fixes #298 allow a shift supporter to remove a user from shift

3 files changed, 22 insertions, 15 deletions

diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index 58053cb3..04983637 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -145,11 +145,7 @@ function shift_entry_add_controller() {
  * Remove somebody from a shift.
  */
 function shift_entry_delete_controller() {
-  global $privileges;
-  
-  if (! in_array('user_shifts_admin', $privileges)) {
-    redirect(page_link_to('user_shifts'));
-  }
+  global $privileges, $user;
   
   if (! isset($_REQUEST['entry_id']) || ! test_request_int('entry_id')) {
     redirect(page_link_to('user_shifts'));
@@ -157,7 +153,7 @@ function shift_entry_delete_controller() {
   $entry_id = $_REQUEST['entry_id'];
   
   $shift_entry_source = sql_select("
-        SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type`
+        SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type`, `AngelTypes`.`id` as `angeltype_id`
         FROM `ShiftEntry`
         JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`)
         JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)
@@ -168,6 +164,10 @@ function shift_entry_delete_controller() {
   if (count($shift_entry_source) > 0) {
     $shift_entry_source = $shift_entry_source[0];
     
+    if (!in_array('user_shifts_admin', $privileges) && (!in_array('shiftentry_edit_angeltype_supporter', $privileges) || !User_is_AngelType_supporter($user, AngelType($shift_entry_source['angeltype_id'])))) {
+      redirect(page_link_to('user_shifts'));
+    }
+    
     $result = ShiftEntry_delete($entry_id);
     if ($result === false) {
       engelsystem_error('Unable to delete shift entry.');
@@ -178,7 +178,7 @@ function shift_entry_delete_controller() {
   } else {
     error(_("Entry not found."));
   }
-  redirect(page_link_to('user_shifts'));
+  redirect(shift_link($shift_entry_source));
 }
 
 ?>
\ No newline at end of file
diff --git a/includes/model/NeededAngelTypes_model.php b/includes/model/NeededAngelTypes_model.php
index ba24c6bd..e04ef8b8 100644
--- a/includes/model/NeededAngelTypes_model.php
+++ b/includes/model/NeededAngelTypes_model.php
@@ -57,7 +57,7 @@ function NeededAngelTypes_delete_by_room($room_id) {
  */
 function NeededAngelTypes_by_shift($shiftId) {
   $needed_angeltypes_source = sql_select("
-        SELECT `NeededAngelTypes`.*, `AngelTypes`.`id`, `AngelTypes`.`name`, `AngelTypes`.`restricted`
+        SELECT `NeededAngelTypes`.*, `AngelTypes`.`id`, `AngelTypes`.`name`, `AngelTypes`.`restricted`, `AngelTypes`.`no_self_signup`
         FROM `NeededAngelTypes`
         JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id`
         WHERE `shift_id`='" . sql_escape($shiftId) . "'
diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php
index fbd71d54..bd4f19c3 100644
--- a/includes/view/Shifts_view.php
+++ b/includes/view/Shifts_view.php
@@ -99,6 +99,11 @@ function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupSt
 }
 
 function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shift, $user_shift_admin) {
+  global $user;
+  
+  $angeltype = $angeltypes[$needed_angeltype['TID']];
+  $angeltype_supporter = User_is_AngelType_supporter($user, $angeltype);
+  
   $needed_angels = '';
   
   $class = 'progress-bar-warning';
@@ -110,17 +115,17 @@ function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shi
   }
   $needed_angels .= '<div class="list-group-item">';
   
-  $needed_angels .= '<div class="pull-right">' . Shift_signup_button_render($shift, $angeltypes[$needed_angeltype['TID']]) . '</div>';
+  $needed_angels .= '<div class="pull-right">' . Shift_signup_button_render($shift, $angeltype) . '</div>';
   
-  $needed_angels .= '<h3>' . AngelType_name_render($angeltypes[$needed_angeltype['TID']]) . '</h3>';
-  $bar_max = max($needed_angeltype['count']*10, $needed_angeltype['taken']*10, 10);
+  $needed_angels .= '<h3>' . AngelType_name_render($angeltype) . '</h3>';
+  $bar_max = max($needed_angeltype['count'] * 10, $needed_angeltype['taken'] * 10, 10);
   $bar_value = max(1, $needed_angeltype['taken'] * 10);
   $needed_angels .= progress_bar(0, $bar_max, $bar_value, $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']);
   
   $angels = [];
   foreach ($shift['ShiftEntry'] as $shift_entry) {
     if ($shift_entry['TID'] == $needed_angeltype['TID']) {
-      $angels[] = Shift_view_render_shift_entry($shift_entry, $user_shift_admin);
+      $angels[] = Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angeltype_supporter);
     }
   }
   
@@ -130,14 +135,16 @@ function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shi
   return $needed_angels;
 }
 
-function Shift_view_render_shift_entry($shift_entry, $user_shift_admin) {
+function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angeltype_supporter) {
   $entry = User_Nick_render(User($shift_entry['UID']));
   if ($shift_entry['freeloaded']) {
     $entry = '<strike>' . $entry . '</strike>';
   }
-  if ($user_shift_admin) {
+  if ($user_shift_admin || $angeltype_supporter) {
     $entry .= ' <div class="btn-group">';
-    $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs');
+    if ($user_shift_admin) {
+      $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs');
+    }
     $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs');
     $entry .= '</div>';
   }