shift join right fuckup

1 files changed, 9 insertions, 2 deletions

diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index ff8cd8fe..c144733d 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -188,7 +188,11 @@ function user_shifts() {
       header("Location: " . page_link_to('user_shifts'));
     }
 
-    $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
+    if (in_array('user_shifts_admin', $privileges))
+      $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
+    else
+      $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL) LIMIT 1");
+
     if (count($type) == 0)
       header("Location: " . page_link_to('user_shifts'));
     $type = $type[0];
@@ -260,7 +264,10 @@ function view_user_shifts() {
   $ical_shifts = array ();
   $days = sql_select("SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` FROM `Shifts` ORDER BY `start`");
   $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`");
-  $types = sql_select("SELECT `id`, `name` FROM `AngelTypes`");
+  if (in_array('admin_shifts', $privileges))
+    $types = sql_select("SELECT `id`, `name` FROM `AngelTypes`");
+  else
+    $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL)");
   $filled = array (
     array (
       'id' => '1',