Commit 85e8efa5 authored by Bate's avatar Bate

Planning2

parent 89308b6e
......@@ -84,7 +84,8 @@ class planningv extends stdcontents
$planning = new planning2($db, $db);
$planning->load_by_id($id_planning);
if(!$site->user->is_in_group_id($planning->group))
if(!$site->user->is_in_group_id($planning->group) && !$site->user->is_in_group_id($planning->admin_group)
&& !$planning->is_public && !$site->user->is_in_group("gestion_ae"))
{
$this->buffer .= "<p>Droits insuffisants pour lire ce planning</p>";
return;
......
......@@ -421,7 +421,7 @@ class planning2 extends stdentity
{
return new requete($this->db,
"SELECT id_gap, name_gap, start, end FROM pl2_gap
WHERE id_gap = $gap_id");
WHERE id_gap = $gap_id AND id_planning = $this->id");
}
function get_user_gap_info( $user_gap_id )
......
......@@ -44,6 +44,13 @@ $cts = new contents($planning->name);
if($_REQUEST["action"] === "add_to_gap" && isset($_REQUEST["gap_id"]))
{
$gap_id = $_REQUEST["gap_id"];
if( !$site->user->is_in_group_id($planning->admin_group) && !$site->user->is_in_group_id($planning->group) )
{
$cts->add_paragraph("Vous n'avez pas le droit de faire cela.");
$site->add_contents($cts);
$site->end_page();
exit();
}
$gap = $planning->get_gap_info( $gap_id );
if( list ( $id_gap, $name_gap, $start, $end ) = $gap->get_row())
{
......@@ -72,7 +79,7 @@ if($_REQUEST["action"] === "remove_from_gap" && isset($_REQUEST["user_gap_id"]))
$user_gap = $planning->get_user_gap_info($user_gap_id);
if( list( $gap_id, $id_utl, $user_gap_start, $user_gap_end ) = $user_gap->get_row())
{
if( $id_utl != $site->user->id )
if( $id_utl != $site->user->id && !$site->user->is_in_group_id($planning->admin_group) )
{
$cts->add_paragraph("Vous n'avez pas le droit de faire cela.");
$site->add_contents($cts);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment