Commit 17f22518 authored by Florian Azizian's avatar Florian Azizian

FIX #11296 TIME 0:40 parent_id can not be a child of folder id

parent b8b5981b
......@@ -192,6 +192,9 @@ class FolderController
if ($data['parent_id'] == $aArgs['id']) {
return $response->withStatus(400)->withJson(['errors' => 'Parent_id and id can not be the same']);
}
if (FolderController::isParentFolder(['parent_id' => $data['parent_id'], 'id' => $aArgs['id']])) {
return $response->withStatus(400)->withJson(['errors' => 'Id is a parent of parent_id']);
}
$folder = FolderController::getScopeFolders(['login' => $GLOBALS['userId'], 'folderId' => $aArgs['id'], 'edition' => true]);
if (empty($folder[0])) {
......@@ -658,4 +661,15 @@ class FolderController
return true;
}
private static function isParentFolder(array $args)
{
$parentInfo = FolderModel::getById(['id' => $args['parent_id'], 'select' => ['folders.id', 'parent_id']]);
if (empty($parentInfo) || $parentInfo['id'] == $args['id']) {
return true;
} elseif (!empty($parentInfo['parent_id'])) {
return FolderController::isParentFolder(['parent_id' => $parentInfo['parent_id'], 'id' => $args['id']]);
}
return false;
}
}
......@@ -25,7 +25,7 @@ class FolderModelAbstract
'select' => empty($aArgs['select']) ? ['*'] : $aArgs['select'],
'table' => ['folders', 'entities_folders'],
'left_join' => ['folders.id = entities_folders.folder_id'],
'where' => ['id = ?'],
'where' => ['folders.id = ?'],
'data' => [$aArgs['id']]
]);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment