Commit 26585e35 authored by chandi's avatar chandi Committed by Matthias Larisch

fixed permission in xhr.php?f=addFetcher

parent 4e949ea8
......@@ -1431,67 +1431,68 @@ class XhrMethods
public function xhr_addFetcher($data)
{
if (($this->storeGateway->isInTeam($this->session->id(), $data['bid']) || $this->session->isAmbassador() || $this->session->isOrgaTeam()) && $this->session->isVerified()) {
/*
* [f] => addFetcher
[date] => 2013-09-23 20:00:00
[bid] => 1
*/
$confirm = 0;
if ($this->session->isOrgaTeam() || $this->storeGateway->isResponsible($this->session->id(), $data['bid'])) {
$confirm = 1;
}
$storeId = (int)$data['bid'];
if (!$this->storePermissions->mayDoPickup($storeId)) {
return XhrResponses::PERMISSION_DENIED;
}
if (!empty($data['to'])) {
$this->incLang('StoreUser');
if (empty($data['from'])) {
$data['from'] = date('Y-m-d');
}
$time = explode(' ', $data['date']);
$time = $time[1];
/*
* [f] => addFetcher
[date] => 2013-09-23 20:00:00
[bid] => 1
*/
$confirm = 0;
if ($this->session->isOrgaTeam() || $this->storeGateway->isResponsible($this->session->id(), $storeId)) {
$confirm = 1;
}
$from = strtotime($data['from']);
$to = strtotime($data['to']);
if ($to > time() + 86400 * 7 * 3) {
$this->func->info('Das Datum liegt zu weit in der Zukunft!');
if (!empty($data['to'])) {
$this->incLang('StoreUser');
if (empty($data['from'])) {
$data['from'] = date('Y-m-d');
}
$time = explode(' ', $data['date']);
$time = $time[1];
return 0;
}
$from = strtotime($data['from']);
$to = strtotime($data['to']);
if ($to > time() + 86400 * 7 * 3) {
$this->func->info('Das Datum liegt zu weit in der Zukunft!');
$start = strtotime($data['date']);
return 0;
}
$cur_date = $from;
$start = strtotime($data['date']);
$dow = date('w', $start);
$count = 0;
$cur_date = $from;
do {
if (date('w', $cur_date) == $dow) {
++$count;
$this->storeGateway->addFetcher($this->session->id(), $data['bid'], date('Y-m-d', $cur_date) . ' ' . $time, $confirm);
}
if ($count > 20) {
break;
}
// + 1 Tag
$cur_date += 86400;
} while ($to > $cur_date);
$this->func->info($this->func->s('date_add_successful'));
$dow = date('w', $start);
$count = 0;
return '2';
}
do {
if (date('w', $cur_date) == $dow) {
++$count;
$this->storeGateway->addFetcher($this->session->id(), $storeId, date('Y-m-d', $cur_date) . ' ' . $time, $confirm);
}
if ($count > 20) {
break;
}
// + 1 Tag
$cur_date += 86400;
} while ($to > $cur_date);
$this->func->info($this->func->s('date_add_successful'));
if (!empty($data['from'])) {
return 0;
}
return '2';
}
$data['date'] = date('Y-m-d H:i:s', strtotime($data['date']));
if ($this->storeGateway->addFetcher($this->session->id(), $data['bid'], $data['date'], $confirm)) {
return $this->func->img($this->model->getVal('photo', 'foodsaver', $this->session->id()));
}
if (!empty($data['from'])) {
return 0;
}
return '0';
$data['date'] = date('Y-m-d H:i:s', strtotime($data['date']));
if ($this->storeGateway->addFetcher($this->session->id(), $storeId, $data['date'], $confirm)) {
return $this->func->img($this->model->getVal('photo', 'foodsaver', $this->session->id()));
}
}
private function incLang(string $moduleName): void
......
......@@ -108,4 +108,17 @@ class StorePermissions
{
return $this->mayEditStore($storeId);
}
public function mayDoPickup($storeId)
{
if (!$this->session->isVerified()) {
return false;
}
if (!$this->mayAccessStore($storeId)) {
return false;
}
return true;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment