Browse files

Merge pull request #16 from Sajaki/develop

check permission at object construction
  • Loading branch information...
2 parents aac3be6 + 1221c76 commit c9ccab94ac769ca3c53b41ec74c9da4abd317400 @Sajaki Sajaki committed Apr 14, 2012
Showing with 8 additions and 4 deletions.
  1. +8 −4 root/includes/bbdkp/raidplanner/rpraid.php
View
12 root/includes/bbdkp/raidplanner/rpraid.php
@@ -314,6 +314,9 @@ private function make_obj()
{
trigger_error( 'NOT_AUTHORISED' );
}
+ $this->checkauth_canedit();
+ $this->checkauth_candelete();
+ $this->checkauth_canadd();
// now go add raid properties
$this->event_type= $row['etype_id'];
@@ -2161,9 +2164,7 @@ private function checkauth_canedit()
}
}
-
}
-
}
/**
@@ -2183,9 +2184,12 @@ private function checkauth_candelete()
$this->auth_candelete = true;
// is raidleader trying to delete other raid ?
- if ( !( ($user->data['user_id'] == $this->poster) && $auth->acl_get('m_raidplanner_delete_other_users_raidplans') ))
+ if ($user->data['user_id'] != $this->poster)
{
- $this->auth_candelete = false;
+ if (! $auth->acl_get('m_raidplanner_delete_other_users_raidplans'))
+ {
+ $this->auth_candelete = false;
+ }
}
}

0 comments on commit c9ccab9

Please sign in to comment.