From 2cf3262256fe181bb74f2f41cc776a2fb6228d24 Mon Sep 17 00:00:00 2001 From: Patrick Seeger Date: Wed, 15 May 2013 10:41:50 +0200 Subject: =?UTF-8?q?L=C3=B6schen=20zugriffsbeschr=C3=A4nkt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- protected/controllers/MyAngebotController.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/protected/controllers/MyAngebotController.php b/protected/controllers/MyAngebotController.php index d0adfd2..cbd74ad 100644 --- a/protected/controllers/MyAngebotController.php +++ b/protected/controllers/MyAngebotController.php @@ -87,8 +87,12 @@ class MyAngebotController extends Controller if(Yii::app()->request->isPostRequest) { // we only allow deletion via POST request - $this->loadModel($id)->delete(); - + $model = $this->loadModel($id); + if ($model->verein_id != Yii::app()->user->vereinId) { + throw new CHttpException(401,'Illegal Access! Delete your own data!'); + } else { + $model->delete(); + } // if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser if(!isset($_GET['ajax'])) $this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin')); -- cgit v1.0-28-g1787 From 90cd9ea89a1e9efffba0eeffadb57d1d37ef98b9 Mon Sep 17 00:00:00 2001 From: Patrick Seeger Date: Wed, 15 May 2013 10:55:31 +0200 Subject: Auswahl Einheiten geht jetzt beim ersten Schuss --- protected/views/myAngebot/_form.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protected/views/myAngebot/_form.php b/protected/views/myAngebot/_form.php index 0ee91d5..25ffad2 100644 --- a/protected/views/myAngebot/_form.php +++ b/protected/views/myAngebot/_form.php @@ -46,7 +46,7 @@ if ($einheiten !== null && '' != $einheiten) { echo Html::einheitenDropDownList($model, 'einheit', $einheiten); } else { - ?> ">Bitte zuerst das Angebot eingeben. -- cgit v1.0-28-g1787