/plzXoo/default/actions/detail.class.php
<?php
class default_DetailAction extends mojaLE_AbstractAction
{
function execute(&$controller,&$request,&$user)
{
global $xoopsUser; // bluemoon added
exFrame::init(EXFRAME_PERM);
// 閲覧権限のチェック
exPerm::GuardRedirect('view_detail','index.php',_MD_PLZXOO_ERROR_PERMISSION);
$id = isset($_REQUEST['qid']) ? intval($_REQUEST['qid']) : 0;
$handler=&plzXoo::getHandler('question');
$question=&$handler->get($id);
if(!is_object($question))
return VIEW_ERROR;
// ステータスが1,2と異なるものは管理者以外キック
if( ! in_array( $question->getVar('status') , array(1,2) ) ) {
if( ! is_object( $GLOBALS['xoopsUser'] ) || ! $GLOBALS['xoopsUser']->isAdmin() )
return VIEW_ERROR;
}
// hack by bluemoon: in
$db =& Database::getInstance() ;
$cid = $question->getVar('cid');
$sql = "SELECT `groupid` FROM ".$db->prefix('plzxoo_category')." WHERE `cid`=".$cid ;
list($groupid) = $db->fetchRow( $db->query( $sql) );
if ( $xoopsUser ){
$gids = array_merge( array(0,3) , $xoopsUser->getGroups());
$permissionOkay = in_array( $groupid, $gids );
}else{
$gids = array(0,3);
$permissionOkay = in_array( $groupid, $gids );
}
if ($permissionOkay){
$handler=&plzXoo::getHandler('answer');
$criteria = new Criteria('qid',$id);
$criteria->setSort('input_date');
$criteria->setOrder('DESC');
$answers=&$handler->getObjects($criteria);
$request->setAttribute('answers',$answers);
// $myrow['answer_body'] = _MD_PLZXOO_ERROR_PERMISSION;
}
// out
$request->setAttribute('question',$question);
return VIEW_SUCCESS;
}
function isSecure()
{
return false;
}
}
?>
0 件のコメント:
コメントを投稿