Minahito
minah****@users*****
2006年 2月 3日 (金) 15:03:24 JST
Index: xoops2jp/html/modules/base/class/Legacy_AdminModuleController.class.php diff -u xoops2jp/html/modules/base/class/Legacy_AdminModuleController.class.php:1.1.2.10 xoops2jp/html/modules/base/class/Legacy_AdminModuleController.class.php:1.1.2.11 --- xoops2jp/html/modules/base/class/Legacy_AdminModuleController.class.php:1.1.2.10 Fri Feb 3 02:00:14 2006 +++ xoops2jp/html/modules/base/class/Legacy_AdminModuleController.class.php Fri Feb 3 15:03:24 2006 @@ -1,5 +1,5 @@ <?php -// $Id: Legacy_AdminModuleController.class.php,v 1.1.2.10 2006/02/02 17:00:14 minahito Exp $ +// $Id: Legacy_AdminModuleController.class.php,v 1.1.2.11 2006/02/03 06:03:24 minahito Exp $ // ------------------------------------------------------------------------ // // XOOPSCube - PHP Content Management System // // Copyright (c) 2005 XOOPSCube.org // @@ -72,6 +72,14 @@ } /** + * Check current user's permission, return boolean as its result. If current + * module's dirname is Base or System, check whether current user has one of + * the permissions of administrator. + * + * The check of this method is loose for Base module and System module only. + * But, In Base module's controller, system must check his permission strictly. + * + * @access public * @todo This method re-writes $GLOBAL['xoopsUserIsAdmin']! Wmm... * @return bool */ @@ -82,17 +90,22 @@ // // The guest user is never administrator. // - if(!is_object($xoopsUser)) + if (!is_object($xoopsUser)) return false; - - $xoopsModule=&$this->mModuleObject; + // + // Decide $mid as a argument for checkRight() by current module's dirname. + // + $mid = 0; + if ($this->mModuleObject->get('dirname') == 'base' || $this->mModuleObject->get('dirname') == 'system') { + $mid = -1; + } + else { + $mid = $this->mModuleObject->get('mid'); + } + $modPermHandler =& xoops_gethandler('groupperm'); - - if (!$modPermHandler->checkRight('module_admin', $xoopsModule->getVar('mid'), $xoopsUser->getGroups())) - return false; - - return true; + return $modPermHandler->checkRight('module_admin', $mid, $xoopsUser->getGroups()); } /**