From 99c7e8ce1a668f567afed2a40d994961b2da0578 Mon Sep 17 00:00:00 2001 From: msquare Date: Sat, 24 Dec 2016 17:29:12 +0100 Subject: fixes #298 allow a shift supporter to remove a user from shift --- includes/controller/shift_entries_controller.php | 14 +++++++------- includes/model/NeededAngelTypes_model.php | 2 +- includes/view/Shifts_view.php | 21 ++++++++++++++------- 3 files changed, 22 insertions(+), 15 deletions(-) (limited to 'includes') diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 58053cb3..04983637 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -145,11 +145,7 @@ function shift_entry_add_controller() { * Remove somebody from a shift. */ function shift_entry_delete_controller() { - global $privileges; - - if (! in_array('user_shifts_admin', $privileges)) { - redirect(page_link_to('user_shifts')); - } + global $privileges, $user; if (! isset($_REQUEST['entry_id']) || ! test_request_int('entry_id')) { redirect(page_link_to('user_shifts')); @@ -157,7 +153,7 @@ function shift_entry_delete_controller() { $entry_id = $_REQUEST['entry_id']; $shift_entry_source = sql_select(" - SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` + SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type`, `AngelTypes`.`id` as `angeltype_id` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) @@ -168,6 +164,10 @@ function shift_entry_delete_controller() { if (count($shift_entry_source) > 0) { $shift_entry_source = $shift_entry_source[0]; + if (!in_array('user_shifts_admin', $privileges) && (!in_array('shiftentry_edit_angeltype_supporter', $privileges) || !User_is_AngelType_supporter($user, AngelType($shift_entry_source['angeltype_id'])))) { + redirect(page_link_to('user_shifts')); + } + $result = ShiftEntry_delete($entry_id); if ($result === false) { engelsystem_error('Unable to delete shift entry.'); @@ -178,7 +178,7 @@ function shift_entry_delete_controller() { } else { error(_("Entry not found.")); } - redirect(page_link_to('user_shifts')); + redirect(shift_link($shift_entry_source)); } ?> \ No newline at end of file diff --git a/includes/model/NeededAngelTypes_model.php b/includes/model/NeededAngelTypes_model.php index ba24c6bd..e04ef8b8 100644 --- a/includes/model/NeededAngelTypes_model.php +++ b/includes/model/NeededAngelTypes_model.php @@ -57,7 +57,7 @@ function NeededAngelTypes_delete_by_room($room_id) { */ function NeededAngelTypes_by_shift($shiftId) { $needed_angeltypes_source = sql_select(" - SELECT `NeededAngelTypes`.*, `AngelTypes`.`id`, `AngelTypes`.`name`, `AngelTypes`.`restricted` + SELECT `NeededAngelTypes`.*, `AngelTypes`.`id`, `AngelTypes`.`name`, `AngelTypes`.`restricted`, `AngelTypes`.`no_self_signup` FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` WHERE `shift_id`='" . sql_escape($shiftId) . "' diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php index fbd71d54..bd4f19c3 100644 --- a/includes/view/Shifts_view.php +++ b/includes/view/Shifts_view.php @@ -99,6 +99,11 @@ function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupSt } function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shift, $user_shift_admin) { + global $user; + + $angeltype = $angeltypes[$needed_angeltype['TID']]; + $angeltype_supporter = User_is_AngelType_supporter($user, $angeltype); + $needed_angels = ''; $class = 'progress-bar-warning'; @@ -110,17 +115,17 @@ function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shi } $needed_angels .= '
'; - $needed_angels .= '
' . Shift_signup_button_render($shift, $angeltypes[$needed_angeltype['TID']]) . '
'; + $needed_angels .= '
' . Shift_signup_button_render($shift, $angeltype) . '
'; - $needed_angels .= '

' . AngelType_name_render($angeltypes[$needed_angeltype['TID']]) . '

'; - $bar_max = max($needed_angeltype['count']*10, $needed_angeltype['taken']*10, 10); + $needed_angels .= '

' . AngelType_name_render($angeltype) . '

'; + $bar_max = max($needed_angeltype['count'] * 10, $needed_angeltype['taken'] * 10, 10); $bar_value = max(1, $needed_angeltype['taken'] * 10); $needed_angels .= progress_bar(0, $bar_max, $bar_value, $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']); $angels = []; foreach ($shift['ShiftEntry'] as $shift_entry) { if ($shift_entry['TID'] == $needed_angeltype['TID']) { - $angels[] = Shift_view_render_shift_entry($shift_entry, $user_shift_admin); + $angels[] = Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angeltype_supporter); } } @@ -130,14 +135,16 @@ function Shift_view_render_needed_angeltype($needed_angeltype, $angeltypes, $shi return $needed_angels; } -function Shift_view_render_shift_entry($shift_entry, $user_shift_admin) { +function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angeltype_supporter) { $entry = User_Nick_render(User($shift_entry['UID'])); if ($shift_entry['freeloaded']) { $entry = '' . $entry . ''; } - if ($user_shift_admin) { + if ($user_shift_admin || $angeltype_supporter) { $entry .= '
'; - $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); + if ($user_shift_admin) { + $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); + } $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); $entry .= '
'; } -- cgit v1.2.3-54-g00ecf