From 6f2f1ec25dc81d49c730017f9e31dcaf0ada186a Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 31 Jul 2018 13:13:30 +0200 Subject: [PATCH] Improve the readOnly check of form tabs. --- interface/lib/classes/tform.inc.php | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index b28e503224..920541cacc 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -132,20 +132,25 @@ class tform extends tform_base { function isReadonlyTab($tab, $primary_id) { global $app, $conf; + + if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true) { - // Add backticks for incomplete table names. - if(stristr($this->formDef['db_table'], '.')) { - $escape = ''; - } else { - $escape = '`'; - } + // Add backticks for incomplete table names. + if(stristr($this->formDef['db_table'], '.')) { + $escape = ''; + } else { + $escape = '`'; + } - $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?"; - $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id); + $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?"; + $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id); - // return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record. - if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) { - return true; + // return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record. + if($record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) { + return true; + } else { + return false; + } } else { return false; } -- GitLab