From 84377464e2a89152b4d9e8b390078fca5b6ff162 Mon Sep 17 00:00:00 2001 From: ywarnier Date: Sun, 17 Dec 2006 20:47:49 +0000 Subject: [PATCH] =?UTF-8?q?Double=20degr=E9=20de=20v=E9rifications=20perme?= =?UTF-8?q?ttant=20l'affichage=20d'un=20message=20d'erreur=20en=20cas=20d'?= =?UTF-8?q?=E9dition=20non=20autoris=E9e.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/user/group/fiche.php | 41 +++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php index 0680762be8a..09c44216505 100644 --- a/htdocs/user/group/fiche.php +++ b/htdocs/user/group/fiche.php @@ -36,6 +36,7 @@ $caneditperms=($user->admin || $user->rights->user->user->creer); $candisableperms=($user->admin || $user->rights->user->user->supprimer); $langs->load("users"); +$langs->load("other"); $action=isset($_GET["action"])?$_GET["action"]:$_POST["action"]; @@ -45,17 +46,22 @@ $action=isset($_GET["action"])?$_GET["action"]:$_POST["action"]; */ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes") { - $editgroup = new Usergroup($db, $_GET["id"]); - $editgroup->fetch($_GET["id"]); - $editgroup->delete(); - Header("Location: index.php"); + if($caneditperms){ + $editgroup = new Usergroup($db, $_GET["id"]); + $editgroup->fetch($_GET["id"]); + $editgroup->delete(); + Header("Location: index.php"); + }else{ + $message = '
'.$langs->trans('ErrorForbidden').'
'; + } } /** * Action ajout groupe */ -if ($_POST["action"] == 'add' && $caneditperms) +if ($_POST["action"] == 'add') { + if($caneditperms){ $message=""; if (! $_POST["nom"]) { $message='
'.$langs->trans("NameNotDefined").'
'; @@ -86,10 +92,14 @@ if ($_POST["action"] == 'add' && $caneditperms) $action="create"; // Go back to create page } } + }else{ + $message = '
'.$langs->trans('ErrorForbidden').'
'; + } } -if ($_POST["action"] == 'adduser' && $caneditperms) +if ($_POST["action"] == 'adduser') { + if($caneditperms){ if ($_POST["user"]) { $edituser = new User($db, $_POST["user"]); @@ -97,10 +107,14 @@ if ($_POST["action"] == 'adduser' && $caneditperms) Header("Location: fiche.php?id=".$_GET["id"]); } + }else{ + $message = '
'.$langs->trans('ErrorForbidden').'
'; + } } -if ($_GET["action"] == 'removeuser' && $caneditperms) +if ($_GET["action"] == 'removeuser') { + if($caneditperms){ if ($_GET["user"]) { $edituser = new User($db, $_GET["user"]); @@ -108,10 +122,14 @@ if ($_GET["action"] == 'removeuser' && $caneditperms) Header("Location: fiche.php?id=".$_GET["id"]); } + }else{ + $message = '
'.$langs->trans('ErrorForbidden').'
'; + } } -if ($_POST["action"] == 'update' && $caneditperms) +if ($_POST["action"] == 'update') { + if($caneditperms){ $message=""; $db->begin(); @@ -131,7 +149,9 @@ if ($_POST["action"] == 'update' && $caneditperms) $message.='
'.$editgroup->error.'
'; $db->rollback; } - + }else{ + $message = '
'.$langs->trans('ErrorForbidden').'
'; + } } @@ -176,6 +196,9 @@ if ($action == 'create') /* ************************************************************************** */ else { + + if ($message) { print $message."
"; } + if ($_GET["id"] ) { $group = new UserGroup($db);