summaryrefslogtreecommitdiffstats
path: root/modules-available/news
diff options
context:
space:
mode:
authorChristian Hofmaier2017-11-23 14:44:30 +0100
committerChristian Hofmaier2017-11-23 14:44:30 +0100
commit2db1db0743f02091cb8a31c4ecbaa8e6fee1cc6d (patch)
tree436a61420a70d0e7695c841110cdbb3963b918aa /modules-available/news
parentMerge branch 'permission-manager' of git.openslx.org:openslx-ng/slx-admin int... (diff)
downloadslx-admin-2db1db0743f02091cb8a31c4ecbaa8e6fee1cc6d.tar.gz
slx-admin-2db1db0743f02091cb8a31c4ecbaa8e6fee1cc6d.tar.xz
slx-admin-2db1db0743f02091cb8a31c4ecbaa8e6fee1cc6d.zip
[news] reworked permission system from "click and you get error" to "button is disabled due to lack of permission" (this time with double check on permissions)
Diffstat (limited to 'modules-available/news')
-rw-r--r--modules-available/news/page.inc.php40
1 files changed, 24 insertions, 16 deletions
diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php
index 920b9861..5ad79b0e 100644
--- a/modules-available/news/page.inc.php
+++ b/modules-available/news/page.inc.php
@@ -64,20 +64,24 @@ class Page_News extends Page
$pageType = Request::post('news-type');
if ($pageType == 'news') {
- if (!$this->saveNews()) {
- // re-set the fields we got
- Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false;
- Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false;
- } else {
- Message::addSuccess('news-save-success');
- $lastId = Database::lastInsertId();
- Util::redirect("?do=News&newsid=$lastId");
+ if (User::hasPermission("news.save")) {
+ if (!$this->saveNews()) {
+ // re-set the fields we got
+ Request::post('news-title') ? $this->newsTitle = Request::post('news-title') : $this->newsTitle = false;
+ Request::post('news-content') ? $this->newsContent = Request::post('news-content') : $this->newsContent = false;
+ } else {
+ Message::addSuccess('news-save-success');
+ $lastId = Database::lastInsertId();
+ Util::redirect("?do=News&newsid=$lastId");
+ }
}
} elseif ($pageType == 'help') {
- if ($this->saveHelp()) {
- Message::addSuccess('help-save-success');
- $lastId = Database::lastInsertId();
- Util::redirect("?do=News&newsid=$lastId");
+ if (User::hasPermission("help.save")) {
+ if ($this->saveHelp()) {
+ Message::addSuccess('help-save-success');
+ $lastId = Database::lastInsertId();
+ Util::redirect("?do=News&newsid=$lastId");
+ }
}
}
} elseif ($action === 'delete') {
@@ -85,11 +89,15 @@ class Page_News extends Page
$pageType = Request::post('news-type');
if ($pageType == 'news') {
- $this->delNews(Request::post('newsid'));
- Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
+ if(User::hasPermission("news.delete")) {
+ $this->delNews(Request::post('newsid'));
+ Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
+ }
} elseif ($pageType == 'help') {
- $this->delNews(Request::post('newsid'));
- Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
+ if(User::hasPermission("help.delete")) {
+ $this->delNews(Request::post('newsid'));
+ Util::redirect('?do=News&editHelp='.Request::any('editHelp'));
+ }
}
} else {
// unknown action, redirect user
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-06 13:14:58 +0200