EditAsset: allow users to edit their own photos

This commit is contained in:
Aaron van Geffen 2023-11-11 15:14:57 +01:00
parent baf53ed42b
commit 83da4a26ac
2 changed files with 10 additions and 4 deletions

View File

@ -10,10 +10,6 @@ class EditAsset extends HTMLController
{ {
public function __construct() public function __construct()
{ {
// Ensure it's just admins at this point.
if (!Registry::get('user')->isAdmin())
throw new NotAllowedException();
if (empty($_GET['id'])) if (empty($_GET['id']))
throw new Exception('Invalid request.'); throw new Exception('Invalid request.');
@ -21,6 +17,11 @@ class EditAsset extends HTMLController
if (empty($asset)) if (empty($asset))
throw new NotFoundException('Asset not found'); throw new NotFoundException('Asset not found');
// Can we edit this asset?
$user = Registry::get('user');
if (!($user->isAdmin() || $asset->isOwnedBy($user)))
throw new NotAllowedException();
if (isset($_REQUEST['delete'])) if (isset($_REQUEST['delete']))
throw new Exception('Not implemented.'); throw new Exception('Not implemented.');

View File

@ -383,6 +383,11 @@ class Asset
return new Image(get_object_vars($this)); return new Image(get_object_vars($this));
} }
public function isOwnedBy(User $user)
{
return $this->id_user_uploaded == $user->getUserId();
}
public function replaceFile($filename) public function replaceFile($filename)
{ {
// No filename? Abort! // No filename? Abort!