From c1b11591a3009d74cec4a56610070e97883d9251 Mon Sep 17 00:00:00 2001
From: Björn Geiger
Date: Tue, 5 Apr 2011 13:44:19 +0200
Subject: Rights im Personen Controller eingeführt, verwalten von anderen
 Accounts nun auch möglich

---
 .../modules/user/controllers/AuthController.php        | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'application/modules/user/controllers/AuthController.php')

diff --git a/application/modules/user/controllers/AuthController.php b/application/modules/user/controllers/AuthController.php
index 7eccc98..8160104 100644
--- a/application/modules/user/controllers/AuthController.php
+++ b/application/modules/user/controllers/AuthController.php
@@ -2,9 +2,7 @@
 
 class User_AuthController extends Zend_Controller_Action
 {
-
 	protected $personmapper = null;
-
 	private $db = null;
 
 	public function init()
@@ -120,11 +118,19 @@ class User_AuthController extends Zend_Controller_Action
 
 	public function deleteAction()
 	{
+		if($this->_request->getParam('personID')) {
+			if(!Pbs_Acl::checkRight('peoa')) {
+				$this->_redirect('/user');
+			}
+			$personID = $this->_request->getParam('personID');
+		} else {
+			if(!Pbs_Acl::checkRight('pdo')) {
+				$this->_redirect('/user');
+			}
+			$userIDsNamespace = Zend_Session::namespaceGet('userIDs');
+			$personID = $userIDsNamespace['personID'];
+		}
 		if($_POST['confirmdelete']) {
-			$auth = Zend_Auth::getInstance();
-			$result = $this->personmapper->findBy(array('email' => $auth->getIdentity()),true);
-			$person = $result[0];
-			$personID = $person["personID"];
 			if (isset($personID)){
 				$this->personmapper = new Application_Model_PersonMapper();
 				$person = $this->personmapper->find($personID);
-- 
cgit v1.2.3-55-g7522