EditAsset: allow users to edit their own photos
This commit is contained in:
parent
baf53ed42b
commit
83da4a26ac
@ -10,10 +10,6 @@ class EditAsset extends HTMLController
|
|||||||
{
|
{
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
// Ensure it's just admins at this point.
|
|
||||||
if (!Registry::get('user')->isAdmin())
|
|
||||||
throw new NotAllowedException();
|
|
||||||
|
|
||||||
if (empty($_GET['id']))
|
if (empty($_GET['id']))
|
||||||
throw new Exception('Invalid request.');
|
throw new Exception('Invalid request.');
|
||||||
|
|
||||||
@ -21,6 +17,11 @@ class EditAsset extends HTMLController
|
|||||||
if (empty($asset))
|
if (empty($asset))
|
||||||
throw new NotFoundException('Asset not found');
|
throw new NotFoundException('Asset not found');
|
||||||
|
|
||||||
|
// Can we edit this asset?
|
||||||
|
$user = Registry::get('user');
|
||||||
|
if (!($user->isAdmin() || $asset->isOwnedBy($user)))
|
||||||
|
throw new NotAllowedException();
|
||||||
|
|
||||||
if (isset($_REQUEST['delete']))
|
if (isset($_REQUEST['delete']))
|
||||||
throw new Exception('Not implemented.');
|
throw new Exception('Not implemented.');
|
||||||
|
|
||||||
|
@ -383,6 +383,11 @@ class Asset
|
|||||||
return new Image(get_object_vars($this));
|
return new Image(get_object_vars($this));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isOwnedBy(User $user)
|
||||||
|
{
|
||||||
|
return $this->id_user_uploaded == $user->getUserId();
|
||||||
|
}
|
||||||
|
|
||||||
public function replaceFile($filename)
|
public function replaceFile($filename)
|
||||||
{
|
{
|
||||||
// No filename? Abort!
|
// No filename? Abort!
|
||||||
|
Loading…
Reference in New Issue
Block a user