diff --git a/src/app/folder/controllers/FolderController.php b/src/app/folder/controllers/FolderController.php
index dcc1eda7055e2b61c1b752efb9e9ea925306f0e7..7296cf8f2a5f93512ae5e3764fae75bfeb9a4f3c 100755
--- a/src/app/folder/controllers/FolderController.php
+++ b/src/app/folder/controllers/FolderController.php
@@ -192,6 +192,9 @@ class FolderController
if ($data['parent_id'] == $aArgs['id']) {
return $response->withStatus(400)->withJson(['errors' => 'Parent_id and id can not be the same']);
}
+ if (FolderController::isParentFolder(['parent_id' => $data['parent_id'], 'id' => $aArgs['id']])) {
+ return $response->withStatus(400)->withJson(['errors' => 'Id is a parent of parent_id']);
+ }
$folder = FolderController::getScopeFolders(['login' => $GLOBALS['userId'], 'folderId' => $aArgs['id'], 'edition' => true]);
if (empty($folder[0])) {
@@ -658,4 +661,15 @@ class FolderController
return true;
}
+
+ private static function isParentFolder(array $args)
+ {
+ $parentInfo = FolderModel::getById(['id' => $args['parent_id'], 'select' => ['folders.id', 'parent_id']]);
+ if (empty($parentInfo) || $parentInfo['id'] == $args['id']) {
+ return true;
+ } elseif (!empty($parentInfo['parent_id'])) {
+ return FolderController::isParentFolder(['parent_id' => $parentInfo['parent_id'], 'id' => $args['id']]);
+ }
+ return false;
+ }
}
diff --git a/src/app/folder/models/FolderModelAbstract.php b/src/app/folder/models/FolderModelAbstract.php
index f5f3fa19f3a6ae8669e6a4e181b729b9b0fd80bc..c0c4f8b1825ca4ced141ce7e6fafff3c7149c550 100755
--- a/src/app/folder/models/FolderModelAbstract.php
+++ b/src/app/folder/models/FolderModelAbstract.php
@@ -25,7 +25,7 @@ class FolderModelAbstract
'select' => empty($aArgs['select']) ? ['*'] : $aArgs['select'],
'table' => ['folders', 'entities_folders'],
'left_join' => ['folders.id = entities_folders.folder_id'],
- 'where' => ['id = ?'],
+ 'where' => ['folders.id = ?'],
'data' => [$aArgs['id']]
]);