🐛 Fix request authorisation
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
@@ -136,6 +136,6 @@ function get_subscribers($db, $request) {
|
|||||||
return $users_result;
|
return $users_result;
|
||||||
}
|
}
|
||||||
|
|
||||||
function isAuthorised($authorised_users, $request) {
|
function isAuthorised($user, $authorised_users, $request) {
|
||||||
if (in_array($authorised_users, $_SESSION['uuid']) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
|
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
$request = get_request($db, $_GET['rid']);
|
$request = get_request($db, $_GET['rid']);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
|
|
||||||
// Close request
|
// Close request
|
||||||
if ($is_authorised == true) {
|
if ($is_authorised == true) {
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
$request = get_request($db, $_POST['rid']);
|
$request = get_request($db, $_POST['rid']);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
|
|
||||||
// If form submitted, save to database
|
// If form submitted, save to database
|
||||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
$request = get_request($db, $_POST['rid']);
|
$request = get_request($db, $_POST['rid']);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
|
|
||||||
// If form submitted, save to database
|
// If form submitted, save to database
|
||||||
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
|
|||||||
@@ -5,7 +5,7 @@
|
|||||||
$request = get_request($db, $_GET['rid']);
|
$request = get_request($db, $_GET['rid']);
|
||||||
$updates = get_updates($db, $request);
|
$updates = get_updates($db, $request);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@
|
|||||||
$request = get_request($db, $_GET['rid']);
|
$request = get_request($db, $_GET['rid']);
|
||||||
$updates = get_updates($db, $request);
|
$updates = get_updates($db, $request);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@
|
|||||||
$request = get_request($db, $_GET['rid']);
|
$request = get_request($db, $_GET['rid']);
|
||||||
$updates = get_updates($db, $request);
|
$updates = get_updates($db, $request);
|
||||||
$authorised_users = get_subscribers($db, $request);
|
$authorised_users = get_subscribers($db, $request);
|
||||||
$is_authorised = isAuthorised($authorised_users, $request);
|
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user