|
@@ -28,7 +28,7 @@ switch($_['action']){
|
|
|
|
|
|
$item = Resource::provide('resource',1);
|
|
|
$sketch = $item->join('sketch');
|
|
|
- if(!$sketch->state && $sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if(!$sketch->state && $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Permissions insuffisantes",403);
|
|
|
|
|
|
foreach(ResourcePart::loadAll(array('resource'=>$_['resource']), null, null, array('*'),1) as $resourcepart){
|
|
|
$part = $resourcepart->join('part');
|
|
@@ -54,7 +54,7 @@ switch($_['action']){
|
|
|
if(isset($_['resource'])){
|
|
|
$item = Resource::provide('resource',1);
|
|
|
$sketch = $item->join('sketch');
|
|
|
- if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'edit') ) throw new Exception("Permissions insuffisantes",403);
|
|
|
}
|
|
|
|
|
|
$part = Part::provide('part');
|
|
@@ -97,7 +97,7 @@ switch($_['action']){
|
|
|
$resourcePart = ResourcePart::getById($_['id'],2);
|
|
|
$resource = $resourcePart->join('resource');
|
|
|
$sketch = $resource->join('sketch');
|
|
|
- if($sketch->creator!=$myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if($sketch->creator!=$myUser->login && !$myUser->can('hackpoint',$sketch->id,'delete')) throw new Exception("Permissions insuffisantes",403);
|
|
|
ResourcePart::deleteById($_['id']);
|
|
|
|
|
|
});
|