archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

🐛 Fix request authorisation

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-09 17:09:50 +01:00
parent 07eaf4d05d
commit 671e1826d0
7 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/includes/prereqs.php
View File

@@ -136,6 +136,6 @@ function get_subscribers($db, $request) {
return $users_result;
}
function isAuthorised($authorised_users, $request) {
if (in_array($authorised_users, $_SESSION['uuid']) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
function isAuthorised($user, $authorised_users, $request) {
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

2
app/public/actions/close.php
View File

@@ -4,7 +4,7 @@
$request = get_request($db, $_GET['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
// Close request
if ($is_authorised == true) {

2
app/public/actions/update.php
View File

@@ -4,7 +4,7 @@
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {

2
app/public/actions/upload.php
View File

@@ -4,7 +4,7 @@
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {

2
app/public/update.php
View File

@@ -5,7 +5,7 @@
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
?>

2
app/public/upload.php
View File

@@ -5,7 +5,7 @@
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
?>

2
app/public/view.php
View File

@@ -5,7 +5,7 @@
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
?>