Report error if sql fails. Add check for access to specific event.
This commit is contained in:
parent
8c2dec03b6
commit
ce81099489
|
@ -75,7 +75,6 @@ if ( isset($_REQUEST['offset']) ) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Limit specifies the number of rows to return
|
// Limit specifies the number of rows to return
|
||||||
// Set the default to 0 for events view, to prevent an issue with ALL pagination
|
// Set the default to 0 for events view, to prevent an issue with ALL pagination
|
||||||
$limit = 0;
|
$limit = 0;
|
||||||
|
@ -108,7 +107,6 @@ switch ( $task ) {
|
||||||
ajaxError('Insufficient permissions for user '.$user['Username']);
|
ajaxError('Insufficient permissions for user '.$user['Username']);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($eids as $eid) $data[] = deleteRequest($eid);
|
foreach ($eids as $eid) $data[] = deleteRequest($eid);
|
||||||
break;
|
break;
|
||||||
case 'query' :
|
case 'query' :
|
||||||
|
@ -139,6 +137,8 @@ function deleteRequest($eid) {
|
||||||
$message[] = array($eid=>'Event not found.');
|
$message[] = array($eid=>'Event not found.');
|
||||||
} else if ( $event->Archived() ) {
|
} else if ( $event->Archived() ) {
|
||||||
$message[] = array($eid=>'Event is archived, cannot delete it.');
|
$message[] = array($eid=>'Event is archived, cannot delete it.');
|
||||||
|
} else if (!$event->canEdit()) {
|
||||||
|
$message[] = array($eid=>'You do not have permission to delete event '.$event->Id());
|
||||||
} else {
|
} else {
|
||||||
$event->delete();
|
$event->delete();
|
||||||
}
|
}
|
||||||
|
@ -147,7 +147,6 @@ function deleteRequest($eid) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $limit) {
|
function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $limit) {
|
||||||
|
|
||||||
$data = array(
|
$data = array(
|
||||||
'total' => 0,
|
'total' => 0,
|
||||||
'totalNotFiltered' => 0,
|
'totalNotFiltered' => 0,
|
||||||
|
@ -195,7 +194,10 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
|
||||||
|
|
||||||
ZM\Debug('Calling the following sql query: ' .$sql);
|
ZM\Debug('Calling the following sql query: ' .$sql);
|
||||||
$query = dbQuery($sql, $values);
|
$query = dbQuery($sql, $values);
|
||||||
if ( $query ) {
|
if (!$query) {
|
||||||
|
ajaxError(dbError($sql));
|
||||||
|
return;
|
||||||
|
}
|
||||||
while ($row = dbFetchNext($query)) {
|
while ($row = dbFetchNext($query)) {
|
||||||
$event = new ZM\Event($row);
|
$event = new ZM\Event($row);
|
||||||
$event->remove_from_cache();
|
$event->remove_from_cache();
|
||||||
|
@ -205,7 +207,6 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
|
||||||
$event_ids[] = $event->Id();
|
$event_ids[] = $event->Id();
|
||||||
$unfiltered_rows[] = $row;
|
$unfiltered_rows[] = $row;
|
||||||
} # end foreach row
|
} # end foreach row
|
||||||
}
|
|
||||||
|
|
||||||
ZM\Debug('Have ' . count($unfiltered_rows) . ' events matching base filter.');
|
ZM\Debug('Have ' . count($unfiltered_rows) . ' events matching base filter.');
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue