Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
f0a03781
Commit
f0a03781
authored
Jun 26, 2008
by
Richard Mansfield
Browse files
Permission checking for moving/deleting group artefacts
parent
dc4f8c97
Changes
4
Hide whitespace changes
Inline
Side-by-side
htdocs/artefact/file/delete.json.php
View file @
f0a03781
...
...
@@ -36,10 +36,11 @@ $fileid = param_integer('id');
require_once
(
get_config
(
'docroot'
)
.
'artefact/lib.php'
);
$artefact
=
artefact_instance_from_id
(
$fileid
);
if
(
!
$USER
->
can_edit_artefact
(
$artefact
))
{
json_reply
(
'local'
,
get_string
(
'nodeletepermission'
,
'mahara'
));
}
$artefact
->
delete
();
global
$USER
;
json_reply
(
false
,
array
(
'message'
=>
get_string
(
'filethingdeleted'
,
'artefact.file'
,
get_string
(
$artefact
->
get
(
'artefacttype'
),
'artefact.file'
)),
...
...
htdocs/artefact/file/move.json.php
View file @
f0a03781
...
...
@@ -37,10 +37,7 @@ $newparentid = param_integer('newparent'); // Folder to move it to
require_once
(
get_config
(
'docroot'
)
.
'artefact/lib.php'
);
$artefact
=
artefact_instance_from_id
(
$artefactid
);
global
$USER
;
$userid
=
$USER
->
get
(
'id'
);
if
(
$userid
!=
$artefact
->
get
(
'owner'
)
&&
!
$USER
->
can_edit_institution
(
$artefact
->
get
(
'institution'
)))
{
if
(
!
$USER
->
can_edit_artefact
(
$artefact
))
{
json_reply
(
true
,
get_string
(
'movefailednotowner'
,
'artefact.file'
));
}
if
(
!
in_array
(
$artefact
->
get
(
'artefacttype'
),
PluginArtefactFile
::
get_artefact_types
()))
{
...
...
@@ -55,7 +52,11 @@ if ($newparentid > 0) {
json_reply
(
false
,
get_string
(
'filealreadyindestination'
,
'artefact.file'
));
}
$newparent
=
artefact_instance_from_id
(
$newparentid
);
if
(
$userid
!=
$newparent
->
get
(
'owner'
)
&&
!
$USER
->
can_edit_institution
(
$newparent
->
get
(
'institution'
)))
{
if
(
!
$USER
->
can_edit_artefact
(
$newparent
))
{
json_reply
(
true
,
get_string
(
'movefailednotowner'
,
'artefact.file'
));
}
$group
=
$artefact
->
get
(
'group'
);
if
(
$group
&&
$group
!==
$newparent
->
get
(
'group'
))
{
json_reply
(
true
,
get_string
(
'movefailednotowner'
,
'artefact.file'
));
}
if
(
$newparent
->
get
(
'artefacttype'
)
!=
'folder'
)
{
...
...
htdocs/artefact/lib.php
View file @
f0a03781
...
...
@@ -403,6 +403,8 @@ abstract class ArtefactType {
delete_records
(
'view_artefact'
,
'artefact'
,
$this
->
id
);
delete_records
(
'artefact_feedback'
,
'artefact'
,
$this
->
id
);
delete_records
(
'artefact_tag'
,
'artefact'
,
$this
->
id
);
delete_records
(
'artefact_access_role'
,
'artefact'
,
$this
->
id
);
delete_records
(
'artefact_access_usr'
,
'artefact'
,
$this
->
id
);
// Delete the record itself.
delete_records
(
'artefact'
,
'id'
,
$this
->
id
);
...
...
htdocs/lang/en.utf8/mahara.php
View file @
f0a03781
...
...
@@ -478,6 +478,7 @@ $string['Artefact'] = 'Artefact';
$string
[
'Artefacts'
]
=
'Artefacts'
;
$string
[
'artefactnotfound'
]
=
'Artefact with id %s not found'
;
$string
[
'artefactnotrendered'
]
=
'Artefact not rendered'
;
$string
[
'nodeletepermission'
]
=
'You do not have permission to delete this artefact'
;
$string
[
'noeditpermission'
]
=
'You do not have permission to edit this artefact'
;
$string
[
'Permissions'
]
=
'Permissions'
;
$string
[
'republish'
]
=
'Publish'
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment