mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 15:59:29 +00:00
Created a new function to get post ID with full access.
This commit is contained in:
parent
57cff401ad
commit
29b989952d
@ -337,15 +337,11 @@ class postsController {
|
|||||||
user_login_required();
|
user_login_required();
|
||||||
|
|
||||||
//Get the post ID
|
//Get the post ID
|
||||||
$postID = getPostPostID("postID");
|
$postID = $this->getFullAccessPostID("postID");
|
||||||
|
|
||||||
//Get the visibility level
|
//Get the visibility level
|
||||||
$new_visibility = $this->getPostVisibilityLevel("new_level");
|
$new_visibility = $this->getPostVisibilityLevel("new_level");
|
||||||
|
|
||||||
//Check if the user is allowed to change the visibility level of the post
|
|
||||||
if(CS::get()->components->posts->access_level($postID, userID) != Posts::FULL_ACCESS)
|
|
||||||
Rest_fatal_error(401, "You are not allowed to change the visibility level of this post !");
|
|
||||||
|
|
||||||
//Try to update visibility level
|
//Try to update visibility level
|
||||||
if(!CS::get()->components->posts->update_level($postID, $new_visibility))
|
if(!CS::get()->components->posts->update_level($postID, $new_visibility))
|
||||||
Rest_fatal_error(500, "Couldn't update visibility level !");
|
Rest_fatal_error(500, "Couldn't update visibility level !");
|
||||||
@ -405,4 +401,27 @@ class postsController {
|
|||||||
return $post_visibility[$api_visibility];
|
return $post_visibility[$api_visibility];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function is called to check if the current user has a full access
|
||||||
|
* other a post specified by its ID in a post request
|
||||||
|
*
|
||||||
|
* @param string $name The name of the POST parameter
|
||||||
|
* @return int The ID of the POST (an error is thrown if the user can't be
|
||||||
|
* authenticated as post owner)
|
||||||
|
*/
|
||||||
|
private function getFullAccessPostID(string $name) : int {
|
||||||
|
|
||||||
|
user_login_required();
|
||||||
|
|
||||||
|
//Get the post ID
|
||||||
|
$postID = getPostPostID($name);
|
||||||
|
|
||||||
|
//Check if the user is allowed to change the visibility level of the post
|
||||||
|
if(CS::get()->components->posts->access_level($postID, userID) != Posts::FULL_ACCESS)
|
||||||
|
Rest_fatal_error(401, "You do not the full control of this post !");
|
||||||
|
|
||||||
|
//Return post id
|
||||||
|
return $postID;
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user