Commit 3ba7af44 authored by lphuberdeau's avatar lphuberdeau

[FIX] Review of permission deployment revealed a few mistakes and omissions

parent 1e635fc2
......@@ -55,23 +55,7 @@ $smarty->assign('subscribed', 'n');
$foo = parse_url($_SERVER["REQUEST_URI"]);
$smarty->assign('url_subscribe', $tikilib->httpPrefix() . $foo["path"]);
if (isset($_REQUEST["nlId"])) {
$smarty->assign('individual', 'n');
if ($userlib->object_has_one_permission($_REQUEST["nlId"], 'newsletter')) {
$smarty->assign('individual', 'y');
if ($tiki_p_admin != 'y') {
$perms = $userlib->get_permissions(0, -1, 'permName_desc', '', 'newsletters');
foreach($perms["data"] as $perm) {
$permName = $perm["permName"];
if ($userlib->object_has_permission($user, $_REQUEST["nlId"], 'newsletter', $permName)) {
$$permName = 'y';
$smarty->assign("$permName", 'y');
} else {
$$permName = 'n';
$smarty->assign("$permName", 'n');
}
}
}
}
$tikilib->get_perm_object($_REQUEST["nlId"], 'newsletter');
}
if ($user) {
$user_email = $userlib->get_user_email($user);
......
......@@ -34,23 +34,8 @@ if ($prefs['feature_quizzes'] != 'y') {
if (!isset($_REQUEST["quizId"])) {
$_REQUEST["quizId"] = 0;
}
$smarty->assign('individual', 'n');
if ($userlib->object_has_one_permission($_REQUEST["quizId"], 'quiz')) {
$smarty->assign('individual', 'y');
if ($tiki_p_admin != 'y') {
$perms = $userlib->get_permissions(0, -1, 'permName_desc', '', 'quizzes');
foreach($perms["data"] as $perm) {
$permName = $perm["permName"];
if ($userlib->object_has_permission($user, $_REQUEST["quizId"], 'quiz', $permName)) {
$$permName = 'y';
$smarty->assign("$permName", 'y');
} else {
$$permName = 'n';
$smarty->assign("$permName", 'n');
}
}
}
}
$tikilib->get_perm_object($_REQUEST["quizId"], 'quiz');
if ($tiki_p_admin_quizzes != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You don't have permission to edit quizzes."));
......
......@@ -31,24 +31,7 @@ unset($data);
if (isset($_REQUEST["upload"])) {
check_ticket('upload-image');
// Check here if it is an upload or an URL
$smarty->assign('individual', 'n');
if ($userlib->object_has_one_permission($_REQUEST["galleryId"], 'image gallery')) {
$smarty->assign('individual', 'y');
if ($tiki_p_admin != 'y') {
// Now get all the permissions that are set for this type of permissions 'image gallery'
$perms = $userlib->get_permissions(0, -1, 'permName_desc', '', 'image galleries');
foreach($perms["data"] as $perm) {
$permName = $perm["permName"];
if ($userlib->object_has_permission($user, $_REQUEST["galleryId"], 'image gallery', $permName)) {
$$permName = 'y';
$smarty->assign("$permName", 'y');
} else {
$$permName = 'n';
$smarty->assign("$permName", 'n');
}
}
}
}
$tikilib->get_perm_object($_REQUEST["galleryId"], 'image gallery');
if ($tiki_p_admin_galleries == 'y') {
$tiki_p_view_image_gallery = 'y';
$tiki_p_upload_images = 'y';
......
......@@ -25,8 +25,7 @@ if (!$trackerId) {
die;
}
$smarty->assign('trackerId', $trackerId);
$smarty->assign('individual', 'n');
$tikilib->object_has_one_permission($trackerId, 'tracker');
$tikilib->get_perm_object($trackerId, 'tracker');
if ($tiki_p_view_trackers != 'y') {
$smarty->assign('errortype', 401);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment