goodspeed/Cloudlog
1
0
派生 0
代码 工单 合并请求 项目 版本发布 软件包 百科 动态 Actions

added checks to backend and frontend of "print requested qsls" to only

浏览代码 
allow access to QSOs of user
这个提交包含在:
Thomas Werzmirzowsky 2021-11-17 22:30:20 +01:00
父节点 e044da8df0
当前提交 821a00dabb
共有 4 个文件被更改,包括 43 次插入6 次删除
显示统计信息 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

2
application/controllers/Qslprint.php
查看文件

@ -28,7 +28,7 @@ class QSLPrint extends CI_Controller {
redirect('user/login'); redirect('user/login');
} }
$this->load->model('stations'); $this->load->model('stations');
$data['station_profile'] = $this->stations->all(); $data['station_profile'] = $this->stations->all_of_user();
$this->load->model('qslprint_model'); $this->load->model('qslprint_model');
$data['qsos'] = $this->qslprint_model->get_qsos_for_print(); $data['qsos'] = $this->qslprint_model->get_qsos_for_print();

2
application/models/Adif_data.php
查看文件

@ -24,6 +24,8 @@ class adif_data extends CI_Model {
} }
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id'); $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
$this->db->where_in('COL_QSL_SENT', array('R', 'Q')); $this->db->where_in('COL_QSL_SENT', array('R', 'Q'));
$this->db->order_by("COL_TIME_ON", "ASC"); $this->db->order_by("COL_TIME_ON", "ASC");
$query = $this->db->get($this->config->item('table_name')); $query = $this->db->get($this->config->item('table_name'));

3
application/models/Logbook_model.php
查看文件

@ -852,6 +852,9 @@ class Logbook_model extends CI_Model {
$sql .= ' and thcv.station_id = ' . $station_id2; $sql .= ' and thcv.station_id = ' . $station_id2;
} }
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
$sql .= ' and station_profile.user_id = ' . $this->session->userdata('user_id');
$sql .= ' ORDER BY ADIF, COL_ROUTING'; $sql .= ' ORDER BY ADIF, COL_ROUTING';
$query = $this->db->query($sql); $query = $this->db->query($sql);

42
application/models/Qslprint_model.php
查看文件

@ -8,19 +8,33 @@ class Qslprint_model extends CI_Model {
$station_id = $CI->Stations->find_active(); $station_id = $CI->Stations->find_active();
$data = array( $data = array(
'COL_QSLSDATE' => date('Y-m-d'), 'COL_QSLSDATE' => date('Y-m-d'),
'COL_QSL_SENT' => "Y", 'COL_QSL_SENT' => "Y",
'COL_QSL_SENT_VIA' => "B", 'COL_QSL_SENT_VIA' => "B",
); );
$this->db->where_in("COL_QSL_SENT", array("R","Q"));
if ($station_id2 == NULL) { if ($station_id2 == NULL) {
$this->db->where("station_id", $station_id); $this->db->where("station_id", $station_id);
} else if ($station_id2 == 'All') {
// get all stations of user
$stations = $CI->Stations->all_of_user();
$station_ids = array();
foreach ($stations->result() as $row) {
array_push($station_ids, $row->station_id);
}
// filter by all stations
$this->db->where_in("station_id", $station_ids);
} else if ($station_id2 != 'All') { } else if ($station_id2 != 'All') {
// be sure that station belongs to user
if (!$CI->Stations->check_station_is_accessible($station_id2)) {
return;
}
$this->db->where("station_id", $station_id2); $this->db->where("station_id", $station_id2);
} }
$this->db->where_in("COL_QSL_SENT", array("R","Q"));
$this->db->update($this->config->item('table_name'), $data); $this->db->update($this->config->item('table_name'), $data);
} }
@ -35,6 +49,8 @@ class Qslprint_model extends CI_Model {
} }
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id'); $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
$this->db->where_in('COL_QSL_SENT', array('R', 'Q')); $this->db->where_in('COL_QSL_SENT', array('R', 'Q'));
$this->db->order_by("COL_TIME_ON", "ASC"); $this->db->order_by("COL_TIME_ON", "ASC");
$query = $this->db->get($this->config->item('table_name')); $query = $this->db->get($this->config->item('table_name'));
@ -49,6 +65,13 @@ class Qslprint_model extends CI_Model {
} }
function delete_from_qsl_queue($id) { function delete_from_qsl_queue($id) {
// be sure that QSO belongs to user
$CI =& get_instance();
$CI->load->model('logbook_model');
if (!$CI->logbook_model->check_qso_is_accessible($id)) {
return;
}
$data = array( $data = array(
'COL_QSL_SENT' => "N", 'COL_QSL_SENT' => "N",
); );
@ -60,6 +83,13 @@ class Qslprint_model extends CI_Model {
} }
function add_qso_to_print_queue($id) { function add_qso_to_print_queue($id) {
// be sure that QSO belongs to user
$CI =& get_instance();
$CI->load->model('logbook_model');
if (!$CI->logbook_model->check_qso_is_accessible($id)) {
return;
}
$data = array( $data = array(
'COL_QSL_SENT' => "R", 'COL_QSL_SENT' => "R",
); );
@ -72,6 +102,8 @@ class Qslprint_model extends CI_Model {
function open_qso_list($callsign) { function open_qso_list($callsign) {
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id'); $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
// always filter user. this ensures that no inaccesible QSOs will be returned
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
$this->db->where('COL_CALL like "%'.$callsign.'%"'); $this->db->where('COL_CALL like "%'.$callsign.'%"');
$this->db->where('coalesce(COL_QSL_SENT, "") not in ("R", "Q")'); $this->db->where('coalesce(COL_QSL_SENT, "") not in ("R", "Q")');
$this->db->order_by("COL_TIME_ON", "ASC"); $this->db->order_by("COL_TIME_ON", "ASC");