Löschen zugriffsbeschränkt

author: Patrick Seeger <pseeger@ccwn.org> 2013-05-15 10:41:50 +0200
committer: Patrick Seeger <pseeger@ccwn.org> 2013-05-15 10:41:50 +0200
commit: 2cf3262256fe181bb74f2f41cc776a2fb6228d24 (patch)
tree: f4bf5d94d392850a92c90c4a6144a69b68f1d9eb
parent: 40cf298654b879f6996e41bee096798313769f68 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/protected/controllers/MyAngebotController.php b/protected/controllers/MyAngebotController.php
index d0adfd2..cbd74ad 100644
--- a/protected/controllers/MyAngebotController.php
+++ b/protected/controllers/MyAngebotController.php
@@ -87,8 +87,12 @@ class MyAngebotController extends Controller
 		if(Yii::app()->request->isPostRequest)
 		{
 			// we only allow deletion via POST request
-			$this->loadModel($id)->delete();
-	
+			$model = $this->loadModel($id);
+			if ($model->verein_id != Yii::app()->user->vereinId) {
+				throw new CHttpException(401,'Illegal Access! Delete your own data!');
+			} else {
+				$model->delete();
+			}
 			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
 			if(!isset($_GET['ajax']))
 				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
author	Patrick Seeger <pseeger@ccwn.org>	2013-05-15 10:41:50 +0200
committer	Patrick Seeger <pseeger@ccwn.org>	2013-05-15 10:41:50 +0200
commit	2cf3262256fe181bb74f2f41cc776a2fb6228d24 (patch)
tree	f4bf5d94d392850a92c90c4a6144a69b68f1d9eb
parent	40cf298654b879f6996e41bee096798313769f68 (diff)