🐛 Fix deciding if user is authorised

Signed-off-by: Luke Tainton <luke@tainton.uk>
2020-08-10 17:48:53 +01:00
parent 38694bef55
commit 47f8750fd7
3 changed files with 15 additions and 3 deletions
--- a/app/public/actions/addsub.php
+++ b/app/public/actions/addsub.php
@@ -4,7 +4,11 @@

    $request = get_request($db, $_POST['rid']);
    $authorised_users = get_subscribers($db, $request);
-    $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
+    if ($_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    };

    // Add subscriber
    if ($is_authorised == true) {
--- a/app/public/actions/delsub.php
+++ b/app/public/actions/delsub.php
@@ -4,7 +4,11 @@

    $request = get_request($db, $_POST['rid']);
    $authorised_users = get_subscribers($db, $request);
-    $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
+    if ($_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    };

    if (!empty($_POST['delSubSelector'])) {
      $subs_to_remove = implode(",", $_POST['delSubSelector']);
--- a/app/public/editsub.php
+++ b/app/public/editsub.php
@@ -4,7 +4,11 @@

    $request = get_request($db, $_GET['rid']);
    $authorised_users = get_subscribers($db, $request);
-    $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
+    if ($_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    };

    $all_users = get_all_users($db);