summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2018-02-15 13:25:21 +0100
committerSimon Rettberg2018-02-15 13:25:21 +0100
commit07a08b9f7dc69c86c8c1c787c1e471c77ae3228d (patch)
treeaadc0ff256391e633ad02d62dbcbc305f6d2e62a
parent[inc/User] getAllowedLocations(): Support cross-module checking (diff)
downloadslx-admin-07a08b9f7dc69c86c8c1c787c1e471c77ae3228d.tar.gz
slx-admin-07a08b9f7dc69c86c8c1c787c1e471c77ae3228d.tar.xz
slx-admin-07a08b9f7dc69c86c8c1c787c1e471c77ae3228d.zip
[statistics_reporting] Fix permission check
-rw-r--r--modules-available/statistics_reporting/page.inc.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php
index b30b5cab..af4b2b12 100644
--- a/modules-available/statistics_reporting/page.inc.php
+++ b/modules-available/statistics_reporting/page.inc.php
@@ -283,6 +283,7 @@ class Page_Statistics_Reporting extends Page
private function fetchData($flags)
{
+ // TODO: Make all modes location-aware, filter while querying, not after
switch ($this->type) {
case 'total':
return GetData::total($flags);
@@ -309,7 +310,7 @@ class Page_Statistics_Reporting extends Page
case 'client':
$data = GetData::perClient($flags, Request::any('new', false, 'string'));
// only show clients from locations which you have permission for
- $filterLocs = User::getAllowedLocations("table.view.location");
+ $filterLocs = User::getAllowedLocations("table.view.client");
foreach ($data as $key => $row) {
if (!in_array($row['locationid'], $filterLocs)) {
unset($data[$key]);