first fix for #317. hidden rooms can be seen with admin_rooms priviledge

This commit is contained in:
jwacalex 2017-04-11 17:25:34 +02:00
parent 7bbfe69583
commit b6d394e982
3 changed files with 17 additions and 5 deletions

View File

@ -16,8 +16,14 @@ function room_controller() {
if (! in_array('view_rooms', $privileges)) { if (! in_array('view_rooms', $privileges)) {
redirect(page_link_to()); redirect(page_link_to());
} }
$room = load_room(); $room = load_room();
if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) {
redirect(page_link_to());
}
$all_shifts = Shifts_by_room($room); $all_shifts = Shifts_by_room($room);
$days = []; $days = [];
foreach ($all_shifts as $shift) { foreach ($all_shifts as $shift) {

View File

@ -46,7 +46,7 @@ function Room_create($name, $from_frab, $public) {
* @param $room_id RID * @param $room_id RID
*/ */
function Room($room_id) { function Room($room_id) {
$room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "' AND `show` = 'Y'"); $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "'");
if ($room_source === false) { if ($room_source === false) {
return false; return false;

View File

@ -154,8 +154,10 @@ function make_room_navigation($menu) {
if (! in_array('view_rooms', $privileges)) { if (! in_array('view_rooms', $privileges)) {
return $menu; return $menu;
} }
$rooms = Rooms(); //get a list of all rooms
$rooms = Rooms(true);
$room_menu = []; $room_menu = [];
if (in_array('admin_rooms', $privileges)) { if (in_array('admin_rooms', $privileges)) {
$room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms")); $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms"));
@ -164,7 +166,11 @@ function make_room_navigation($menu) {
$room_menu[] = toolbar_item_divider(); $room_menu[] = toolbar_item_divider();
} }
foreach ($rooms as $room) { foreach ($rooms as $room) {
$room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']); if($room['show'] == 'Y' || // room is public
($room['show'] != 'Y' && in_array('admin_rooms', $privileges)) // room is not public, but user can admin_rooms
) {
$room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']);
}
} }
if (count($room_menu > 0)) { if (count($room_menu > 0)) {
$menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu); $menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu);