nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-26 02:44:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check owner when deleting

Browse Source
This commit is contained in:
Piotr Filip 2022-10-19 13:45:45 +02:00 committed by Florian Schlichting
parent 4b7abbbd83
commit 13c77fdcab
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/ui/principal-edit.php
View File

@ -67,7 +67,7 @@ function handle_subaction( $subaction ) {
if ($can_write_principal) { if ($can_write_principal) {
if ( $session->CheckConfirmationHash('GET', 'confirm') ) { if ( $session->CheckConfirmationHash('GET', 'confirm') ) {
dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete collection %s for principal %d', $_GET['collection_id'], $id ); dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete collection %s for principal %d', $_GET['collection_id'], $id );
$qry = new AwlQuery('DELETE FROM collection WHERE collection_id=?;', $_GET['collection_id'] ); $qry = new AwlQuery('DELETE FROM collection WHERE collection_id=:collection_id AND user_no = (select user_no from principal where principal_id = :principal_id )', array( ':collection_id' => intval($_GET['collection_id']), ':principal_id' => $id));
if ( $qry->Exec() ) { if ( $qry->Exec() ) {
$c->messages[] = i18n('Collection deleted.'); $c->messages[] = i18n('Collection deleted.');
return true; return true;
@ -119,7 +119,7 @@ function handle_subaction( $subaction ) {
if ($can_write_principal) { if ($can_write_principal) {
if ( $session->CheckConfirmationHash('GET', 'confirm') ) { if ( $session->CheckConfirmationHash('GET', 'confirm') ) {
dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete ticket "%s" for principal %d', $_GET['ticket_id'], $id ); dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete ticket "%s" for principal %d', $_GET['ticket_id'], $id );
$qry = new AwlQuery('DELETE FROM access_ticket WHERE ticket_id=?;', $_GET['ticket_id'] ); $qry = new AwlQuery('DELETE FROM access_ticket WHERE ticket_id=:ticket_id AND dav_owner_id = :dav_owner_id', array( ':ticket_id' => $_GET['ticket_id'], ':dav_owner_id' => $id));
if ( $qry->Exec() ) { if ( $qry->Exec() ) {
$c->messages[] = i18n('Access ticket deleted.'); $c->messages[] = i18n('Access ticket deleted.');
return true; return true;
@ -146,7 +146,7 @@ function handle_subaction( $subaction ) {
if ($can_write_principal) { if ($can_write_principal) {
if ( $session->CheckConfirmationHash('GET', 'confirm') ) { if ( $session->CheckConfirmationHash('GET', 'confirm') ) {
dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete binding "%s" for principal %d', $_GET['bind_id'], $id ); dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete binding "%s" for principal %d', $_GET['bind_id'], $id );
$qry = new AwlQuery('DELETE FROM dav_binding WHERE bind_id=?;', $_GET['bind_id'] ); $qry = new AwlQuery('DELETE FROM dav_binding WHERE bind_id=:bind_id AND dav_owner_id = :dav_owner_id', array( ':bind_id' => $_GET['bind_id'], ':dav_owner_id' => $id));
if ( $qry->Exec() ) { if ( $qry->Exec() ) {
$c->messages[] = i18n('Binding deleted.'); $c->messages[] = i18n('Binding deleted.');
return true; return true;