Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix: unprivileged user can add applications/leases to a applicant
  • Loading branch information
Ahmad Gneady committed Jul 3, 2021
1 parent 5d3fa4e commit e7100fd
Showing 1 changed file with 54 additions and 50 deletions.
104 changes: 54 additions & 50 deletions app/hooks/applications_leases.php
@@ -1,10 +1,10 @@
<?php
// For help on using hooks, please refer to http://bigprof.com/appgini/help/working-with-generated-web-database-application/hooks

function applications_leases_init(&$options, $memberInfo, &$args){
/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
$options->FilterPage = 'hooks/applications_leases_filter.php';
/* End of Search Page Maker for AppGini code */
function applications_leases_init(&$options, $memberInfo, &$args){
/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
$options->FilterPage = 'hooks/applications_leases_filter.php';
/* End of Search Page Maker for AppGini code */


return TRUE;
Expand Down Expand Up @@ -75,6 +75,8 @@ function applications_leases_footer($contentType, $memberInfo, &$args){
}

function applications_leases_before_insert(&$data, $memberInfo, &$args){
// can current user view this parent?
if(!check_record_permission('applicants_and_tenants', $data['tenants'])) return false;

return TRUE;
}
Expand All @@ -85,6 +87,8 @@ function applications_leases_after_insert($data, $memberInfo, &$args){
}

function applications_leases_before_update(&$data, $memberInfo, &$args){
// can current user view this parent?
if(!check_record_permission('applicants_and_tenants', $data['tenants'])) return false;

return TRUE;
}
Expand All @@ -111,52 +115,52 @@ function applications_leases_csv($query, $memberInfo, &$args){

return $query;
}
function applications_leases_batch_actions(&$args){
/* Inserted by Mass Update on 2020-11-19 11:55:55 */

/*
* Q: How do I return other custom batch commands not defined in mass_update plugin?
*
* A: Define your commands ABOVE the 'Inserted by Mass Update' comment above
* in an array named $custom_actions_top to display them above the commands
* created by the mass_update plugin.
*
* You can also define commands in an array named $custom_actions_bottom
* (also ABOVE the 'Inserted by Mass Update' comment block) to display them
* below the commands created by the mass_update plugin.
*
*/

if(!isset($custom_actions_top) || !is_array($custom_actions_top))
$custom_actions_top = array();

if(!isset($custom_actions_bottom) || !is_array($custom_actions_bottom))
$custom_actions_bottom = array();

$command = array(
'ghqe4agakj7de10gc0ba' => array(
'title' => "Approve application",
'function' => 'massUpdateCommand_ghqe4agakj7de10gc0ba',
'icon' => 'ok'
),
);

$mi = getMemberInfo();
switch($mi['group']) {
default:
/* for all other logged users, enable the following commands */
if($mi['username'] && $mi['username'] != 'guest')
return array_merge(
$custom_actions_top,
array(
$command['ghqe4agakj7de10gc0ba']
),
$custom_actions_bottom
);
}


/* End of Mass Update code */
function applications_leases_batch_actions(&$args){
/* Inserted by Mass Update on 2020-11-19 11:55:55 */

/*
* Q: How do I return other custom batch commands not defined in mass_update plugin?
*
* A: Define your commands ABOVE the 'Inserted by Mass Update' comment above
* in an array named $custom_actions_top to display them above the commands
* created by the mass_update plugin.
*
* You can also define commands in an array named $custom_actions_bottom
* (also ABOVE the 'Inserted by Mass Update' comment block) to display them
* below the commands created by the mass_update plugin.
*
*/

if(!isset($custom_actions_top) || !is_array($custom_actions_top))
$custom_actions_top = array();

if(!isset($custom_actions_bottom) || !is_array($custom_actions_bottom))
$custom_actions_bottom = array();

$command = array(
'ghqe4agakj7de10gc0ba' => array(
'title' => "Approve application",
'function' => 'massUpdateCommand_ghqe4agakj7de10gc0ba',
'icon' => 'ok'
),
);

$mi = getMemberInfo();
switch($mi['group']) {
default:
/* for all other logged users, enable the following commands */
if($mi['username'] && $mi['username'] != 'guest')
return array_merge(
$custom_actions_top,
array(
$command['ghqe4agakj7de10gc0ba']
),
$custom_actions_bottom
);
}


/* End of Mass Update code */


return array();
Expand Down

0 comments on commit e7100fd

Please sign in to comment.