From e7935b1f4f91ee59563d6646818e0de503f5e91f Mon Sep 17 00:00:00 2001 From: Chris Morgan Date: Mon, 23 Jan 2006 02:10:31 +0000 Subject: [PATCH] Pass a version object into user::hasAppVersionModifyPermission() instead of the integer that is the index of the version in the database. --- admin/adminAppQueue.php | 5 ++--- admin/adminTestResults.php | 3 ++- appsubmit.php | 2 +- distributionView.php | 2 +- include/testResults.php | 20 ++++++++++++++------ include/user.php | 6 +++--- testResults.php | 3 ++- 7 files changed, 25 insertions(+), 16 deletions(-) diff --git a/admin/adminAppQueue.php b/admin/adminAppQueue.php index e78baa9..820def0 100644 --- a/admin/adminAppQueue.php +++ b/admin/adminAppQueue.php @@ -104,13 +104,12 @@ if ($_REQUEST['sub']) else if($_REQUEST['apptype'] == 'version') { /* make sure the user has permission to view this version */ - if(!$_SESSION['current']->hasAppVersionModifyPermission($_REQUEST['versionId'])) + $oVersion = new Version($_REQUEST['versionId']); + if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { errorpage("Insufficient privileges."); exit; } - - $oVersion = new Version($_REQUEST['versionId']); } else { //error no Id! diff --git a/admin/adminTestResults.php b/admin/adminTestResults.php index 0c00253..14b79af 100644 --- a/admin/adminTestResults.php +++ b/admin/adminTestResults.php @@ -16,7 +16,8 @@ require_once(BASE."include/distributions.php"); if ($_REQUEST['sub']) { $oTest = new testData($_REQUEST['iTestingId']); - if (!($_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId))) + $oVersion = new Version($oTest->iVersionId); + if(!($_SESSION['current']->hasAppVersionModifyPermission($oVersion))) { errorpage("Insufficient privileges."); exit; diff --git a/appsubmit.php b/appsubmit.php index 1560890..5ad1abe 100644 --- a/appsubmit.php +++ b/appsubmit.php @@ -95,7 +95,7 @@ if ($_REQUEST['sub']) $oVersion = new Version($_REQUEST['versionId']); // make sure the user has permission to view this version - if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion->versionId) && + if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && (($oVersion->queued=="false")?true:false) && !$_SESSION['current']->isVersionSubmitter($oVersion->versionId)) { diff --git a/distributionView.php b/distributionView.php index 5a6e879..61280b5 100644 --- a/distributionView.php +++ b/distributionView.php @@ -140,7 +140,7 @@ else echo ''.$oTest->sInstalls.' ',"\n"; echo ''.$oTest->sRuns.' ',"\n"; echo ''.$oTest->sTestedRating.' ',"\n"; - if ($_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)) + if ($_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { echo '',"\n"; echo 'Edit',"\n"; diff --git a/include/testResults.php b/include/testResults.php index 477bc53..4221d3a 100644 --- a/include/testResults.php +++ b/include/testResults.php @@ -62,8 +62,9 @@ class testData{ function create() { // Security, if we are not an administrator or an maintainer the test result must be queued. + $oVersion = new Version($oTest->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)) + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) $this->sQueued = 'true'; else $this->sQueued = 'false'; @@ -99,8 +100,9 @@ class testData{ function update($bSilent=false) { // is the current user allowed to update this testing result? + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !(($_SESSION['current']->iUserId == $this->iSubmitterId) && !($this->sQueued == 'false'))) { return; @@ -132,8 +134,9 @@ class testData{ function delete($bSilent=false) { // is the current user allowed to delete this testing result? + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !(($_SESSION['current']->iUserId == $this->iSubmitterId) && !($this->sQueued == 'false'))) { return; @@ -158,7 +161,9 @@ class testData{ function unQueue() { // is the current user allowed to delete this testing data? - if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId)) + $oVersion = new Version($this->iVersionId); + if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { return; } @@ -180,7 +185,9 @@ class testData{ function Reject() { // is the current user allowed to delete this testing data? - if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId)) + $oVersion = new Version($this->iVersionId); + if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { return; } @@ -202,8 +209,9 @@ class testData{ function ReQueue() { // is the current user allowed to requeue this data + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !$_SESSION['current']->iUserId == $this->iSubmitterId) { return; diff --git a/include/user.php b/include/user.php index 9b195d6..7692b33 100644 --- a/include/user.php +++ b/include/user.php @@ -931,7 +931,7 @@ class User { if($this->hasPriv("admin")) return true; - if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true; return false; @@ -945,7 +945,7 @@ class User { if($this->hasPriv("admin")) return true; - if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true; return false; @@ -959,7 +959,7 @@ class User { if($this->hasPriv("admin")) return true; - if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true; if(($this->iUserId == $oVersion->iSubmitterId) && diff --git a/testResults.php b/testResults.php index f0cdab4..9db860f 100644 --- a/testResults.php +++ b/testResults.php @@ -69,8 +69,9 @@ if ($_REQUEST['sub']) if(is_numeric($_REQUEST['iTestingId'])) { // make sure the user has permission to view this testing result + $oVersion = new Version($oTest->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)&& + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)&& !(($_SESSION['current']->iUserId == $oTest->iSubmitterId) && !($oTest->sQueued == 'false'))) { errorpage("Insufficient privileges.");