diff options
Diffstat (limited to 'includes/controller')
-rw-r--r-- | includes/controller/angeltypes_controller.php | 4 | ||||
-rw-r--r-- | includes/controller/shift_entries_controller.php | 20 |
2 files changed, 14 insertions, 10 deletions
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 7af05175..cd2aa3e4 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -118,6 +118,8 @@ function angeltype_edit_controller() { } $angeltype['restricted'] = isset($_REQUEST['restricted']); + $angeltype['no_self_signup'] = isset($_REQUEST['no_self_signup']); + $angeltype['requires_driver_license'] = isset($_REQUEST['requires_driver_license']); } @@ -192,6 +194,8 @@ function angeltypes_list_controller() { } $angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : ''; + $angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share'); + $angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>'; $angeltype['actions'] = table_buttons($actions); diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 1b1a4d02..dde23bb9 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -36,12 +36,19 @@ function shift_entry_add_controller() { } else { $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); } - + + if (count($type) == 0) { redirect(page_link_to('user_shifts')); } $type = $type[0]; - + + if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && in_array('user_shifts_admin', $privileges)) { + $user_id = $_REQUEST['user_id']; + } else { + $user_id = $user['UID']; + } + $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type); if (! $shift_signup_allowed->isSignupAllowed()) { error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running.")); @@ -51,12 +58,7 @@ function shift_entry_add_controller() { if (isset($_REQUEST['submit'])) { $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges)) { - if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id'])) { - $user_id = $_REQUEST['user_id']; - } else { - $user_id = $user['UID']; - } - + if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) { redirect(page_link_to('user_shifts')); } @@ -64,8 +66,6 @@ function shift_entry_add_controller() { if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) { $selected_type_id = $_REQUEST['angeltype_id']; } - } else { - $user_id = $user['UID']; } if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) { |