extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-27 00:58:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Can't edit a category that's not from the current app - open super-globals read-only

Browse Source
This commit is contained in:
Nathan Gray 2011-07-07 18:54:59 +00:00
parent 52f3dd9ed2
commit 765f486753
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
admin/inc/class.admin_categories.inc.php
View File

@ -112,7 +112,7 @@ class admin_categories
$appname = categories::GLOBAL_APPNAME; $appname = categories::GLOBAL_APPNAME;
} }
} }
elseif (!self::$acl_edit || ( $content['owner'] != $GLOBALS['egw_info']['user']['account_id'] && $this->appname != 'admin')) elseif ($content['appname'] != $appname || !self::$acl_edit || ( $content['owner'] != $GLOBALS['egw_info']['user']['account_id'] && $this->appname != 'admin'))
{ {
// only allow to view category // only allow to view category
$readonlys['__ALL__'] = true; $readonlys['__ALL__'] = true;
@ -193,7 +193,7 @@ class admin_categories
if (!empty($js)) $GLOBALS['egw']->js->set_onload($js); if (!empty($js)) $GLOBALS['egw']->js->set_onload($js);
} }
$content['msg'] = $msg; $content['msg'] = $msg;
$content['appname'] = $appname; if(!$content['appname']) $content['appname'] = $appname;
$content['icon_url'] = $content['base_url'] . $content['data']['icon']; $content['icon_url'] = $content['base_url'] . $content['data']['icon'];
$sel_options['icon'] = self::get_icons(); $sel_options['icon'] = self::get_icons();
@ -256,6 +256,7 @@ class admin_categories
});'); });');
$readonlys['button[delete]'] = !$content['id'] || !self::$acl_delete || // cant delete not yet saved category $readonlys['button[delete]'] = !$content['id'] || !self::$acl_delete || // cant delete not yet saved category
$appname != $content['appname'] || // Can't edit a category from a different app
($this->appname != 'admin' && $content['owner'] != $GLOBALS['egw_info']['user']['account_id']); ($this->appname != 'admin' && $content['owner'] != $GLOBALS['egw_info']['user']['account_id']);
$tmpl = new etemplate('admin.categories.edit'); $tmpl = new etemplate('admin.categories.edit');