gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-18 02:59:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check access rights in controller, not before

Browse Source
This commit is contained in:
Uwe Steinmann 2017-01-10 06:58:07 +01:00
parent 5584cedce3
commit b27b8ba7fd
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controllers/class.AddDocument.php
View File

@ -86,9 +86,11 @@ class SeedDMS_Controller_AddDocument extends SeedDMS_Controller_Common {
} }
/* Check if additional notification shall be added */ /* Check if additional notification shall be added */
foreach($notificationusers as $notuser) { foreach($notificationusers as $notuser) {
if($document->getAccessMode($user) >= M_READ)
$res = $document->addNotify($notuser->getID(), true); $res = $document->addNotify($notuser->getID(), true);
} }
foreach($notificationgroups as $notgroup) { foreach($notificationgroups as $notgroup) {
if($document->getGroupAccessMode($notgroup) >= M_READ)
$res = $document->addNotify($notgroup->getID(), false); $res = $document->addNotify($notgroup->getID(), false);
} }

2
op/op.AddDocument.php
View File

@ -299,7 +299,6 @@ if(!empty($_POST['notification_users'])) {
foreach($_POST['notification_users'] as $notuserid) { foreach($_POST['notification_users'] as $notuserid) {
$notuser = $dms->getUser($notuserid); $notuser = $dms->getUser($notuserid);
if($notuser) { if($notuser) {
if($document->getAccessMode($user) >= M_READ)
$notusers[] = $notuser; $notusers[] = $notuser;
} }
} }
@ -309,7 +308,6 @@ if(!empty($_POST['notification_groups'])) {
foreach($_POST['notification_groups'] as $notgroupid) { foreach($_POST['notification_groups'] as $notgroupid) {
$notgroup = $dms->getGroup($notgroupid); $notgroup = $dms->getGroup($notgroupid);
if($notgroup) { if($notgroup) {
if($document->getGroupAccessMode($notgroup) >= M_READ)
$notgroups[] = $notgroup; $notgroups[] = $notgroup;
} }
} }