diff options
| author | jwacalex <aboehm@dompfaffenweg.de> | 2016-11-30 15:37:59 +0100 |
|---|---|---|
| committer | jwacalex <aboehm@dompfaffenweg.de> | 2016-11-30 15:53:47 +0100 |
| commit | f4f6dfefcbbd6b69e5baf0c82b91bfdce7472167 (patch) | |
| tree | dfd18da160f9357253b8afa2ee1fbdc99703b023 /includes/controller | |
| parent | 53e12065c76af4e5a0a2690e92e6724eed9f2895 (diff) | |
fixed broken logic in controller (cf. to mail to @msquare)
Diffstat (limited to 'includes/controller')
| -rw-r--r-- | includes/controller/shift_entries_controller.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 1b1a4d02..fae29875 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -36,12 +36,20 @@ function shift_entry_add_controller() { } else { $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); } - + + if (count($type) == 0) { redirect(page_link_to('user_shifts')); } $type = $type[0]; - + + if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && + in_array('user_shifts_admin', $privileges)) { + $user_id = $_REQUEST['user_id']; + } else { + $user_id = $user['UID']; + } + $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type); if (! $shift_signup_allowed->isSignupAllowed()) { error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running.")); |