add advanced access control for folder, do not show delete doc/folder button without access

2025-02-06 07:04:57 +00:00 · 2021-02-24 10:23:51 +01:00 · 2021-02-24 10:23:51 +01:00 · 8e78a217fc
commit 8e78a217fc
parent 826a6ae109
1 changed files with 16 additions and 12 deletions
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@ -651,7 +651,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);;

 			if ($accessMode == M_ALL) {
 				if ($folderID != $this->params['rootfolderid'] && $folder->getParent())
-					$menuitems['rm_folder'] = array('link'=>"../out/out.RemoveFolder.php?folderid=". $folderID ."&showtree=".showtree(), 'label'=>'rm_folder');
+					if ($accessobject->check_view_access('RemoveFolder'))
+						$menuitems['rm_folder'] = array('link'=>"../out/out.RemoveFolder.php?folderid=". $folderID ."&showtree=".showtree(), 'label'=>'rm_folder');
 			}
 			if ($accessMode == M_ALL) {
 				if ($accessobject->check_view_access('FolderAccess'))
@ -2324,11 +2325,9 @@ $(function() {
 	 * @return string html content if $return is true, otherwise an empty string
 	 */
 	function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */
-		$accessobject = $this->params['accessobject'];
 		$docid = $document->getID();
 		$content = '';
-		if ($accessobject->check_view_access('RemoveDocument'))
-			$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'"><i class="fa fa-remove"></i></a>';
+		$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'"><i class="fa fa-remove"></i></a>';
 		if($return)
 			return $content;
 		else
@ -2939,10 +2938,12 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 			$content .= "<div class=\"list-action\">";
 			if(!empty($extracontent['begin_action_list']))
 				$content .= $extracontent['begin_action_list'];
-			if($document->getAccessMode($user) >= M_ALL) {
-				$content .= $this->printDeleteDocumentButton($document, 'splash_rm_document', true);
-			} else {
-				$content .= '<span style="padding: 2px; color: #CCC;"><i class="fa fa-remove"></i></span>';
+			if($accessop->check_view_access('RemoveDocument')) {
+				if($document->getAccessMode($user) >= M_ALL) {
+					$content .= $this->printDeleteDocumentButton($document, 'splash_rm_document', true);
+				} else {
+					$content .= '<span style="padding: 2px; color: #CCC;"><i class="fa fa-remove"></i></span>';
+				}
 			}
 			if($document->getAccessMode($user) >= M_READWRITE) {
 				$content .= '<a href="../out/out.EditDocument.php?documentid='.$docID.'" title="'.getMLText("edit_document_props").'"><i class="fa fa-edit"></i></a>';
@ -3018,6 +3019,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 		$enableRecursiveCount = $this->params['enableRecursiveCount'];
 		$maxRecursiveCount = $this->params['maxRecursiveCount'];
 		$enableClipboard = $this->params['enableclipboard'];
+		$accessop = $this->params['accessobject'];
 		$onepage = $this->params['onepage'];

 		$owner = $subFolder->getOwner();
@ -3074,10 +3076,12 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 		if(!empty($extracontent['begin_action_list']))
 			$content .= $extracontent['begin_action_list'];
 		$subFolderAccessMode = $subFolder->getAccessMode($user);
-		if($subFolderAccessMode >= M_ALL) {
-			$content .= $this->printDeleteFolderButton($subFolder, 'splash_rm_folder', true);
-		} else {
-			$content .= '<span style="padding: 2px; color: #CCC;"><i class="fa fa-remove"></i></span>';
+		if ($accessop->check_view_access('RemoveFolder')) {
+			if($subFolderAccessMode >= M_ALL) {
+				$content .= $this->printDeleteFolderButton($subFolder, 'splash_rm_folder', true);
+			} else {
+				$content .= '<span style="padding: 2px; color: #CCC;"><i class="fa fa-remove"></i></span>';
+			}
 		}
 		if($subFolderAccessMode >= M_READWRITE) {
 			$content .= '<a class_="btn btn-mini" href="../out/out.EditFolder.php?folderid='.$subFolder->getID().'" title="'.getMLText("edit_folder_props").'"><i class="fa fa-edit"></i></a>';