Commit f238e5b448d70700b276c471e45413a341465c2e
1 parent
4672f890
KTS-250: restrict mass delete to write permission.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4713 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
5 additions
and
0 deletions
browse.php
| @@ -498,6 +498,8 @@ class BrowseDispatcher extends KTStandardDispatcher { | @@ -498,6 +498,8 @@ class BrowseDispatcher extends KTStandardDispatcher { | ||
| 498 | $res = KTUtil::arrayGet($_REQUEST,'sReason'); | 498 | $res = KTUtil::arrayGet($_REQUEST,'sReason'); |
| 499 | $sReason = $this->oValidator->notEmpty($res, $aErrorOptions); | 499 | $sReason = $this->oValidator->notEmpty($res, $aErrorOptions); |
| 500 | 500 | ||
| 501 | + | ||
| 502 | + | ||
| 501 | // FIXME we need to sort out the (inconsistent) use of transactions here. | 503 | // FIXME we need to sort out the (inconsistent) use of transactions here. |
| 502 | $aFolders = array(); | 504 | $aFolders = array(); |
| 503 | $aDocuments = array(); | 505 | $aDocuments = array(); |
| @@ -511,6 +513,9 @@ class BrowseDispatcher extends KTStandardDispatcher { | @@ -511,6 +513,9 @@ class BrowseDispatcher extends KTStandardDispatcher { | ||
| 511 | } | 513 | } |
| 512 | foreach ($aDocumentSelection as $id) { | 514 | foreach ($aDocumentSelection as $id) { |
| 513 | $oD = Document::get($id); | 515 | $oD = Document::get($id); |
| 516 | + if (!Permission::userHasDocumentWritePermission($oD)) { | ||
| 517 | + return $this->errorRedirectToMain(sprintf(_('You do not have permissions to delete the documen: %s'), $oD->getName())); | ||
| 518 | + } | ||
| 514 | if (PEAR::isError($oD) || ($oD == false)) { | 519 | if (PEAR::isError($oD) || ($oD == false)) { |
| 515 | return $this->errorRedirectToMain(_('Invalid Document selected.')); | 520 | return $this->errorRedirectToMain(_('Invalid Document selected.')); |
| 516 | } else { | 521 | } else { |