diff options
| author | jwacalex <ich-bin@jwacalex.de> | 2017-04-11 17:25:34 +0200 |
|---|---|---|
| committer | jwacalex <ich-bin@jwacalex.de> | 2017-04-11 17:25:34 +0200 |
| commit | b6d394e982255132ef3727c8bd2b3dae0c5ec67d (patch) | |
| tree | b703b4a47806b1b1c068559543fd5cc562045599 /includes | |
| parent | 7bbfe69583200e5cf2def8757a5c7995d1cc6fa2 (diff) | |
first fix for #317. hidden rooms can be seen with admin_rooms priviledge
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/controller/rooms_controller.php | 8 | ||||
| -rw-r--r-- | includes/model/Room_model.php | 2 | ||||
| -rw-r--r-- | includes/sys_menu.php | 12 |
3 files changed, 17 insertions, 5 deletions
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index a79034fb..bba38bb5 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -16,8 +16,14 @@ function room_controller() { if (! in_array('view_rooms', $privileges)) { redirect(page_link_to()); } - + + $room = load_room(); + + if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) { + redirect(page_link_to()); + } + $all_shifts = Shifts_by_room($room); $days = []; foreach ($all_shifts as $shift) { diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php index 6b6e269e..14935de0 100644 --- a/includes/model/Room_model.php +++ b/includes/model/Room_model.php @@ -46,7 +46,7 @@ function Room_create($name, $from_frab, $public) { * @param $room_id RID */ function Room($room_id) { - $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "' AND `show` = 'Y'"); + $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "'"); if ($room_source === false) { return false; diff --git a/includes/sys_menu.php b/includes/sys_menu.php index e1a6a12e..cb90fb7b 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -154,8 +154,10 @@ function make_room_navigation($menu) { if (! in_array('view_rooms', $privileges)) { return $menu; } - - $rooms = Rooms(); + + //get a list of all rooms + $rooms = Rooms(true); + $room_menu = []; if (in_array('admin_rooms', $privileges)) { $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms")); @@ -164,7 +166,11 @@ function make_room_navigation($menu) { $room_menu[] = toolbar_item_divider(); } foreach ($rooms as $room) { - $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']); + if($room['show'] == 'Y' || // room is public + ($room['show'] != 'Y' && in_array('admin_rooms', $privileges)) // room is not public, but user can admin_rooms + ) { + $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']); + } } if (count($room_menu > 0)) { $menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu); |