summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--protected/controllers/MyAngebotController.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/protected/controllers/MyAngebotController.php b/protected/controllers/MyAngebotController.php
index d0adfd2..cbd74ad 100644
--- a/protected/controllers/MyAngebotController.php
+++ b/protected/controllers/MyAngebotController.php
@@ -87,8 +87,12 @@ class MyAngebotController extends Controller
if(Yii::app()->request->isPostRequest)
{
// we only allow deletion via POST request
- $this->loadModel($id)->delete();
-
+ $model = $this->loadModel($id);
+ if ($model->verein_id != Yii::app()->user->vereinId) {
+ throw new CHttpException(401,'Illegal Access! Delete your own data!');
+ } else {
+ $model->delete();
+ }
// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
if(!isset($_GET['ajax']))
$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
generated by cgit v1.0-28-g1787 at 2026-01-08 11:41:37 +0000