[Mrbs-commits] SF.net SVN: mrbs:[1262] mrbs/branches/provisional_bookings/web

cimorrison Fri, 13 Nov 2009 03:03:10 -0800

Revision: 1262
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1262&view=rev
Author:   cimorrison
Date:     2009-11-13 11:02:40 +0000 (Fri, 13 Nov 2009)


Log Message:
-----------
- made the pending bookings list check for confirmation authority against room 
id (for future enhancements)
- fixed problem in confirm_entry_handler.php where the check for confirmation 
authority was carried out before the room was known
- tidied up pending.php by removing some redundant global declarations

Modified Paths:
--------------
    mrbs/branches/provisional_bookings/web/confirm_entry_handler.php
    mrbs/branches/provisional_bookings/web/pending.php

Modified: mrbs/branches/provisional_bookings/web/confirm_entry_handler.php
===================================================================
--- mrbs/branches/provisional_bookings/web/confirm_entry_handler.php    
2009-11-12 20:39:48 UTC (rev 1261)
+++ mrbs/branches/provisional_bookings/web/confirm_entry_handler.php    
2009-11-13 11:02:40 UTC (rev 1262)
@@ -33,7 +33,7 @@
 }
 
 // Check that we're allowed to use this page
-// (1) We must be at least a logged in user
+// We must be at least a logged in user
 if(!getAuthorised(1))
 {
   showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
@@ -44,14 +44,6 @@
                   
 if (isset($action))
 {
-  // (2) We must also have confirm rights for this room if necessary
-  if ((($action == "accept") || ($action == "reject")) 
-       && !auth_can_confirm($user, $room_id))
-  {
-    showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
-    exit;
-  }
-  
   $need_to_send_mail = ($mail_settings['admin_on_bookings'] or 
$mail_settings['area_admin_on_bookings'] or
                         $mail_settings['room_admin_on_bookings'] or 
$mail_settings['booker'] or
                         $mail_settings['book_admin_on_provisional']);
@@ -104,7 +96,15 @@
     $enable_periods ? toPeriodString($start_period, $duration, $dur_units, 
FALSE) : toTimeString($duration, $dur_units, FALSE);
 
   }
-
+  
+  // Now that we know the room, check that we have confirm rights for it if 
necessary
+  if ((($action == "accept") || ($action == "reject")) 
+       && !auth_can_confirm($user, $room_id))
+  {
+    showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
+    exit;
+  }
+  
   // ACTION = "ACCEPT"
   if ($action == "accept")
   {

Modified: mrbs/branches/provisional_bookings/web/pending.php
===================================================================
--- mrbs/branches/provisional_bookings/web/pending.php  2009-11-12 20:39:48 UTC 
(rev 1261)
+++ mrbs/branches/provisional_bookings/web/pending.php  2009-11-13 11:02:40 UTC 
(rev 1262)
@@ -6,14 +6,14 @@
 function display_buttons($row, $is_series)
 {
   global $PHP_SELF;
-  global $is_admin, $remind_interval, $user;
+  global $user, $remind_interval;
   
   $last_reminded = (empty($row['reminded'])) ? $row['last_updated'] : 
$row['reminded'];
   $returl = $PHP_SELF;
                                     
   $target_id = ($is_series) ? $row['repeat_id'] : $row['id'];
   
-  if ($is_admin)
+  if (auth_can_confirm($user, $row['room_id']))
   {
     // accept
     echo "<form action=\"confirm_entry_handler.php\" method=\"post\">\n";
@@ -73,9 +73,7 @@
 
 // display the header row for a series
 function display_series_header($row, $table_id)
-{
-  global $n_cols, $is_admin, $tbl_entry, $user;
-    
+{  
   echo "<tr>";  // no \n so as not to create another child in the DOM
   echo "<th class=\"control\" 
onClick=\"toggle_table('$table_id')\">&nbsp;</th>\n";
   // reservation name, with a link to the view_entry page
@@ -97,9 +95,7 @@
 // display an entry in a row
 function display_entry_row($row)
 {
-  global $PHP_SELF;
-  global $enable_periods, $remind_interval;
-  global $is_admin;
+  global $enable_periods;
   
   echo "<tr>\n";
   echo "<td class=\"control\">&nbsp;</td>\n";
@@ -169,7 +165,7 @@
 echo "<h1>" . get_vocab("pending") . "</h1>\n";
 
 // Get a list of all the provisional bookings
-$sql = "SELECT E.id, E.name, E.start_time, E.create_by, " .
+$sql = "SELECT E.id, E.name, E.room_id, E.start_time, E.create_by, " .
                sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated,
                E.reminded, E.repeat_id,
                R.room_name, R.area_id, A.area_name


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

[Mrbs-commits] SF.net SVN: mrbs:[1262] mrbs/branches/provisional_bookings/web

Reply via email to