Added admin area check function into _beforeDelete methods of some mo…

…dels Fixed merging compare lists
organicinternet · Sep 2, 2008 · 3e5d919 · 3e5d919
1 parent f5ae7b0
commit 3e5d919
Show file tree

Hide file tree

Showing 15 changed files with 76 additions and 3 deletions.
diff --git a/app/Mage.php b/app/Mage.php
@@ -74,7 +74,7 @@ final class Mage {
 
     public static function getVersion()
     {
-        return '1.1.3';
+        return '1.1.4';
     }
 
     /**

diff --git a/app/code/core/Mage/Catalog/Model/Category.php b/app/code/core/Mage/Catalog/Model/Category.php
@@ -429,4 +429,9 @@ public function getName()
         return $this->_getData('name');
     }
 
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Catalog/Model/Product.php b/app/code/core/Mage/Catalog/Model/Product.php
@@ -373,7 +373,8 @@ protected function _beforeDelete()
     {
         $this->_substractQtyFromQuotes();
         $this->cleanCache();
-        parent::_beforeDelete();
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
     }
 
     /**

diff --git a/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php b/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php
@@ -80,7 +80,6 @@ public function bindCustomerLogin()
         $customer = Mage::getSingleton('customer/session')->getCustomer();
         $visitorItemCollection = Mage::getResourceModel('catalog/product_compare_item_collection')
             ->setObject('catalog/product_compare_item')
-            ->useProductItem(true)
             ->setVisitorId(Mage::getSingleton('log/visitor')->getId())
             ->load();
 

diff --git a/app/code/core/Mage/Core/Model/Abstract.php b/app/code/core/Mage/Core/Model/Abstract.php
@@ -313,6 +313,18 @@ protected function _beforeDelete()
         return $this;
     }
 
+    /**
+     * Safeguard func that will check, if we are in admin area
+     *
+     * @throws Mage_Core_Exception
+     */
+    protected function _protectFromNonAdmin()
+    {
+        if (!Mage::app()->getStore()->isAdmin()) {
+            Mage::throwException(Mage::helper('core')->__('Cannot complete this operation from non-admin area.'));
+        }
+    }
+
     /**
      * Processing object after delete data
      *

diff --git a/app/code/core/Mage/Core/Model/Store.php b/app/code/core/Mage/Core/Model/Store.php
@@ -742,4 +742,9 @@ public function getName()
         return $this->_getData('name');
     }
 
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Core/Model/Store/Group.php b/app/code/core/Mage/Core/Model/Store/Group.php
@@ -251,4 +251,9 @@ public function getWebsiteId()
         return $this->_getData('website_id');
     }
 
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Core/Model/Website.php b/app/code/core/Mage/Core/Model/Website.php
@@ -433,4 +433,9 @@ public function getCode()
         return $this->_getData('code');
     }
 
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Customer/Model/Customer.php b/app/code/core/Mage/Customer/Model/Customer.php
@@ -924,4 +924,9 @@ function validateAddress(array $data, $type = 'billing')
         return false;
     }
 
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Review/Model/Review.php b/app/code/core/Mage/Review/Model/Review.php
@@ -127,4 +127,10 @@ public function appendSummary($collection)
             }
         }
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Sales/Model/Order.php b/app/code/core/Mage/Sales/Model/Order.php
@@ -1417,4 +1417,10 @@ protected function _needToAddDummy($item, $qtys = array()) {
             return false;
         }
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Sales/Model/Order/Creditmemo.php b/app/code/core/Mage/Sales/Model/Order/Creditmemo.php
@@ -667,4 +667,10 @@ protected function _getEmails($configPath)
         }
         return false;
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Sales/Model/Order/Invoice.php b/app/code/core/Mage/Sales/Model/Order/Invoice.php
@@ -684,4 +684,10 @@ protected function _getEmails($configPath)
         }
         return false;
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Sales/Model/Order/Shipment.php b/app/code/core/Mage/Sales/Model/Order/Shipment.php
@@ -448,4 +448,10 @@ protected function _beforeSave()
             );
         }
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }
diff --git a/app/code/core/Mage/Tag/Model/Tag.php b/app/code/core/Mage/Tag/Model/Tag.php
@@ -142,4 +142,10 @@ public function getPopularCollection()
     {
         return Mage::getResourceModel('tag/popular_collection');
     }
+
+    protected function _beforeDelete()
+    {
+        $this->_protectFromNonAdmin();
+        return parent::_beforeDelete();
+    }
 }