🐛 Fix request authorisation
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
@@ -136,6 +136,6 @@ function get_subscribers($db, $request) {
|
||||
return $users_result;
|
||||
}
|
||||
|
||||
function isAuthorised($authorised_users, $request) {
|
||||
if (in_array($authorised_users, $_SESSION['uuid']) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
|
||||
function isAuthorised($user, $authorised_users, $request) {
|
||||
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
|
||||
}
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
|
||||
$request = get_request($db, $_GET['rid']);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
|
||||
// Close request
|
||||
if ($is_authorised == true) {
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
@@ -25,4 +25,4 @@
|
||||
header('Location: /view?rid=' . $request['uuid'], true);
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
$request = get_request($db, $_POST['rid']);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
|
||||
// If form submitted, save to database
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
@@ -26,4 +26,4 @@
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
$request = get_request($db, $_POST['rid']);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
|
||||
// If form submitted, save to database
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
@@ -35,4 +35,4 @@
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<?php
|
||||
$PAGE_NAME = "Update Request";
|
||||
require_once __DIR__ . "/../includes/header.php";
|
||||
|
||||
|
||||
$request = get_request($db, $_GET['rid']);
|
||||
$updates = get_updates($db, $request);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
?>
|
||||
|
||||
|
||||
@@ -138,7 +138,7 @@
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
|
||||
<?php } else if ($is_authorised == false) { ?>
|
||||
<section class="jumbotron text-center">
|
||||
<div class="container">
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
$request = get_request($db, $_GET['rid']);
|
||||
$updates = get_updates($db, $request);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
?>
|
||||
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
$request = get_request($db, $_GET['rid']);
|
||||
$updates = get_updates($db, $request);
|
||||
$authorised_users = get_subscribers($db, $request);
|
||||
$is_authorised = isAuthorised($authorised_users, $request);
|
||||
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||
?>
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user