@@ -32,9 +32,16 @@ class addressController extends expController {
3232 );
3333 protected $ manage_permissions = array (
3434// 'import' => 'Import External Addresses',
35- 'process ' => 'Import External Addresses '
35+ 'process ' => 'Import External Addresses ' ,
36+ 'edit_country ' => 'Edit Country ' ,
37+ 'delete_country ' => 'Delete Country ' ,
38+ 'update_country ' => 'Update Country ' ,
39+ 'edit_region ' => 'Edit Region ' ,
40+ 'delete_region ' => 'Delete Region ' ,
41+ 'update_region ' => 'Update Region ' ,
3642 );
3743 public $ requires_login = array (
44+ 'edit ' =>'You must be logged in to perform this action ' ,
3845 'myaddressbook ' =>'You must be logged in to perform this action ' ,
3946 );
4047 public $ remove_configs = array (
@@ -65,8 +72,18 @@ function showall() {
6572
6673 public function edit ()
6774 {
68- if ((isset ($ this ->params ['id ' ]))) $ record = new address (intval ($ this ->params ['id ' ]));
69- else $ record = null ;
75+ global $ user ;
76+
77+ $ id = !empty ($ this ->params ['id ' ]) ? $ this ->params ['id ' ] : null ;
78+
79+ // check to see if we should be editing. You either need to be an admin, or editing own account.
80+ if ($ user ->isAdmin () || ($ user ->id == $ id )) {
81+ $ record = new address ($ id );
82+ } else {
83+ flash ('error ' , gt ('You do not have the proper permissions to edit this address ' ));
84+ expHistory::back ();
85+ }
86+
7087 $ config = ecomconfig::getConfig ('address_allow_admins_all ' );
7188 assign_to_template (array (
7289 'record ' =>$ record ,
@@ -83,7 +100,7 @@ public function myaddressbook() {
83100 global $ user ;
84101
85102 // check if the user is logged in.
86- expQueue::flashIfNotLoggedIn ('message ' ,gt ('You must be logged in to manage your address book. ' ));
103+ expQueue::flashIfNotLoggedIn ('message ' ,gt ('You must be logged in to manage your address book. ' )); //fixme is this redundant to common routine?
87104 if (!$ user ->isAdmin () && $ this ->params ['user_id ' ] != $ user ->id ) {
88105 unset($ this ->params ['user_id ' ]);
89106 }
0 commit comments