partkeepr

fork of partkeepr
git clone https://git.e1e0.net/partkeepr.git
Log | Files | Refs | Submodules | README | LICENSE

commit b42d71aadd2f18fa1f7bb1865234c4b1d4a1b178
parent 56c34bf317712190db0a7756790810aba26c75d1
Author: Felicitus <felicitus@felicitus.org>
Date:   Thu, 30 Jun 2011 02:41:23 +0200

Bugfix for permission checking on stock level updates

Diffstat:
Msrc/de/RaumZeitLabor/PartKeepr/Stock/StockService.php | 4++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/de/RaumZeitLabor/PartKeepr/Stock/StockService.php b/src/de/RaumZeitLabor/PartKeepr/Stock/StockService.php @@ -51,8 +51,8 @@ class StockService extends Service implements RestfulService { $stockEntry = StockEntry::loadById($this->getParameter("id")); - if (!SessionManager::getCurrentSession()->getUser()->isAdmin() || - (SessionManager::getCurrentSession()->getUser() && $stockEntry->getUser() && SessionManager::getCurrentSession()->getUser()->getId() != $stockEntry->getUser()->getId() )) { + if (!SessionManager::getCurrentSession()->getUser()->isAdmin() && + !(SessionManager::getCurrentSession()->getUser() && $stockEntry->getUser() && SessionManager::getCurrentSession()->getUser()->getId() == $stockEntry->getUser()->getId() )) { throw new \Exception("Permission denied"); }