archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Only allow creator to modify subscribers

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-10 17:42:19 +01:00
parent b7d70b953e
commit 8f0521b32d
4 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/public/actions/addsub.php
View File

@@ -1,10 +1,10 @@
<?php <?php
$PAGE_NAME = "Add subscriber"; $PAGE_NAME = "Add Subscriber";
require_once __DIR__ . "/../../includes/prereqs.php"; require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']); $request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
// Add subscriber // Add subscriber
if ($is_authorised == true) { if ($is_authorised == true) {

4
app/public/actions/delsub.php
View File

@@ -1,10 +1,10 @@
<?php <?php
$PAGE_NAME = "Delete subscribers"; $PAGE_NAME = "Delete Subscribers";
require_once __DIR__ . "/../../includes/prereqs.php"; require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']); $request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
if (!empty($_POST['delSubSelector'])) { if (!empty($_POST['delSubSelector'])) {
$subs_to_remove = implode(",", $_POST['delSubSelector']); $subs_to_remove = implode(",", $_POST['delSubSelector']);

4
app/public/editsub.php
View File

@@ -1,10 +1,10 @@
<?php <?php
$PAGE_NAME = "Manage request subscribers"; $PAGE_NAME = "Manage Subscribers";
require_once __DIR__ . "/../includes/header.php"; require_once __DIR__ . "/../includes/header.php";
$request = get_request($db, $_GET['rid']); $request = get_request($db, $_GET['rid']);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); $is_authorised = if ($_SESSION['uuid'] == $request['created_by']) {return true} else {return false};
$all_users = get_all_users($db); $all_users = get_all_users($db);

4
app/public/view.php
View File

@@ -51,7 +51,9 @@
<p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p> <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
<p class="lead text-muted"><?php echo($request['description']); ?></p> <p class="lead text-muted"><?php echo($request['description']); ?></p>
<p> <p>
<a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a> <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
<a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
<?php } ?>
<?php if ($request['status'] != 'Closed') { ?> <?php if ($request['status'] != 'Closed') { ?>
<a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a> <a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
<a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a> <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a>