oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed: Thingy: "add" and "edit" permission problem

Browse source
This commit is contained in:
Yung Han Khoe 2008-04-07 16:31:14 +00:00
parent 8fce11c813
commit 7ecc11888f
2 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -5,6 +5,7 @@
- fixed: Thingy: subtext is not displayed - fixed: Thingy: subtext is not displayed
- fixed: Thingy: edit/add field popup doesn't fit all options - fixed: Thingy: edit/add field popup doesn't fit all options
- fixed: selecting some field types will crash Thingy - fixed: selecting some field types will crash Thingy
- fixed: Thingy: "add" and "edit" permission problem
7.5.9 7.5.9
- fixed: Collaboration System attachments follow site's max size instead of CS's - fixed: Collaboration System attachments follow site's max size instead of CS's

26
lib/WebGUI/Asset/Wobject/Thingy.pm
View file

@ -1638,15 +1638,21 @@ sub www_editThingData {
my $session = $self->session; my $session = $self->session;
my $thingId = shift || $session->form->process('thingId'); my $thingId = shift || $session->form->process('thingId');
my $thingDataId = shift || $session->form->process('thingDataId') || "new"; my $thingDataId = shift || $session->form->process('thingDataId') || "new";
my (%thingData, $fields,%thingProperties,@field_loop,$fieldValue); my (%thingData, $fields,%thingProperties,@field_loop,$fieldValue, $privilegedGroup);
my $var = $self->get; my $var = $self->get;
my $url = $self->getUrl; my $url = $self->getUrl;
my $i18n = WebGUI::International->new($self->session, "Asset_Thingy"); my $i18n = WebGUI::International->new($self->session, "Asset_Thingy");
my $errors = shift; my $errors = shift;
$var->{error_loop} = $errors if ($errors); $var->{error_loop} = $errors if ($errors);
%thingProperties = $self->session->db->quickHash("select * from Thingy_things where thingId=".$self->session->db->quote($thingId)); %thingProperties = $self->session->db->quickHash("select * from Thingy_things where thingId=?",[$thingId]);
return $self->session->privilege->insufficient() unless $self->hasPrivileges($thingProperties{groupIdEdit}); if ($thingDataId eq "new"){
$privilegedGroup = $thingProperties{groupIdAdd};
}
else{
$privilegedGroup = $thingProperties{groupIdEdit};
}
return $self->session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup);
$var->{canEditThings} = $self->canEdit; $var->{canEditThings} = $self->canEdit;
$var->{"addThing_url"} = $session->url->append($url, 'func=editThing;thingId=new'); $var->{"addThing_url"} = $session->url->append($url, 'func=editThing;thingId=new');
@ -1732,14 +1738,20 @@ sub www_editThingDataSave {
my $self = shift; my $self = shift;
my $session = $self->session; my $session = $self->session;
my ($var,$newThingDataId, $fields,%thingProperties,%thingData,@errors,$hadErrors,$otherThingId,$workflowId); my ($var,$newThingDataId, $fields,%thingProperties,%thingData,@errors,$hadErrors,$otherThingId);
my ($privilegedGroup,$workflowId);
my $thingId = $session->form->process('thingId'); my $thingId = $session->form->process('thingId');
my $thingDataId = $session->form->process('thingDataId'); my $thingDataId = $session->form->process('thingDataId');
my $i18n = WebGUI::International->new($self->session, "Asset_Thingy"); my $i18n = WebGUI::International->new($self->session, "Asset_Thingy");
%thingProperties = $session->db->quickHash("select * from Thingy_things where %thingProperties = $session->db->quickHash("select * from Thingy_things where thingId=?",[$thingId]);
thingId=".$session->db->quote($thingId)); if ($thingDataId eq "new"){
return $session->privilege->insufficient() unless $self->hasPrivileges($thingProperties{groupIdEdit}); $privilegedGroup = $thingProperties{groupIdAdd};
}
else{
$privilegedGroup = $thingProperties{groupIdEdit};
}
return $session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup);
%thingData = ( %thingData = (
thingDataId=>$thingDataId, thingDataId=>$thingDataId,