Prevent users without edit_locked permission from unlocking and editi…

…ng locked elements [modxcms#14702] 3.x recreated version of modxcms#14739 to ease inclusion in 3.x
Mark-H · Sep 18, 2019 · eb61559 · eb61559
1 parent c249621
commit eb61559
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/core/src/Revolution/Processors/Element/Update.php b/core/src/Revolution/Processors/Element/Update.php
@@ -29,6 +29,15 @@ abstract class Update extends modObjectUpdateProcessor
     /** @var modElement $object */
     public $object;
 
+    public function beforeSet()
+    {
+        // Make sure the element isn't locked
+        if ($this->object->get('locked') && !$this->modx->hasPermission('edit_locked')) {
+            return $this->modx->lexicon($this->objectType.'_err_locked');
+        }
+        return parent::beforeSet();
+    }
+
     public function beforeSave()
     {
         $locked = $this->getProperty('locked');
@@ -37,7 +46,7 @@ public function beforeSave()
         }
 
         /* make sure a name was specified */
-        $nameField = $this->classKey == modTemplate::class ? 'templatename' : 'name';
+        $nameField = $this->classKey === modTemplate::class ? 'templatename' : 'name';
         $name = $this->getProperty($nameField, '');
         if (empty($name)) {
             $this->addFieldError($nameField, $this->modx->lexicon($this->objectType . '_err_ns_name'));
@@ -49,11 +58,6 @@ public function beforeSave()
             }
         }
 
-        /* if element is locked */
-        if ($this->object->get('locked') && $this->modx->hasPermission('edit_locked') == false) {
-            $this->addFieldError($nameField, $this->modx->lexicon($this->objectType . '_err_locked'));
-        }
-
         /* category */
         $category = $this->object->get('category');
         $this->previousCategory = $category;

diff --git a/manager/controllers/default/element/chunk/update.class.php b/manager/controllers/default/element/chunk/update.class.php
@@ -77,10 +77,6 @@ public function process(array $scriptProperties = array()) {
         if (empty($this->chunk)) return $this->failure($this->modx->lexicon('chunk_err_nfs',array('id' => $scriptProperties['id'])));
         if (!$this->chunk->checkPolicy('view')) return $this->failure($this->modx->lexicon('access_denied'));
 
-        if ($this->chunk->get('locked') && !$this->modx->hasPermission('edit_locked')) {
-            return $this->failure($this->modx->lexicon('chunk_err_locked'));
-        }
-
         /* grab category for chunk, assign to parser */
         $placeholders['chunk'] = $this->chunk;