Merge branch 'master' of ssh://proxy:9044/home/ccwn/git-repos/admin.astaf.de

author: astaf <astaf@proxy.ccwn.org.ccwn.org> 2013-05-15 10:59:30 +0200
committer: astaf <astaf@proxy.ccwn.org.ccwn.org> 2013-05-15 10:59:30 +0200
commit: 91907913ffae859611b2316fbc55543ed3183889 (patch)
tree: d4886eaf67c52477e04f441343ba6a874613024c /protected/controllers
parent: 9de2cb93d7b70a9f015187060ee856d561023469 (diff)
parent: 90cd9ea89a1e9efffba0eeffadb57d1d37ef98b9 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/protected/controllers/MyAngebotController.php b/protected/controllers/MyAngebotController.php
index d0adfd2..cbd74ad 100644
--- a/protected/controllers/MyAngebotController.php
+++ b/protected/controllers/MyAngebotController.php
@@ -87,8 +87,12 @@ class MyAngebotController extends Controller
 		if(Yii::app()->request->isPostRequest)
 		{
 			// we only allow deletion via POST request
-			$this->loadModel($id)->delete();
-	
+			$model = $this->loadModel($id);
+			if ($model->verein_id != Yii::app()->user->vereinId) {
+				throw new CHttpException(401,'Illegal Access! Delete your own data!');
+			} else {
+				$model->delete();
+			}
 			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
 			if(!isset($_GET['ajax']))
 				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
author	astaf <astaf@proxy.ccwn.org.ccwn.org>	2013-05-15 10:59:30 +0200
committer	astaf <astaf@proxy.ccwn.org.ccwn.org>	2013-05-15 10:59:30 +0200
commit	91907913ffae859611b2316fbc55543ed3183889 (patch)
tree	d4886eaf67c52477e04f441343ba6a874613024c /protected/controllers
parent	9de2cb93d7b70a9f015187060ee856d561023469 (diff)
parent	90cd9ea89a1e9efffba0eeffadb57d1d37ef98b9 (diff)