Overview
Comment:Skeleton code should not be public
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dev
Files: files | file ages | folders
SHA3-256: d5fc0039a26363142094bb852077850ca6dd5812a6645ba3f453e1c8c822baf4
User & Date: bohwaz on 2021-03-17 15:46:20
Other Links: branch diff | manifest | tags
Context
2021-03-17
17:13
Add link to open website in config check-in: db417ce3f4 user: bohwaz tags: dev
15:46
Skeleton code should not be public check-in: d5fc0039a2 user: bohwaz tags: dev
13:34
Make sure data directory exists check-in: 2b254bee85 user: bohwaz tags: dev
Changes

Modified src/include/lib/Garradin/Entities/Files/File.php from [a6d44f67c0] to [72cbf43713].

713
714
715
716
717
718
719
720
721
722
723



724
725
726
727
728
729
730
731
		if ($this->isPublic()) {
			return true;
		}

		$context = $this->context();
		$ref = strtok(substr($this->path, strpos($this->path, '/')), '/');

		if (null === $session) {
			return false;
		}




		if ($context == self::CONTEXT_TRANSACTION && $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_READ)) {
			return true;
		}
		// The user can access his own profile files
		else if ($context == self::CONTEXT_USER && $ref == $session->getUser()->id) {
			return true;
		}
		// Only users able to manage users can see their profile files







|



>
>
>
|







713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
		if ($this->isPublic()) {
			return true;
		}

		$context = $this->context();
		$ref = strtok(substr($this->path, strpos($this->path, '/')), '/');

		if (null === $session || !$session->isLogged()) {
			return false;
		}

		if ($context == self::CONTEXT_SKELETON && $session->canAccess($session::SECTION_WEB, $session::ACCESS_ADMIN)) {
			return true;
		}
		elseif ($context == self::CONTEXT_TRANSACTION && $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_READ)) {
			return true;
		}
		// The user can access his own profile files
		else if ($context == self::CONTEXT_USER && $ref == $session->getUser()->id) {
			return true;
		}
		// Only users able to manage users can see their profile files
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
		return sha1($this->path);
	}

	public function isPublic(): bool
	{
		$context = $this->context();

		if ($context == self::CONTEXT_CONFIG || $context == self::CONTEXT_WEB || $context == self::CONTEXT_SKELETON) {
			return true;
		}

		return false;
	}

	public function getEditor(): ?string







|







824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
		return sha1($this->path);
	}

	public function isPublic(): bool
	{
		$context = $this->context();

		if ($context == self::CONTEXT_CONFIG || $context == self::CONTEXT_WEB) {
			return true;
		}

		return false;
	}

	public function getEditor(): ?string