[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [10965] property: ticket - check for order-rights
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [10965] property: ticket - check for order-rights |
Date: |
Tue, 05 Mar 2013 10:05:33 +0000 |
Revision: 10965
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=10965
Author: sigurdne
Date: 2013-03-05 10:05:32 +0000 (Tue, 05 Mar 2013)
Log Message:
-----------
property: ticket - check for order-rights
Modified Paths:
--------------
trunk/property/inc/class.sotts.inc.php
Modified: trunk/property/inc/class.sotts.inc.php
===================================================================
--- trunk/property/inc/class.sotts.inc.php 2013-03-04 22:03:30 UTC (rev
10964)
+++ trunk/property/inc/class.sotts.inc.php 2013-03-05 10:05:32 UTC (rev
10965)
@@ -1357,7 +1357,7 @@
}
}
- $value_set =
array();
+ $value_set = array();
$data_attribute =
$this->custom->prepare_for_db('fm_tts_tickets', $values_attribute);
@@ -1370,14 +1370,24 @@
}
$value_set['modified_date'] = time();
- $value_set['vendor_id'] = $ticket['vendor_id'];
- $value_set['b_account_id'] =
$ticket['b_account_id'];
- $value_set['order_descr'] =
$this->db->db_addslashes($ticket['order_descr']);
- $value_set['ecodimb'] = $ticket['ecodimb'];
- $value_set['budget'] = $ticket['budget'];
- $value_set['branch_id'] = $ticket['branch_id'];
- $value_set =
$this->db->validate_update($value_set);
+
+ // check order-rights
+
+ $order_add =
$GLOBALS['phpgw']->acl->check('.ticket.order', PHPGW_ACL_ADD, 'property');
+ $order_edit =
$GLOBALS['phpgw']->acl->check('.ticket.order', PHPGW_ACL_EDIT, 'property');
+
+ if($order_add || $order_edit)
+ {
+ $value_set['vendor_id'] =
$ticket['vendor_id'];
+ $value_set['b_account_id'] =
$ticket['b_account_id'];
+ $value_set['order_descr'] =
$this->db->db_addslashes($ticket['order_descr']);
+ $value_set['ecodimb'] =
$ticket['ecodimb'];
+ $value_set['budget'] =
$ticket['budget'];
+ $value_set['branch_id'] =
$ticket['branch_id'];
+ }
+
+ $value_set =
$this->db->validate_update($value_set);
$this->db->query("UPDATE fm_tts_tickets SET $value_set
WHERE id={$id}",__LINE__,__FILE__);
$this->db->transaction_commit();
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [10965] property: ticket - check for order-rights,
Sigurd Nes <=