created helper methods to check access
这个提交包含在:
Thomas Werzmirzowsky
父节点
9ed56e7211
当前提交
61b41df1d9
共有 3 个文件被更改,包括 39 次插入 和 28 次删除
|
|
@ -459,6 +459,7 @@ class Logbook_model extends CI_Model {
|
||||||
/* Edit QSO */
|
/* Edit QSO */
|
||||||
function edit() {
|
function edit() {
|
||||||
$entity = $this->get_entity($this->input->post('dxcc_id'));
|
$entity = $this->get_entity($this->input->post('dxcc_id'));
|
||||||
|
$stationId = $this->input->post('station_profile');
|
||||||
$country = $entity['name'];
|
$country = $entity['name'];
|
||||||
|
|
||||||
$mode = $this->get_main_mode_if_submode($this->input->post('mode'));
|
$mode = $this->get_main_mode_if_submode($this->input->post('mode'));
|
||||||
|
|
@ -539,7 +540,7 @@ class Logbook_model extends CI_Model {
|
||||||
'COL_SRX' => $srx_string,
|
'COL_SRX' => $srx_string,
|
||||||
'COL_CONTEST_ID' => $this->input->post('contest_name'),
|
'COL_CONTEST_ID' => $this->input->post('contest_name'),
|
||||||
'COL_QSL_VIA' => $this->input->post('qsl_via_callsign'),
|
'COL_QSL_VIA' => $this->input->post('qsl_via_callsign'),
|
||||||
'station_id' => $this->input->post('station_profile'),
|
'station_id' => $stationId,
|
||||||
'COL_OPERATOR' => $this->input->post('operator_callsign'),
|
'COL_OPERATOR' => $this->input->post('operator_callsign'),
|
||||||
'COL_STATE' =>$this->input->post('usa_state'),
|
'COL_STATE' =>$this->input->post('usa_state'),
|
||||||
'COL_CNTY' => $uscounty
|
'COL_CNTY' => $uscounty
|
||||||
|
|
|
||||||
|
|
@ -51,10 +51,7 @@ class Logbooks_model extends CI_Model {
|
||||||
$cleanId = xss_clean($id);
|
$cleanId = xss_clean($id);
|
||||||
|
|
||||||
// be sure that logbook belongs to user
|
// be sure that logbook belongs to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
if (!$this->check_logbook_is_accessible($cleanId)) {
|
||||||
$this->db->where('logbook_id', $cleanId);
|
|
||||||
$query = $this->db->get('station_logbooks');
|
|
||||||
if ($query->num_rows() != 1) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -83,18 +80,14 @@ class Logbooks_model extends CI_Model {
|
||||||
$clean_location_id = $this->security->xss_clean($location_id);
|
$clean_location_id = $this->security->xss_clean($location_id);
|
||||||
|
|
||||||
// be sure that logbook belongs to user
|
// be sure that logbook belongs to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
if (!$this->check_logbook_is_accessible($clean_logbook_id)) {
|
||||||
$this->db->where('logbook_id', $clean_logbook_id);
|
|
||||||
$query = $this->db->get('station_logbooks');
|
|
||||||
if ($query->num_rows() != 1) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// be sure that station belongs to user
|
// be sure that station belongs to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
$CI =& get_instance();
|
||||||
$this->db->where('station_id', $clean_location_id);
|
$CI->load->model('Stations');
|
||||||
$query = $this->db->get('station_profile');
|
if (!$CI->Stations->check_station_is_accessible($clean_location_id)) {
|
||||||
if ($query->num_rows() != 1) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -171,25 +164,32 @@ class Logbooks_model extends CI_Model {
|
||||||
$clean_station_id = $this->security->xss_clean($station_id);
|
$clean_station_id = $this->security->xss_clean($station_id);
|
||||||
|
|
||||||
// be sure that logbook belongs to user
|
// be sure that logbook belongs to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
if (!$this->check_logbook_is_accessible($clean_logbook_id)) {
|
||||||
$this->db->where('logbook_id', $clean_logbook_id);
|
|
||||||
$query = $this->db->get('station_logbooks');
|
|
||||||
if ($query->num_rows() != 1) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// be sure that station belongs to user
|
// be sure that station belongs to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
$CI =& get_instance();
|
||||||
$this->db->where('station_id', $clean_station_id);
|
$CI->load->model('Stations');
|
||||||
$query = $this->db->get('station_profile');
|
if (!$CI->Stations->check_station_is_accessible($clean_station_id)) {
|
||||||
if ($query->num_rows() != 1) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete QSOs
|
// Delete relationship
|
||||||
$this->db->where('station_logbook_id', $clean_logbook_id);
|
$this->db->where('station_logbook_id', $clean_logbook_id);
|
||||||
$this->db->where('station_location_id', $clean_station_id);
|
$this->db->where('station_location_id', $clean_station_id);
|
||||||
$this->db->delete('station_logbooks_relationship');
|
$this->db->delete('station_logbooks_relationship');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function check_logbook_is_accessible($id) {
|
||||||
|
// check if logbook belongs to user
|
||||||
|
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||||
|
$this->db->where('logbook_id', $id);
|
||||||
|
$query = $this->db->get('station_logbooks');
|
||||||
|
if ($query->num_rows() == 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
@ -102,6 +102,7 @@ class Stations extends CI_Model {
|
||||||
'qrzrealtime' => xss_clean($this->input->post('qrzrealtime', true)),
|
'qrzrealtime' => xss_clean($this->input->post('qrzrealtime', true)),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||||
$this->db->where('station_id', xss_clean($this->input->post('station_id', true)));
|
$this->db->where('station_id', xss_clean($this->input->post('station_id', true)));
|
||||||
$this->db->update('station_profile', $data);
|
$this->db->update('station_profile', $data);
|
||||||
}
|
}
|
||||||
|
|
@ -139,13 +140,12 @@ class Stations extends CI_Model {
|
||||||
$clean_new = $this->security->xss_clean($new);
|
$clean_new = $this->security->xss_clean($new);
|
||||||
|
|
||||||
// be sure that stations belong to user
|
// be sure that stations belong to user
|
||||||
$this->db->where('user_id', $this->session->userdata('user_id'));
|
if ($clean_current != 0) {
|
||||||
$this->db->where_in('station_id', array($clean_current, $clean_new));
|
if (!$this->check_station_is_accessible($clean_current)) {
|
||||||
$query = $this->db->get('station_profile');
|
return;
|
||||||
if ($clean_current == 0 && $query->num_rows() != 1) {
|
}
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
if ($clean_current != 0 && $query->num_rows() != 2) {
|
if (!$this->check_station_is_accessible($clean_new)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -294,6 +294,16 @@ class Stations extends CI_Model {
|
||||||
return $query->num_rows();
|
return $query->num_rows();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function check_station_is_accessible($id) {
|
||||||
|
// check if station belongs to user
|
||||||
|
$this->db->where('user_id', $this->session->userdata('user_id'));
|
||||||
|
$this->db->where('station_id', $id);
|
||||||
|
$query = $this->db->get('station_profile');
|
||||||
|
if ($query->num_rows() == 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
正在加载…
在新工单中引用