From e1d6e79f097b65391afd77ba78a30d412bb966e2 Mon Sep 17 00:00:00 2001 From: Jocelyn Fiat Date: Wed, 20 Jan 2016 14:06:45 +0100 Subject: [PATCH] Now check permissions for "upload files". --- .../file_upload/cms_file_uploader_module.e | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/modules/file_upload/cms_file_uploader_module.e b/modules/file_upload/cms_file_uploader_module.e index 23c75fe..818797c 100644 --- a/modules/file_upload/cms_file_uploader_module.e +++ b/modules/file_upload/cms_file_uploader_module.e @@ -207,23 +207,29 @@ feature -- Handler r: CMS_RESPONSE do if req.is_get_head_request_method or req.is_post_request_method then - -- create body create body.make_empty body.append ("

Upload files

%N") - body.append ("

Please choose some file(s) to upload.

") - -- create form to choose files and upload them - body.append ("
%N") - body.append (" %N") - body.append ("%N") - body.append ("
%N") + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + if r.has_permission ("upload files") then + -- create body + body.append ("

Please choose some file(s) to upload.

") - if req.is_post_request_method then - process_uploaded_files (req, api, body) + -- create form to choose files and upload them + body.append ("
%N") + body.append (" %N") + body.append ("%N") + body.append ("
%N") + + if req.is_post_request_method then + process_uploaded_files (req, api, body) + end + else + create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api) end -- Build the response. - create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + append_uploaded_file_album_to (req, api, body) r.set_main_content (body) else