Merge branch 'master' of ssh://proxy:9044/home/ccwn/git-repos/admin.astaf.de

2 files changed, 7 insertions, 3 deletions

diff --git a/protected/controllers/MyAngebotController.php b/protected/controllers/MyAngebotController.php
index d0adfd2..cbd74ad 100644
--- a/protected/controllers/MyAngebotController.php
+++ b/protected/controllers/MyAngebotController.php
@@ -87,8 +87,12 @@ class MyAngebotController extends Controller
 		if(Yii::app()->request->isPostRequest)

 		{

 			// we only allow deletion via POST request

-			$this->loadModel($id)->delete();

-	

+			$model = $this->loadModel($id);

+			if ($model->verein_id != Yii::app()->user->vereinId) {
+				throw new CHttpException(401,'Illegal Access! Delete your own data!');
+			} else {
+				$model->delete();
+			}

 			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

 			if(!isset($_GET['ajax']))

 				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

diff --git a/protected/views/myAngebot/_form.php b/protected/views/myAngebot/_form.php
index 0ee91d5..25ffad2 100644
--- a/protected/views/myAngebot/_form.php
+++ b/protected/views/myAngebot/_form.php
@@ -46,7 +46,7 @@
 		if ($einheiten !== null && '' != $einheiten) {
 		    echo Html::einheitenDropDownList($model, 'einheit', $einheiten);
 		} else {
-		    ?><select id="AngebotVerein_einheit" style="display:none;"></select><?php
+		    ?><select id="AngebotVerein_einheit" name="AngebotVerein[einheit]" style="display:none;"></select><?php
 		}
 		?>
 		<span id="emptyEinheitenTxt" style="display: <?php echo ($einheiten !== null && '' != $einheiten) ? "none" : "inline"?>">Bitte zuerst das Angebot eingeben.</span>