Commit b069742a authored by Matthias Larisch's avatar Matthias Larisch

Require region membership to create a store

parent b983ad8e
Pipeline #48476589 failed with stages
in 4 minutes and 44 seconds
......@@ -44,6 +44,7 @@
- Fix multiple XSS vulnerabilities !722 @alangecker
- Properly show quiz as succeeded when errorpoints match max. allowed errorpoints @NerdyProjects
- Fix wrong stated relationship between user role and home district on user dashboard. Add information about user pickups to dashboard.!748 @pmayd
- Only allow creation of stores in a region you are member of @NerdyProjects
## Refactoring
- replaced many outdated jquery functions !655 @peter.toennies
......
<?php
$g_lang = array();
$g_lang['group.delete'] = 'Gruppe löschen';
$g_lang['store.can_only_create_store_in_member_region'] = 'Du kannst Betriebe nur in Regionen anlegen, in denen Du Mitglied bist.';
$g_lang['email_adress'] = 'E-Mail-Adresse';
$g_lang['password'] = 'Passwort';
$g_lang['login'] = 'Login';
......
......@@ -40,12 +40,11 @@ class StoreControl extends Control
{
/* form methods below work with $g_data */
global $g_data;
$bezirk_id = $this->func->getGet('bid');
if (!isset($_GET['bid'])) {
$bezirk_id = $this->session->getCurrentBezirkId();
} else {
if (isset($_GET['bid'])) {
$bezirk_id = (int)$_GET['bid'];
} else {
$bezirk_id = $this->session->getCurrentBezirkId();
}
if (!$this->session->isOrgaTeam() && $bezirk_id == 0) {
......@@ -168,6 +167,10 @@ class StoreControl extends Control
if (!isset($g_data['bezirk_id'])) {
$g_data['bezirk_id'] = $this->session->getCurrentBezirkId();
}
if (!in_array($g_data['bezirk_id'], $this->session->listRegionIDs())) {
$this->func->error($this->func->s('store.can_only_create_store_in_member_region'));
$this->func->goPage();
}
if (isset($g_data['ort'])) {
$g_data['stadt'] = $g_data['ort'];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment