karsten/scattport-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check userrights for projects correctly and update the last access

Browse Source
This commit is contained in:
Eike Foken
2011-09-21 00:18:56 +02:00
parent 37daf6a6b4
commit 3edd0ace88
2 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
application/controllers/projects.php
View File

@@ -118,10 +118,14 @@ class Projects extends MY_Controller {
show_404(); show_404();
} }
if (!$this->_checkAccess($project['id'])) { // check if the user has access // check if the user has access
if (!$this->_checkAccess($project['id'])) {
show_error(_("Sorry, you don't have access to this project."), 403); show_error(_("Sorry, you don't have access to this project."), 403);
} }
// updates the last access
$this->project->updateLastAccess($project['id']);
// mark a shared project as seen // mark a shared project as seen
$this->share->markSeen($project['id']); $this->share->markSeen($project['id']);
@@ -186,18 +190,23 @@ class Projects extends MY_Controller {
*/ */
public function delete($id) { public function delete($id) {
$project = $this->project->getById($id); $project = $this->project->getById($id);
if (!$project || $project['owner'] != $this->session->userdata('user_id')) { if (!$project) {
show_404(); show_404();
} }
// check if the user has access
if ($project['owner'] != $this->session->userdata('user_id') && !$this->access->isAdmin()) {
show_error(_("Sorry, you don't have access to this project."), 403);
}
$this->load->helper('file'); $this->load->helper('file');
$projectPath = FCPATH . 'uploads/' . $id; $projectPath = FCPATH . 'uploads/' . $project['id'];
if (delete_files($projectPath, true)) { if (delete_files($projectPath, true)) {
rmdir($projectPath); rmdir($projectPath);
} }
if ($this->project->delete($id)) { if ($this->project->delete($project['id'])) {
$this->messages->add(_('The project was deleted.'), 'success'); $this->messages->add(_('The project was deleted.'), 'success');
} }
redirect('projects', 303); redirect('projects', 303);

12
application/models/project.php
View File

@@ -126,7 +126,6 @@ class Project extends CI_Model {
*/ */
public function getById($projectId) { public function getById($projectId) {
$result = $this->db->get_where('projects', array('id' => $projectId))->row_array(); $result = $this->db->get_where('projects', array('id' => $projectId))->row_array();
$this->db->where('id', $projectId)->update('projects', array('last_access' => mysql_now()));
if ($result) { if ($result) {
return $this->_addShortName($result); return $this->_addShortName($result);
@@ -216,6 +215,17 @@ class Project extends CI_Model {
return $this->db->where('id', $projectId)->update('projects', $data); return $this->db->where('id', $projectId)->update('projects', $data);
} }
/**
* Updates the last access of a project.
*
* @param string $projectId The ID of the project to update
* @return boolean Returns TRUE on success.
*/
public function updateLastAccess($projectId) {
$this->db->where('id', $projectId)->update('projects', array('last_access' => mysql_now()));
return $this->db->affected_rows() == 0;
}
/** /**
* Deletes a project. * Deletes a project.
* *