From 61b41df1d9010334876488b68d52004c0b0a521a Mon Sep 17 00:00:00 2001 From: Thomas Werzmirzowsky Date: Sun, 31 Oct 2021 10:17:14 +0100 Subject: [PATCH] created helper methods to check access --- application/models/Logbook_model.php | 3 +- application/models/Logbooks_model.php | 42 +++++++++++++-------------- application/models/Stations.php | 22 ++++++++++---- 3 files changed, 39 insertions(+), 28 deletions(-) diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index 105506dd..32cb1b17 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -459,6 +459,7 @@ class Logbook_model extends CI_Model { /* Edit QSO */ function edit() { $entity = $this->get_entity($this->input->post('dxcc_id')); + $stationId = $this->input->post('station_profile'); $country = $entity['name']; $mode = $this->get_main_mode_if_submode($this->input->post('mode')); @@ -539,7 +540,7 @@ class Logbook_model extends CI_Model { 'COL_SRX' => $srx_string, 'COL_CONTEST_ID' => $this->input->post('contest_name'), 'COL_QSL_VIA' => $this->input->post('qsl_via_callsign'), - 'station_id' => $this->input->post('station_profile'), + 'station_id' => $stationId, 'COL_OPERATOR' => $this->input->post('operator_callsign'), 'COL_STATE' =>$this->input->post('usa_state'), 'COL_CNTY' => $uscounty diff --git a/application/models/Logbooks_model.php b/application/models/Logbooks_model.php index ae4045fc..ba1e760b 100644 --- a/application/models/Logbooks_model.php +++ b/application/models/Logbooks_model.php @@ -51,10 +51,7 @@ class Logbooks_model extends CI_Model { $cleanId = xss_clean($id); // be sure that logbook belongs to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where('logbook_id', $cleanId); - $query = $this->db->get('station_logbooks'); - if ($query->num_rows() != 1) { + if (!$this->check_logbook_is_accessible($cleanId)) { return; } @@ -83,18 +80,14 @@ class Logbooks_model extends CI_Model { $clean_location_id = $this->security->xss_clean($location_id); // be sure that logbook belongs to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where('logbook_id', $clean_logbook_id); - $query = $this->db->get('station_logbooks'); - if ($query->num_rows() != 1) { + if (!$this->check_logbook_is_accessible($clean_logbook_id)) { return; } // be sure that station belongs to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where('station_id', $clean_location_id); - $query = $this->db->get('station_profile'); - if ($query->num_rows() != 1) { + $CI =& get_instance(); + $CI->load->model('Stations'); + if (!$CI->Stations->check_station_is_accessible($clean_location_id)) { return; } @@ -171,25 +164,32 @@ class Logbooks_model extends CI_Model { $clean_station_id = $this->security->xss_clean($station_id); // be sure that logbook belongs to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where('logbook_id', $clean_logbook_id); - $query = $this->db->get('station_logbooks'); - if ($query->num_rows() != 1) { + if (!$this->check_logbook_is_accessible($clean_logbook_id)) { return; } // be sure that station belongs to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where('station_id', $clean_station_id); - $query = $this->db->get('station_profile'); - if ($query->num_rows() != 1) { + $CI =& get_instance(); + $CI->load->model('Stations'); + if (!$CI->Stations->check_station_is_accessible($clean_station_id)) { return; } - // Delete QSOs + // Delete relationship $this->db->where('station_logbook_id', $clean_logbook_id); $this->db->where('station_location_id', $clean_station_id); $this->db->delete('station_logbooks_relationship'); } + + public function check_logbook_is_accessible($id) { + // check if logbook belongs to user + $this->db->where('user_id', $this->session->userdata('user_id')); + $this->db->where('logbook_id', $id); + $query = $this->db->get('station_logbooks'); + if ($query->num_rows() == 1) { + return true; + } + return false; + } } ?> \ No newline at end of file diff --git a/application/models/Stations.php b/application/models/Stations.php index 0867db61..08988589 100644 --- a/application/models/Stations.php +++ b/application/models/Stations.php @@ -102,6 +102,7 @@ class Stations extends CI_Model { 'qrzrealtime' => xss_clean($this->input->post('qrzrealtime', true)), ); + $this->db->where('user_id', $this->session->userdata('user_id')); $this->db->where('station_id', xss_clean($this->input->post('station_id', true))); $this->db->update('station_profile', $data); } @@ -139,13 +140,12 @@ class Stations extends CI_Model { $clean_new = $this->security->xss_clean($new); // be sure that stations belong to user - $this->db->where('user_id', $this->session->userdata('user_id')); - $this->db->where_in('station_id', array($clean_current, $clean_new)); - $query = $this->db->get('station_profile'); - if ($clean_current == 0 && $query->num_rows() != 1) { - return; + if ($clean_current != 0) { + if (!$this->check_station_is_accessible($clean_current)) { + return; + } } - if ($clean_current != 0 && $query->num_rows() != 2) { + if (!$this->check_station_is_accessible($clean_new)) { return; } @@ -294,6 +294,16 @@ class Stations extends CI_Model { return $query->num_rows(); } + public function check_station_is_accessible($id) { + // check if station belongs to user + $this->db->where('user_id', $this->session->userdata('user_id')); + $this->db->where('station_id', $id); + $query = $this->db->get('station_profile'); + if ($query->num_rows() == 1) { + return true; + } + return false; + } } ?> \ No newline at end of file