kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

Fix sign-up to shifts by supporter

Browse Source 
Any user with the `shiftentry_edit_angeltype_supporter` privilege was
able to sign up any users of the correct angeltype to any shift that
they could sign up themselves because the shift entry controller only
checks for the global privilege an not the fact that the user is indeed
supporter for the angeltype in question.
main
MichiK 7 years ago
parent f2972af591
commit 32d14f493b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
includes/controller/shift_entries_controller.php
Unescape Escape View File

@ -194,7 +194,7 @@ function shift_entry_add_controller()
$angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes[$angeltype['id']] = $angeltype['name'];
} }
$angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']); $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
} elseif (in_array('shiftentry_edit_angeltype_supporter', $privileges)) { } elseif (in_array('shiftentry_edit_angeltype_supporter', $privileges) && User_is_AngelType_supporter($user, $type)) {
$users = Users_by_angeltype($type); $users = Users_by_angeltype($type);
$users_select = []; $users_select = [];
foreach ($users as $usr) { foreach ($users as $usr) {

Write Preview
Loading…
Cancel
Save