fmsystem-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [10965] property: ticket - check for order-rights

From: Sigurd Nes
Subject: [Fmsystem-commits] [10965] property: ticket - check for order-rights
Date: Tue, 05 Mar 2013 10:05:33 +0000 
Revision: 10965
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=10965
Author:   sigurdne
Date:     2013-03-05 10:05:32 +0000 (Tue, 05 Mar 2013)
Log Message:
-----------
property: ticket - check for order-rights

Modified Paths:
--------------
    trunk/property/inc/class.sotts.inc.php

Modified: trunk/property/inc/class.sotts.inc.php
===================================================================
--- trunk/property/inc/class.sotts.inc.php      2013-03-04 22:03:30 UTC (rev 
10964)
+++ trunk/property/inc/class.sotts.inc.php      2013-03-05 10:05:32 UTC (rev 
10965)
@@ -1357,7 +1357,7 @@
                                }
                        }
 
-                       $value_set                                      = 
array();
+                       $value_set      = array();
 
                        $data_attribute = 
$this->custom->prepare_for_db('fm_tts_tickets', $values_attribute);
 
@@ -1370,14 +1370,24 @@
                        }
 
                        $value_set['modified_date']     = time();
-                       $value_set['vendor_id']         = $ticket['vendor_id'];
-                       $value_set['b_account_id']      = 
$ticket['b_account_id'];
-                       $value_set['order_descr']       = 
$this->db->db_addslashes($ticket['order_descr']);
-                       $value_set['ecodimb']           = $ticket['ecodimb'];
-                       $value_set['budget']            = $ticket['budget'];
-                       $value_set['branch_id']         = $ticket['branch_id'];
 
-                       $value_set                                      = 
$this->db->validate_update($value_set);
+
+                       // check order-rights
+                       
+                       $order_add      = 
$GLOBALS['phpgw']->acl->check('.ticket.order', PHPGW_ACL_ADD, 'property');
+                       $order_edit = 
$GLOBALS['phpgw']->acl->check('.ticket.order', PHPGW_ACL_EDIT, 'property');
+
+                       if($order_add || $order_edit)
+                       {
+                               $value_set['vendor_id']         = 
$ticket['vendor_id'];
+                               $value_set['b_account_id']      = 
$ticket['b_account_id'];
+                               $value_set['order_descr']       = 
$this->db->db_addslashes($ticket['order_descr']);
+                               $value_set['ecodimb']           = 
$ticket['ecodimb'];
+                               $value_set['budget']            = 
$ticket['budget'];
+                               $value_set['branch_id']         = 
$ticket['branch_id'];
+                       }
+
+                       $value_set      = 
$this->db->validate_update($value_set);
                        $this->db->query("UPDATE fm_tts_tickets SET $value_set 
WHERE id={$id}",__LINE__,__FILE__);
 
                        $this->db->transaction_commit();
reply via email to
[Prev in Thread] Current Thread [Next in Thread]