kopia lustrzana https://github.com/magicbug/Cloudlog
added checks to backend and frontend of "print requested qsls" to only
allow access to QSOs of userpull/1308/head
rodzic
e044da8df0
commit
821a00dabb
|
@ -28,7 +28,7 @@ class QSLPrint extends CI_Controller {
|
|||
redirect('user/login');
|
||||
}
|
||||
$this->load->model('stations');
|
||||
$data['station_profile'] = $this->stations->all();
|
||||
$data['station_profile'] = $this->stations->all_of_user();
|
||||
|
||||
$this->load->model('qslprint_model');
|
||||
$data['qsos'] = $this->qslprint_model->get_qsos_for_print();
|
||||
|
|
|
@ -24,6 +24,8 @@ class adif_data extends CI_Model {
|
|||
}
|
||||
|
||||
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
|
||||
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
|
||||
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where_in('COL_QSL_SENT', array('R', 'Q'));
|
||||
$this->db->order_by("COL_TIME_ON", "ASC");
|
||||
$query = $this->db->get($this->config->item('table_name'));
|
||||
|
|
|
@ -852,6 +852,9 @@ class Logbook_model extends CI_Model {
|
|||
$sql .= ' and thcv.station_id = ' . $station_id2;
|
||||
}
|
||||
|
||||
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
|
||||
$sql .= ' and station_profile.user_id = ' . $this->session->userdata('user_id');
|
||||
|
||||
$sql .= ' ORDER BY ADIF, COL_ROUTING';
|
||||
|
||||
$query = $this->db->query($sql);
|
||||
|
|
|
@ -8,19 +8,33 @@ class Qslprint_model extends CI_Model {
|
|||
$station_id = $CI->Stations->find_active();
|
||||
|
||||
$data = array(
|
||||
'COL_QSLSDATE' => date('Y-m-d'),
|
||||
'COL_QSL_SENT' => "Y",
|
||||
'COL_QSL_SENT_VIA' => "B",
|
||||
'COL_QSLSDATE' => date('Y-m-d'),
|
||||
'COL_QSL_SENT' => "Y",
|
||||
'COL_QSL_SENT_VIA' => "B",
|
||||
);
|
||||
|
||||
$this->db->where_in("COL_QSL_SENT", array("R","Q"));
|
||||
|
||||
if ($station_id2 == NULL) {
|
||||
$this->db->where("station_id", $station_id);
|
||||
} else if ($station_id2 == 'All') {
|
||||
// get all stations of user
|
||||
$stations = $CI->Stations->all_of_user();
|
||||
$station_ids = array();
|
||||
foreach ($stations->result() as $row) {
|
||||
array_push($station_ids, $row->station_id);
|
||||
}
|
||||
|
||||
// filter by all stations
|
||||
$this->db->where_in("station_id", $station_ids);
|
||||
} else if ($station_id2 != 'All') {
|
||||
// be sure that station belongs to user
|
||||
if (!$CI->Stations->check_station_is_accessible($station_id2)) {
|
||||
return;
|
||||
}
|
||||
$this->db->where("station_id", $station_id2);
|
||||
}
|
||||
|
||||
$this->db->where_in("COL_QSL_SENT", array("R","Q"));
|
||||
|
||||
$this->db->update($this->config->item('table_name'), $data);
|
||||
}
|
||||
|
||||
|
@ -35,6 +49,8 @@ class Qslprint_model extends CI_Model {
|
|||
}
|
||||
|
||||
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
|
||||
// always filter user. this ensures that even if the station_id is from another user no inaccesible QSOs will be returned
|
||||
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where_in('COL_QSL_SENT', array('R', 'Q'));
|
||||
$this->db->order_by("COL_TIME_ON", "ASC");
|
||||
$query = $this->db->get($this->config->item('table_name'));
|
||||
|
@ -49,6 +65,13 @@ class Qslprint_model extends CI_Model {
|
|||
}
|
||||
|
||||
function delete_from_qsl_queue($id) {
|
||||
// be sure that QSO belongs to user
|
||||
$CI =& get_instance();
|
||||
$CI->load->model('logbook_model');
|
||||
if (!$CI->logbook_model->check_qso_is_accessible($id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'COL_QSL_SENT' => "N",
|
||||
);
|
||||
|
@ -60,6 +83,13 @@ class Qslprint_model extends CI_Model {
|
|||
}
|
||||
|
||||
function add_qso_to_print_queue($id) {
|
||||
// be sure that QSO belongs to user
|
||||
$CI =& get_instance();
|
||||
$CI->load->model('logbook_model');
|
||||
if (!$CI->logbook_model->check_qso_is_accessible($id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'COL_QSL_SENT' => "R",
|
||||
);
|
||||
|
@ -72,6 +102,8 @@ class Qslprint_model extends CI_Model {
|
|||
|
||||
function open_qso_list($callsign) {
|
||||
$this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id');
|
||||
// always filter user. this ensures that no inaccesible QSOs will be returned
|
||||
$this->db->where('station_profile.user_id', $this->session->userdata('user_id'));
|
||||
$this->db->where('COL_CALL like "%'.$callsign.'%"');
|
||||
$this->db->where('coalesce(COL_QSL_SENT, "") not in ("R", "Q")');
|
||||
$this->db->order_by("COL_TIME_ON", "ASC");
|
||||
|
|
Ładowanie…
Reference in New Issue