fixed broken logic in controller (cf. to mail to @msquare)

This commit is contained in:
jwacalex 2016-11-30 15:37:59 +01:00
parent 53e12065c7
commit f4f6dfefcb
1 changed files with 10 additions and 2 deletions

View File

@ -37,11 +37,19 @@ function shift_entry_add_controller() {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
} }
if (count($type) == 0) { if (count($type) == 0) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
$type = $type[0]; $type = $type[0];
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) &&
in_array('user_shifts_admin', $privileges)) {
$user_id = $_REQUEST['user_id'];
} else {
$user_id = $user['UID'];
}
$shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type); $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type);
if (! $shift_signup_allowed->isSignupAllowed()) { if (! $shift_signup_allowed->isSignupAllowed()) {
error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running.")); error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));