summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorjwacalex <ich-bin@jwacalex.de>2017-04-11 17:25:34 +0200
committerjwacalex <ich-bin@jwacalex.de>2017-04-11 17:25:34 +0200
commitb6d394e982255132ef3727c8bd2b3dae0c5ec67d (patch)
treeb703b4a47806b1b1c068559543fd5cc562045599 /includes
parent7bbfe69583200e5cf2def8757a5c7995d1cc6fa2 (diff)
first fix for #317. hidden rooms can be seen with admin_rooms priviledge
Diffstat (limited to 'includes')
-rw-r--r--includes/controller/rooms_controller.php8
-rw-r--r--includes/model/Room_model.php2
-rw-r--r--includes/sys_menu.php12
3 files changed, 17 insertions, 5 deletions
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php
index a79034fb..bba38bb5 100644
--- a/includes/controller/rooms_controller.php
+++ b/includes/controller/rooms_controller.php
@@ -16,8 +16,14 @@ function room_controller() {
if (! in_array('view_rooms', $privileges)) {
redirect(page_link_to());
}
-
+
+
$room = load_room();
+
+ if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) {
+ redirect(page_link_to());
+ }
+
$all_shifts = Shifts_by_room($room);
$days = [];
foreach ($all_shifts as $shift) {
diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php
index 6b6e269e..14935de0 100644
--- a/includes/model/Room_model.php
+++ b/includes/model/Room_model.php
@@ -46,7 +46,7 @@ function Room_create($name, $from_frab, $public) {
* @param $room_id RID
*/
function Room($room_id) {
- $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "' AND `show` = 'Y'");
+ $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "'");
if ($room_source === false) {
return false;
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index e1a6a12e..cb90fb7b 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -154,8 +154,10 @@ function make_room_navigation($menu) {
if (! in_array('view_rooms', $privileges)) {
return $menu;
}
-
- $rooms = Rooms();
+
+ //get a list of all rooms
+ $rooms = Rooms(true);
+
$room_menu = [];
if (in_array('admin_rooms', $privileges)) {
$room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms"));
@@ -164,7 +166,11 @@ function make_room_navigation($menu) {
$room_menu[] = toolbar_item_divider();
}
foreach ($rooms as $room) {
- $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']);
+ if($room['show'] == 'Y' || // room is public
+ ($room['show'] != 'Y' && in_array('admin_rooms', $privileges)) // room is not public, but user can admin_rooms
+ ) {
+ $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']);
+ }
}
if (count($room_menu > 0)) {
$menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu);