From aadf3feb7b8090796a4dd083c90a5bc4893c8faf Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sun, 4 Mar 2018 16:42:05 +0100
Subject: [statistics] Refine permissions, add some new ones

---
 modules-available/statistics/pages/projectors.inc.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'modules-available/statistics/pages/projectors.inc.php')

diff --git a/modules-available/statistics/pages/projectors.inc.php b/modules-available/statistics/pages/projectors.inc.php
index cde542c6..cdd0195e 100644
--- a/modules-available/statistics/pages/projectors.inc.php
+++ b/modules-available/statistics/pages/projectors.inc.php
@@ -13,6 +13,7 @@ class SubPage
 
 	private static function handleProjector($action)
 	{
+		User::assertPermission('hardware.projectors.edit');
 		$hwid = Request::post('hwid', false, 'int');
 		if ($hwid === false) {
 			Util::traceError('Param hwid missing');
@@ -43,6 +44,7 @@ class SubPage
 
 	private static function showProjectors()
 	{
+		User::assertPermission('hardware.projectors.*');
 		$res = Database::simpleQuery('SELECT h.hwname, h.hwid FROM statistic_hw h'
 			. " INNER JOIN statistic_hw_prop p ON (h.hwid = p.hwid AND p.prop = :projector)"
 			. " WHERE h.hwtype = :screen ORDER BY h.hwname ASC", array(
-- 
cgit v1.2.3-55-g7522


From 7e4f8d32e81d3c0260600ea00bfc3f9d9a794103 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 22 Mar 2018 17:23:56 +0100
Subject: [statistics] Don't error out when adding already existent projector

---
 modules-available/statistics/pages/projectors.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules-available/statistics/pages/projectors.inc.php')

diff --git a/modules-available/statistics/pages/projectors.inc.php b/modules-available/statistics/pages/projectors.inc.php
index cdd0195e..cc808cf0 100644
--- a/modules-available/statistics/pages/projectors.inc.php
+++ b/modules-available/statistics/pages/projectors.inc.php
@@ -19,7 +19,7 @@ class SubPage
 			Util::traceError('Param hwid missing');
 		}
 		if ($action === 'addprojector') {
-			Database::exec('INSERT INTO statistic_hw_prop (hwid, prop, value)'
+			Database::exec('INSERT IGNORE INTO statistic_hw_prop (hwid, prop, value)'
 				. ' VALUES (:hwid, :prop, :value)', array(
 				'hwid' => $hwid,
 				'prop' => 'projector',
-- 
cgit v1.2.3-55-g7522