gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-11-27 10:00:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

require unrestricted access on document/folder for deletion by rest api

Browse Source
This commit is contained in:
Uwe Steinmann 2025-10-13 11:08:51 +02:00
parent 8043388109
commit 9df13922e9
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -6,6 +6,7 @@
- initial support for installation from git - initial support for installation from git
- memcached support can be configured (still rarely used) - memcached support can be configured (still rarely used)
- fix folder parameter passed to hook 'folderRowAction' - fix folder parameter passed to hook 'folderRowAction'
- require unrestricted access on document/folder for deletion by rest api
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.41 Changes in version 5.1.41

4
restapi/index.php
View File

@ -636,7 +636,7 @@ final class SeedDMS_RestapiController { /* {{{ */
} }
$mfolder = $dms->getFolder($args['id']); $mfolder = $dms->getFolder($args['id']);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) { if ($mfolder->getAccessMode($userobj, 'removeFolder') > M_READWRITE) {
if($mfolder->remove()) { if($mfolder->remove()) {
return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200); return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200);
} else { } else {
@ -1214,7 +1214,7 @@ final class SeedDMS_RestapiController { /* {{{ */
$document = $dms->getDocument($args['id']); $document = $dms->getDocument($args['id']);
if($document) { if($document) {
if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) { if ($document->getAccessMode($userobj, 'deleteDocument') > M_READWRITE) {
if($document->remove()) { if($document->remove()) {
return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200); return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200);
} else { } else {