INSERTINTO`Privileges`(`id`,`name`,`desc`)VALUES(NULL,'shiftentry_edit_angeltype_supporter','If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');
@ -31,20 +31,18 @@ function shift_entry_add_controller() {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
}
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
$type = AngelType($type_id);
} else {
} else {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = $type[0];
}
}
if ($type == null) {
if (count($type) == 0) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
}
$type = $type[0];
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) &&
@ -58,7 +56,7 @@ function shift_entry_add_controller() {
if (isset($_REQUEST['submit'])) {
if (isset($_REQUEST['submit'])) {
$selected_type_id = $type_id;
$selected_type_id = $type_id;
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
@ -106,7 +104,6 @@ function shift_entry_add_controller() {
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges)) {
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");