INSERTINTO`Privileges`(`id`,`name`,`desc`)VALUES(NULL,'shiftentry_edit_angeltype_supporter','If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');
@ -31,25 +31,23 @@ function shift_entry_add_controller() {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
}
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
$type = AngelType($type_id);
} else {
} else {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));
error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));
@ -58,8 +56,8 @@ function shift_entry_add_controller() {
if (isset($_REQUEST['submit'])) {
if (isset($_REQUEST['submit'])) {
$selected_type_id = $type_id;
$selected_type_id = $type_id;
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
}
@ -106,7 +104,6 @@ function shift_entry_add_controller() {
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges)) {
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");