Added checks in list.php to determine if the current logged in member id matches the member of an event.
If it doesn't, simply display an message that the event may not be accessed.
case 'edit':
+
+
$event = $this->editEntry($this->eventID);
+ // If we have a good event
if ($event['status']) {
$haveEvent = true;
}
+ // If we're locked to a member as a contact user and the event member doesn't equal the contact member
+ if ($lockedToMember && $event['fieldData']['ref_dest_id'] != $lockedToMember) {
+ $haveEvent = false;
+ $event = false;
+ }
+
$view = 'edit';
break;
{include file='admin/events/header.html'}
{/if}
-{if apply_filters('glm_members_permit_admin_member_event', true)}
+{if apply_filters('glm_members_permit_admin_member_event', true) && ($option == 'add' || $haveEvent)}
{if $haveMember}
<a href="{$thisUrl}?page=glm-members-admin-menu-member&glm_action=events&member={$memberID}" class="button button-secondary glm-button glm-right">Return to Events List</a>
{else} <!-- Can just display -->
- <table class="glm-admin-table">
- <tr><th>Name:</th><td>{$event.fieldData.name}</td></tr>
- </table>
+ <h3>Sorry, no event found or permission not granted.</h3>
{/if}
projects / WP-Plugins / glm-member-db-events.git / commitdiff