Changeset 3426

Show
Ignore:
Timestamp:
06/10/07 18:31:02 (19 months ago)
Author:
inureyes
Message:

#408

  • 글편집에 관한 부분을 acl을 사용하도록 수정
Location:
trunk
Files:
4 modified

Legend:

Unmodified
Added
Removed

  • trunk/blog/owner/entry/delete/index.php

    r3313 r3426  
    1313foreach(explode(',', $_POST['targets']) as $target) { 
    1414    // TeamBlog check 
    15     if(empty($pc)){ 
     15    if(!Acl::Check('group.blogwriters')){ 
    1616        $isPosting = DBQuery::queryCell("SELECT team FROM {$database['prefix']}TeamEntryRelations WHERE owner='$owner' and team='".$_SESSION['admin']."' and id='".$suri['id']."'" ); 
    1717        if(empty($isPosting)) { 

  • trunk/blog/owner/entry/edit/item.php

    r3313 r3426  
    3030} 
    3131 
    32  
    33 // 팀블로그 :: 현재 포스트를 내가 편집할 수 있는지 권한확인 
    34 if(empty($pc) && !empty($suri['id'])){ 
    35     $isPosting = DBQuery::queryCell("SELECT Team FROM {$database['prefix']}TeamEntryRelations WHERE Owner='$owner' and Team='$_SESSION[admin]' and Id='$suri[id]' " ); 
     32// Check whether or not user has permission to edit. 
     33if(Acl::Check('group.blogwriters')===false && !empty($suri['id'])){ 
     34    $isPosting = DBQuery::queryCell("SELECT team  
     35            FROM {$database['prefix']}TeamEntryRelations  
     36            WHERE owner = '".$owner."' 
     37                and team = '".$_SESSION['admin']."' 
     38                and id = '".$suri['id']); 
    3639    if(empty($isPosting)) { @header("location:".$blogURL ."/owner/entry"); exit; } 
    3740} 

  • trunk/blog/owner/entry/visibility/item.php

    r3313 r3426  
    1616 
    1717// TeamBlog ACL check whether or not current user can edit this post. 
    18 if(empty($pc) && !empty($suri['id'])){ 
    19     $isPosting = DBQuery::queryCell("SELECT team FROM {$database['prefix']}TeamEntryRelations WHERE owner='".$owner."' and team='".$_SESSION['admin']."' and id='".$suri['id']."'" ); 
     18if(Acl::Check('group.blogwriters') === false && !empty($suri['id'])){ 
     19    $isPosting = DBQuery::queryCell("SELECT team  
     20            FROM {$database['prefix']}TeamEntryRelations  
     21            WHERE owner='".$owner."'  
     22                and team='".$_SESSION['admin']."'  
     23                and id='".$suri['id']."'" ); 
    2024    if(empty($isPosting)) { 
    2125        exit; 

  • trunk/lib/pageACL.php

    r3313 r3426  
    2626        '/edit'); 
    2727 
    28     $pc = teamblogUser::PC();   // Teamblog moderator 
    29     $ac = teamblogUser::AC();   // Teamblog administrator 
     28    $pc = Acl::Check('group.blogwriters');  // Teamblog moderator 
     29    $ac = Acl::Check('group.administrators');   // Teamblog administrator 
    3030 
    3131    if(empty($ac) && !eregi('/owner/entry', $suri['directive'])){