>'edit_existing_notify');
} }
if ($accessobject->check_view_access('Indexer') && $this->params['enablefullsearch']) { if ($accessobject->check_view_access('Indexer') && $this->params['enablefullsearch']) {
@ -682,7 +683,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
if ($accessMode >= M_READWRITE) { if ($accessMode >= M_READWRITE) {
if (!$document->isLocked()) { if (!$document->isLocked()) {
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document'); if($accessobject->check_controller_access('UpdateDocument'))
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document');
if($accessobject->check_controller_access('LockDocument')) if($accessobject->check_controller_access('LockDocument'))
$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid, 'label'=>'lock_document'); $menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid, 'label'=>'lock_document');
if($document->isCheckedOut()) if($document->isCheckedOut())
@ -692,13 +694,15 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document'); $menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document');
} }
} }
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid , 'label'=>'edit_document_props'); if($accessobject->check_controller_access('EditDocument'))
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid , 'label'=>'edit_document_props');
$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document'); $menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document');
} }
else { else {
$lockingUser = $document->getLockingUser(); $lockingUser = $document->getLockingUser();
if (($lockingUser->getID() == $this->params['user']->getID()) || ($document->getAccessMode($this->params['user']) == M_ALL)) { if (($lockingUser->getID() == $this->params['user']->getID()) || ($document->getAccessMode($this->params['user']) == M_ALL)) {
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document'); if($accessobject->check_controller_access('UpdateDocument'))
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document');
if($accessobject->check_controller_access('UnlockDocument')) if($accessobject->check_controller_access('UnlockDocument'))
$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid, 'label'=>'unlock_document'); $menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid, 'label'=>'unlock_document');
if($document->isCheckedOut()) { if($document->isCheckedOut()) {
@ -708,7 +712,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document'); $menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document');
} }
} }
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid, 'label'=>'edit_document_props'); if($accessobject->check_controller_access('EditDocument'))
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid, 'label'=>'edit_document_props');
$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document'); $menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document');
} }
} }
@ -2275,9 +2280,11 @@ $(function() {
* @return string html content if $return is true, otherwise an empty string * @return string html content if $return is true, otherwise an empty string
*/ */
function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */ function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */
$accessobject = $this->params['accessobject'];
$docid = $document->getID(); $docid = $document->getID();
$content = ''; $content = '';
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'"><i class="fa fa-remove"></i></a>'; if ($accessobject->check_view_access('RemoveDocument'))
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'"><i class="fa fa-remove"></i></a>';
if($return) if($return)
return $content; return $content;
else else
@ -2412,12 +2419,17 @@ $(function() {
} /* }}} */ } /* }}} */
function printLockButton($document, $msglock, $msgunlock, $return=false) { /* {{{ */ function printLockButton($document, $msglock, $msgunlock, $return=false) { /* {{{ */
$accessobject = $this->params['accessobject'];
$docid = $document->getID(); $docid = $document->getID();
if($document->isLocked()) { if($document->isLocked()) {
if(!$accessobject->check_controller_access('UnlockDocument'))
return '';
$icon = 'unlock'; $icon = 'unlock';
$msg = $msgunlock; $msg = $msgunlock;
$title = 'unlock_document'; $title = 'unlock_document';
} else { } else {
if(!$accessobject->check_controller_access('LockDocument'))
return '';
$icon = 'lock'; $icon = 'lock';
$msg = $msglock; $msg = $msglock;
$title = 'lock_document'; $title = 'lock_document';