summaryrefslogtreecommitdiffstats
path: root/application/modules/user/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'application/modules/user/controllers')
-rw-r--r--application/modules/user/controllers/GroupController.php11
1 files changed, 6 insertions, 5 deletions
diff --git a/application/modules/user/controllers/GroupController.php b/application/modules/user/controllers/GroupController.php
index 9a5380a..a2434d2 100644
--- a/application/modules/user/controllers/GroupController.php
+++ b/application/modules/user/controllers/GroupController.php
@@ -154,9 +154,8 @@ class User_GroupController extends Zend_Controller_Action
public function editAction()
{
// ACL edit a group
- // TODO: THERE IS NO RIGHT TO EDIT A GROUP
- #if(!Pbs_Acl::checkRight(''))
- # $this->_redirect('/user');
+ if(!Pbs_Acl::checkRight('geo') && !Pbs_Acl::checkRight('geo'))
+ $this->_redirect('/user');
$groupID = $this->_request->getParam('groupID');
if(!isset($groupID)) {
@@ -168,6 +167,8 @@ class User_GroupController extends Zend_Controller_Action
$this->_helper->redirector('add', 'group');
return;
}
+ if((!Pbs_Acl::checkRight('geo') && $groupID == $this->membership->getGroupID()) || ( !Pbs_Acl::checkRight('ge') && $groupID != $this->membership->getGroupID() ))
+ $this->_redirect('/user/group/index/page/'.$this->page.'/deleteresult/forbidden');
if (!isset($_POST["save"])){
$group = $this->groupMapper->find($groupID);
$_POST['title'] = $group->getTitle();
@@ -175,9 +176,9 @@ class User_GroupController extends Zend_Controller_Action
$editForm = new user_Form_GroupEdit(array('groupID' => $groupID));
} else {
$editForm = new user_Form_GroupEdit(array('groupID' => $groupID), $_POST);
- if ($editForm->isValid($_POST)) {
+ if ($editForm->isValid($_POST)) {
$group = new Application_Model_Group($_POST);
- $group->setID($groupID);
+ $group->setID($groupID);
try {
$this->groupMapper->save($group);
} catch(Zend_Exception $e)
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-02-27 20:05:00 +0100