created helper methods to check access
这个提交包含在:
Thomas Werzmirzowsky
父节点
9ed56e7211
当前提交
61b41df1d9
共有 3 个文件被更改,包括 39 次插入 和 28 次删除
|
|
@ -459,6 +459,7 @@ class Logbook_model extends CI_Model {
|
|||
/* Edit QSO */
|
||||
function edit() {
|
||||
$entity = $this->get_entity($this->input->post('dxcc_id'));
|
||||
$stationId = $this->input->post('station_profile');
|
||||
$country = $entity['name'];
|
||||
|
||||
$mode = $this->get_main_mode_if_submode($this->input->post('mode'));
|
||||
|
|
@ -539,7 +540,7 @@ class Logbook_model extends CI_Model {
|
|||
'COL_SRX' => $srx_string,
|
||||
'COL_CONTEST_ID' => $this->input->post('contest_name'),
|
||||
'COL_QSL_VIA' => $this->input->post('qsl_via_callsign'),
|
||||
'station_id' => $this->input->post('station_profile'),
|
||||
'station_id' => $stationId,
|
||||
'COL_OPERATOR' => $this->input->post('operator_callsign'),
|
||||
'COL_STATE' =>$this->input->post('usa_state'),
|
||||
'COL_CNTY' => $uscounty
|
||||
|
|
|
|||
|
|
@ -51,10 +51,7 @@ class Logbooks_model extends CI_Model {
|
|||
$cleanId = xss_clean($id);
|
||||
|
||||
// be sure that logbook belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('logbook_id', $cleanId);
|
||||
$query = $this->db->get('station_logbooks');
|
||||
if ($query->num_rows() != 1) {
|
||||
if (!$this->check_logbook_is_accessible($cleanId)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -83,18 +80,14 @@ class Logbooks_model extends CI_Model {
|
|||
$clean_location_id = $this->security->xss_clean($location_id);
|
||||
|
||||
// be sure that logbook belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('logbook_id', $clean_logbook_id);
|
||||
$query = $this->db->get('station_logbooks');
|
||||
if ($query->num_rows() != 1) {
|
||||
if (!$this->check_logbook_is_accessible($clean_logbook_id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// be sure that station belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('station_id', $clean_location_id);
|
||||
$query = $this->db->get('station_profile');
|
||||
if ($query->num_rows() != 1) {
|
||||
$CI =& get_instance();
|
||||
$CI->load->model('Stations');
|
||||
if (!$CI->Stations->check_station_is_accessible($clean_location_id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -171,25 +164,32 @@ class Logbooks_model extends CI_Model {
|
|||
$clean_station_id = $this->security->xss_clean($station_id);
|
||||
|
||||
// be sure that logbook belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('logbook_id', $clean_logbook_id);
|
||||
$query = $this->db->get('station_logbooks');
|
||||
if ($query->num_rows() != 1) {
|
||||
if (!$this->check_logbook_is_accessible($clean_logbook_id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// be sure that station belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('station_id', $clean_station_id);
|
||||
$query = $this->db->get('station_profile');
|
||||
if ($query->num_rows() != 1) {
|
||||
$CI =& get_instance();
|
||||
$CI->load->model('Stations');
|
||||
if (!$CI->Stations->check_station_is_accessible($clean_station_id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Delete QSOs
|
||||
// Delete relationship
|
||||
$this->db->where('station_logbook_id', $clean_logbook_id);
|
||||
$this->db->where('station_location_id', $clean_station_id);
|
||||
$this->db->delete('station_logbooks_relationship');
|
||||
}
|
||||
|
||||
public function check_logbook_is_accessible($id) {
|
||||
// check if logbook belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('logbook_id', $id);
|
||||
$query = $this->db->get('station_logbooks');
|
||||
if ($query->num_rows() == 1) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
@ -102,6 +102,7 @@ class Stations extends CI_Model {
|
|||
'qrzrealtime' => xss_clean($this->input->post('qrzrealtime', true)),
|
||||
);
|
||||
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('station_id', xss_clean($this->input->post('station_id', true)));
|
||||
$this->db->update('station_profile', $data);
|
||||
}
|
||||
|
|
@ -139,13 +140,12 @@ class Stations extends CI_Model {
|
|||
$clean_new = $this->security->xss_clean($new);
|
||||
|
||||
// be sure that stations belong to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where_in('station_id', array($clean_current, $clean_new));
|
||||
$query = $this->db->get('station_profile');
|
||||
if ($clean_current == 0 && $query->num_rows() != 1) {
|
||||
return;
|
||||
if ($clean_current != 0) {
|
||||
if (!$this->check_station_is_accessible($clean_current)) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
if ($clean_current != 0 && $query->num_rows() != 2) {
|
||||
if (!$this->check_station_is_accessible($clean_new)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -294,6 +294,16 @@ class Stations extends CI_Model {
|
|||
return $query->num_rows();
|
||||
}
|
||||
|
||||
public function check_station_is_accessible($id) {
|
||||
// check if station belongs to user
|
||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('station_id', $id);
|
||||
$query = $this->db->get('station_profile');
|
||||
if ($query->num_rows() == 1) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
正在加载…
在新工单中引用