From db8b45dd595ed1a9a72c8fbaf336f65c73e47245 Mon Sep 17 00:00:00 2001
From: "gouz@root-me.org" <>
Date: Mon, 10 Sep 2018 07:58:25 +0000
Subject: [PATCH] =?UTF-8?q?correction=20:=20verification=20de=20la=20confi?=
 =?UTF-8?q?guration=20directement=20dans=20le=20pipeline=20medias=5Faffich?=
 =?UTF-8?q?er=5Fcomplement=5Fobjet()=20pour=20l'affichage=20du=20portfolio?=
 =?UTF-8?q?=20associ=C3=A9=20a=20un=20objet=20cot=C3=A9=20priv=C3=A9,=20ac?=
 =?UTF-8?q?tuellement=20un=20r=C3=A9dacteur=20ne=20peut=20pas=20voir=20les?=
 =?UTF-8?q?=20documents=20associ=C3=A9s=20a=20un=20objet=20(alors=20qu'il?=
 =?UTF-8?q?=20en=20a=20le=20droit)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 medias_pipelines.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/medias_pipelines.php b/medias_pipelines.php
index 39755550..94713779 100644
--- a/medias_pipelines.php
+++ b/medias_pipelines.php
@@ -187,11 +187,14 @@ function medias_post_edition($flux) {
  */
 function medias_afficher_complement_objet($flux) {
 	if ($type = $flux['args']['type']
-		and $id = intval($flux['args']['id'])
-		and (autoriser('voir', 'document', $id))
+		and $id = intval($flux['args']['id']))
 	) {
-		$documenter_objet = charger_fonction('documenter_objet', 'inc');
-		$flux['data'] .= $documenter_objet($id, $type);
+		include_spip('inc/config');
+		// document autorisé en upload sur cet objet ?
+		if ($type == 'article' or in_array(table_objet_sql($type), explode(',', lire_config('documents_objets', '')))) {
+			$documenter_objet = charger_fonction('documenter_objet', 'inc');
+			$flux['data'] .= $documenter_objet($id, $type);
+		}
 	}
 
 	return $flux;
-- 
GitLab