|
@@ -35,7 +35,7 @@ switch($_['action']){
|
|
|
|
|
|
foreach($sketchs as $sketch){
|
|
|
|
|
|
- if(!$sketch->state && $sketch->creator != $myUser->login) continue;
|
|
|
+ if(!$sketch->state && $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) continue;
|
|
|
|
|
|
$row = $sketch->toArray();
|
|
|
$row['comment'] = truncate($row['comment'],65);
|
|
@@ -196,21 +196,7 @@ switch($_['action']){
|
|
|
break;
|
|
|
|
|
|
|
|
|
- //Sauvegarde des configurations de hackpoint
|
|
|
- case 'hackpoint_setting_save':
|
|
|
- Action::write(function(&$response){
|
|
|
- global $myUser,$_,$conf;
|
|
|
- if(!$myUser->can('hackpoint','configure')) throw new Exception("Permissions insuffisantes",403);
|
|
|
- foreach(Configuration::setting('hackpoint') as $key=>$value){
|
|
|
- if(!is_array($value)) continue;
|
|
|
- $allowed[] = $key;
|
|
|
- }
|
|
|
- foreach ($_['fields'] as $key => $value) {
|
|
|
- if(in_array($key, $allowed))
|
|
|
- $conf->put($key,$value);
|
|
|
- }
|
|
|
- });
|
|
|
- break;
|
|
|
+
|
|
|
|
|
|
/** RESOURCE **/
|
|
|
//Récuperation d'une liste de resource
|
|
@@ -221,7 +207,7 @@ switch($_['action']){
|
|
|
require_once(__DIR__.SLASH.'Sketch.class.php');
|
|
|
require_once(__DIR__.SLASH.'Resource.class.php');
|
|
|
$sketch = Sketch::provide('sketch');
|
|
|
- if(!$sketch->state && $sketch->creator != $myUser->login) throw new Exception("Sketch privé", 403);
|
|
|
+ if(!$sketch->state && $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Sketch privé", 403);
|
|
|
|
|
|
foreach(Resource::loadAll(array('sketch'=>$_['sketch']),array('sort')) as $resource){
|
|
|
$row = $resource->toArray();
|
|
@@ -240,7 +226,7 @@ switch($_['action']){
|
|
|
require_once(__DIR__.SLASH.'Resource.class.php');
|
|
|
$item = Resource::provide('id',1);
|
|
|
$sketch = $item->join('sketch');
|
|
|
- if(!$sketch->state && $sketch->creator != $myUser->login) throw new Exception("Sketch privé", 403);
|
|
|
+ if(!$sketch->state && $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Sketch privé", 403);
|
|
|
|
|
|
$response = $item->toHtml();
|
|
|
$response['resourceType'] = $item->type;
|
|
@@ -256,7 +242,7 @@ switch($_['action']){
|
|
|
$item = Resource::provide('id',1);
|
|
|
$sketch = $item->join('sketch');
|
|
|
|
|
|
- if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'edit')) throw new Exception("Permissions insuffisantes",403);
|
|
|
$item->content = $_['content'];
|
|
|
$item->save();
|
|
|
});
|
|
@@ -275,7 +261,7 @@ switch($_['action']){
|
|
|
if( !is_object($sketch) || $sketch->id==0){
|
|
|
$sketch = Sketch::getById($_['sketch']);
|
|
|
}
|
|
|
- if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'edit')) throw new Exception("Permissions insuffisantes",403);
|
|
|
|
|
|
if(!isset($_['type']) && $item->id!=0) $_['type'] = $item->type;
|
|
|
$type = ResourceType::types($_['type']);
|
|
@@ -325,30 +311,12 @@ switch($_['action']){
|
|
|
|
|
|
$item = Resource::getById($_['id'],1);
|
|
|
$sketch = $item->join('sketch');
|
|
|
- if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
|
|
|
+ if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'delete')) throw new Exception("Permissions insuffisantes",403);
|
|
|
Resource::deleteById($_['id']);
|
|
|
|
|
|
});
|
|
|
break;
|
|
|
|
|
|
-
|
|
|
- //Sauvegarde des configurations de hackpoint
|
|
|
- case 'hackpoint_setting_save':
|
|
|
- Action::write(function(&$response){
|
|
|
- global $myUser,$_,$conf;
|
|
|
- if(!$myUser->can('hackpoint','configure')) throw new Exception("Permissions insuffisantes",403);
|
|
|
- foreach(Configuration::setting('hackpoint') as $key=>$value){
|
|
|
- if(!is_array($value)) continue;
|
|
|
- $allowed[] = $key;
|
|
|
- }
|
|
|
- foreach ($_['fields'] as $key => $value) {
|
|
|
- if(in_array($key, $allowed))
|
|
|
- $conf->put($key,$value);
|
|
|
- }
|
|
|
- });
|
|
|
- break;
|
|
|
-
|
|
|
-
|
|
|
|
|
|
//Suppression document
|
|
|
case 'resource_delete_document':
|
|
@@ -393,11 +361,6 @@ switch($_['action']){
|
|
|
break;
|
|
|
|
|
|
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
//Download d'un fichier
|
|
|
case 'hackpoint_download_file':
|
|
|
Action::write(function(&$response){
|