Check userrights for projects correctly and update the last access
This commit is contained in:
Eike Foken
@@ -118,10 +118,14 @@ class Projects extends MY_Controller {
|
||||
show_404();
|
||||
}
|
||||
|
||||
if (!$this->_checkAccess($project['id'])) { // check if the user has access
|
||||
// check if the user has access
|
||||
if (!$this->_checkAccess($project['id'])) {
|
||||
show_error(_("Sorry, you don't have access to this project."), 403);
|
||||
}
|
||||
|
||||
// updates the last access
|
||||
$this->project->updateLastAccess($project['id']);
|
||||
|
||||
// mark a shared project as seen
|
||||
$this->share->markSeen($project['id']);
|
||||
|
||||
@@ -186,18 +190,23 @@ class Projects extends MY_Controller {
|
||||
*/
|
||||
public function delete($id) {
|
||||
$project = $this->project->getById($id);
|
||||
if (!$project || $project['owner'] != $this->session->userdata('user_id')) {
|
||||
if (!$project) {
|
||||
show_404();
|
||||
}
|
||||
|
||||
// check if the user has access
|
||||
if ($project['owner'] != $this->session->userdata('user_id') && !$this->access->isAdmin()) {
|
||||
show_error(_("Sorry, you don't have access to this project."), 403);
|
||||
}
|
||||
|
||||
$this->load->helper('file');
|
||||
|
||||
$projectPath = FCPATH . 'uploads/' . $id;
|
||||
$projectPath = FCPATH . 'uploads/' . $project['id'];
|
||||
if (delete_files($projectPath, true)) {
|
||||
rmdir($projectPath);
|
||||
}
|
||||
|
||||
if ($this->project->delete($id)) {
|
||||
if ($this->project->delete($project['id'])) {
|
||||
$this->messages->add(_('The project was deleted.'), 'success');
|
||||
}
|
||||
redirect('projects', 303);
|
||||
|
||||
@@ -126,7 +126,6 @@ class Project extends CI_Model {
|
||||
*/
|
||||
public function getById($projectId) {
|
||||
$result = $this->db->get_where('projects', array('id' => $projectId))->row_array();
|
||||
$this->db->where('id', $projectId)->update('projects', array('last_access' => mysql_now()));
|
||||
|
||||
if ($result) {
|
||||
return $this->_addShortName($result);
|
||||
@@ -216,6 +215,17 @@ class Project extends CI_Model {
|
||||
return $this->db->where('id', $projectId)->update('projects', $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the last access of a project.
|
||||
*
|
||||
* @param string $projectId The ID of the project to update
|
||||
* @return boolean Returns TRUE on success.
|
||||
*/
|
||||
public function updateLastAccess($projectId) {
|
||||
$this->db->where('id', $projectId)->update('projects', array('last_access' => mysql_now()));
|
||||
return $this->db->affected_rows() == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes a project.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user