Overview
Comment: | Skeleton code should not be public |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | dev |
Files: | files | file ages | folders |
SHA3-256: |
d5fc0039a26363142094bb852077850c |
User & Date: | bohwaz on 2021-03-17 15:46:20 |
Other Links: | branch diff | manifest | tags |
Context
2021-03-17
| ||
17:13 | Add link to open website in config check-in: db417ce3f4 user: bohwaz tags: dev | |
15:46 | Skeleton code should not be public check-in: d5fc0039a2 user: bohwaz tags: dev | |
13:34 | Make sure data directory exists check-in: 2b254bee85 user: bohwaz tags: dev | |
Changes
Modified src/include/lib/Garradin/Entities/Files/File.php from [a6d44f67c0] to [72cbf43713].
︙ | ︙ | |||
713 714 715 716 717 718 719 | if ($this->isPublic()) { return true; } $context = $this->context(); $ref = strtok(substr($this->path, strpos($this->path, '/')), '/'); | | > > > | | 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 | if ($this->isPublic()) { return true; } $context = $this->context(); $ref = strtok(substr($this->path, strpos($this->path, '/')), '/'); if (null === $session || !$session->isLogged()) { return false; } if ($context == self::CONTEXT_SKELETON && $session->canAccess($session::SECTION_WEB, $session::ACCESS_ADMIN)) { return true; } elseif ($context == self::CONTEXT_TRANSACTION && $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_READ)) { return true; } // The user can access his own profile files else if ($context == self::CONTEXT_USER && $ref == $session->getUser()->id) { return true; } // Only users able to manage users can see their profile files |
︙ | ︙ | |||
821 822 823 824 825 826 827 | return sha1($this->path); } public function isPublic(): bool { $context = $this->context(); | | | 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 | return sha1($this->path); } public function isPublic(): bool { $context = $this->context(); if ($context == self::CONTEXT_CONFIG || $context == self::CONTEXT_WEB) { return true; } return false; } public function getEditor(): ?string |
︙ | ︙ |