Commit 16230fd2 authored by mcramer's avatar mcramer
Browse files
parent df0089f3
...@@ -359,7 +359,7 @@ class tform_actions { ...@@ -359,7 +359,7 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') { if($app->tform->formDef['auth'] == 'no') {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
} else { } else {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
} }
if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
...@@ -400,7 +400,7 @@ class tform_actions { ...@@ -400,7 +400,7 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') { if($app->tform->formDef['auth'] == 'no') {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
} else { } else {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
} }
if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
...@@ -436,7 +436,7 @@ class tform_actions { ...@@ -436,7 +436,7 @@ class tform_actions {
if($app->tform->formDef['auth'] == 'no') { if($app->tform->formDef['auth'] == 'no') {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
} else { } else {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
} }
if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
...@@ -527,7 +527,7 @@ class tform_actions { ...@@ -527,7 +527,7 @@ class tform_actions {
// bestehenden Datensatz anzeigen // bestehenden Datensatz anzeigen
if($app->tform->errorMessage == '') { if($app->tform->errorMessage == '') {
if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
} else { } else {
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment