Schlaefer /
Saito
| @@ 116-129 (lines=14) @@ | ||
| 113 | $pid = $this->getRequest()->getQuery('pid', null); |
|
| 114 | $isAnswer = !empty($pid); |
|
| 115 | ||
| 116 | if ($isAnswer) { |
|
| 117 | /** @var PostingInterface */ |
|
| 118 | $parent = $this->Entries->get($pid); |
|
| 119 | ||
| 120 | // Don't leak content of forbidden categories |
|
| 121 | if ($parent->isAnsweringForbidden()) { |
|
| 122 | throw new SaitoForbiddenException( |
|
| 123 | 'Access to parent in PostingsController:meta() forbidden.', |
|
| 124 | ['CurrentUser' => $this->CurrentUser] |
|
| 125 | ); |
|
| 126 | } |
|
| 127 | ||
| 128 | $this->set('parent', $parent); |
|
| 129 | } |
|
| 130 | ||
| 131 | if ($isEdit) { |
|
| 132 | /** @var PostingInterface */ |
|
| @@ 131-141 (lines=11) @@ | ||
| 128 | $this->set('parent', $parent); |
|
| 129 | } |
|
| 130 | ||
| 131 | if ($isEdit) { |
|
| 132 | /** @var PostingInterface */ |
|
| 133 | $posting = $this->Entries->get($id); |
|
| 134 | if (!$posting->isEditingAllowed()) { |
|
| 135 | throw new SaitoForbiddenException( |
|
| 136 | 'Access to posting in PostingsController:meta() forbidden.', |
|
| 137 | ['CurrentUser' => $this->CurrentUser] |
|
| 138 | ); |
|
| 139 | } |
|
| 140 | $this->set('posting', $posting); |
|
| 141 | } |
|
| 142 | ||
| 143 | $settings = Configure::read('Saito.Settings'); |
|
| 144 | ||
