From 20288e72babfb6379bad32d29b74fedc95596e44 Mon Sep 17 00:00:00 2001 From: Chuck Scott Date: Tue, 17 May 2016 12:26:56 -0400 Subject: [PATCH] Fixed open access to all events by logged in member --- models/admin/events/index.php | 31 +++++++++++++++--- models/admin/events/list.php | 60 ++++++++++++++++++++--------------- views/admin/events/edit.html | 17 ++++++++-- views/admin/events/index.html | 4 +++ views/admin/events/list.html | 7 ++-- 5 files changed, 84 insertions(+), 35 deletions(-) diff --git a/models/admin/events/index.php b/models/admin/events/index.php index 2fc5527..fb9ac4b 100644 --- a/models/admin/events/index.php +++ b/models/admin/events/index.php @@ -88,11 +88,24 @@ class GlmMembersAdmin_events_index extends GlmDataEvents public function modelAction($actionData = false) { + $memberID = false; + $lockedToMember = false; + $lockedWhereT = 'true'; + $lockedWhere = 'true'; $numbEvents = 0; $numbPending = 0; $namesList = false; $haveCategories = false; + // Check if there's a logged in user who is locked to their own entity + $lockedToMember = apply_filters('glm_members_locked_to_member_id', false); + if ($lockedToMember) { + $memberID = $lockedToMember; + $lockedToMember = $memberID; + $lockedWhereT = 'T.ref_type = '.$this->config['ref_type_numb']['Member'].' AND T.ref_dest = '.$memberID; + $lockedWhere = 'ref_type = '.$this->config['ref_type_numb']['Member'].' AND ref_dest = '.$memberID; + } + // Check for required Event Categories require_once(GLM_MEMBERS_EVENTS_PLUGIN_CLASS_PATH.'/data/dataCategories.php'); $EventCategories = new GlmDataEventsCategories($this->wpdb, $this->config); @@ -102,21 +115,29 @@ class GlmMembersAdmin_events_index extends GlmDataEvents } // Get full list of names matching this where clause for search box - $namesList = $this->getIdName(); + $namesList = $this->getIdName($lockedWhereT); // Get number of events - $numbEvents = $this->getStats(); + $numbEvents = $this->getStats($lockedWhere); + + // I know this is awkward, but we if there's anything that follows these we need " AND " appended. + if ($lockedWhereT != '') { + $lockedWhereT .= ' AND '; + } + if ($lockedWhere != '') { + $lockedWhere .= ' AND '; + } // Get number of events pending - $numbPending = $this->getStats('status = '.$this->config['status_numb']['Pending']); + $numbPending = $this->getStats($lockedWhere.' status = '.$this->config['status_numb']['Pending']); // Get list of Pending Events -// $pending = $this->getList('T.status = '.$this->config['status_numb']['Pending'], 'name', true, 'id', 1, 20); - $pending = $this->getIdName('T.status = '.$this->config['status_numb']['Pending']); + $pending = $this->getIdName($lockedWhereT.' T.status = '.$this->config['status_numb']['Pending']); // Compile template data $templateData = array( + 'lockedToMember' => $lockedToMember, 'numbEvents' => $numbEvents, 'pending' => $pending, 'namesList' => $namesList, diff --git a/models/admin/events/list.php b/models/admin/events/list.php index d35b0fa..318c78e 100644 --- a/models/admin/events/list.php +++ b/models/admin/events/list.php @@ -92,6 +92,7 @@ class GlmMembersAdmin_events_list extends GlmDataEvents public function modelAction($actionData = false) { + $lockedToMember = false; $numbEvents = 0; $option = 'list'; $events = false; @@ -133,32 +134,19 @@ class GlmMembersAdmin_events_list extends GlmDataEvents $limit = 20; // Set to the number of listings per page $namesList = false; + // Check if there's a logged in user who is locked to their own entity + $lockedToMember = apply_filters('glm_members_locked_to_member_id', false); + if ($lockedToMember) { + $memberID = $lockedToMember; + // Check for Member Menu Use - if (defined('GLM_EVENTS_MEMBER_MENU')) { + } elseif (defined('GLM_EVENTS_MEMBER_MENU')) { // Try to get member ID $memberID = (isset($_REQUEST['member']) ? $_REQUEST['member'] : 0); - // If not a valid member ID - if ($memberID > 0) { - - // Get base member information - require_once(GLM_MEMBERS_PLUGIN_CLASS_PATH.'/data/dataMembers.php'); - $Member = new GlmDataMembers($this->wpdb, $this->config); - $memberData = $Member->getEntry($memberID); - - if (!$memberData) { - return array( - 'status' => false, - 'menuItemRedirect' => 'error', - 'modelRedirect' => 'index', - 'view' => 'admin/error/index.html', - 'data' => array( - 'reason' => 'No member data found for provided member ID.' - ) - ); - } - } else { + // If there's no valid member ID, we can't continue + if ($memberID == 0) { return array( 'status' => false, 'menuItemRedirect' => 'error', @@ -169,9 +157,30 @@ class GlmMembersAdmin_events_list extends GlmDataEvents ) ); } + } - $haveMember = true; - $memberName = $memberData['name']; + // If not a valid member ID + if ($memberID > 0) { + + // Get base member information + require_once(GLM_MEMBERS_PLUGIN_CLASS_PATH.'/data/dataMembers.php'); + $Member = new GlmDataMembers($this->wpdb, $this->config); + $memberData = $Member->getEntry($memberID); + + if (!$memberData) { + return array( + 'status' => false, + 'menuItemRedirect' => 'error', + 'modelRedirect' => 'index', + 'view' => 'admin/error/index.html', + 'data' => array( + 'reason' => 'No member data found for provided member ID.' + ) + ); + } else{ + $haveMember = true; + $memberName = $memberData['name']; + } } @@ -215,7 +224,7 @@ class GlmMembersAdmin_events_list extends GlmDataEvents switch ($option) { case 'add': -echo "Member name = $memberName

"; + $event = $this->newEntry(); $view = 'edit'; @@ -587,7 +596,7 @@ echo "Member name = $memberName

"; } // Check if the list is for a specific member - if (defined('GLM_EVENTS_MEMBER_MENU') && $memberID) { + if (defined('GLM_EVENTS_MEMBER_MENU') || $memberID) { $where .= " AND ref_dest = $memberID"; } @@ -689,6 +698,7 @@ echo "Member name = $memberName

"; } $templateData = array( + 'lockedToMember' => $lockedToMember, 'option' => $option, 'events' => $events, 'haveEvents' => $haveEvents, diff --git a/views/admin/events/edit.html b/views/admin/events/edit.html index a93730d..9c42604 100644 --- a/views/admin/events/edit.html +++ b/views/admin/events/edit.html @@ -1,4 +1,4 @@ -{if $haveMember} +{if $haveMember && !$lockedToMember } {include file='admin/member/header.html'} {else} {include file='admin/events/header.html'} @@ -19,8 +19,19 @@

Add new Event

{/if} -
- + {if $haveMember && !$lockedToMember} + + + {else} + {if $lockedToMember} + + + {else} + + + + {/if} + {/if} {if $haveMember} diff --git a/views/admin/events/index.html b/views/admin/events/index.html index fc7eb43..fd904d3 100644 --- a/views/admin/events/index.html +++ b/views/admin/events/index.html @@ -85,7 +85,11 @@ html: true, select: function( event, ui ) { var eventID = ui.item.id; + {if $lockedToMember} + window.location.replace("{$adminUrl}?page=glm-members-admin-menu-events-list&glm_action=list&option=edit&event=" + eventID ); + {else} window.location.replace("{$adminUrl}?page=glm-members-admin-menu-events-index&glm_action=list&option=edit&event=" + eventID ); + {/if} }, response: function(event, ui) { if (!ui.content.length) { diff --git a/views/admin/events/list.html b/views/admin/events/list.html index 591c411..2045d5a 100644 --- a/views/admin/events/list.html +++ b/views/admin/events/list.html @@ -1,10 +1,9 @@ -{if $haveMember} +{if $haveMember && !$lockedToMember} {include file='admin/member/header.html'} {else} {include file='admin/events/header.html'} {/if} - {if apply_filters('glm_members_permit_admin_events_index_add_event', true)}

{if $haveMember} {* This is if we're processing events for a specific member *} @@ -84,7 +83,11 @@ {if $haveMember} + {if $lockedToMember} + {$e.name} + {else} {$e.name} + {/if} {else} {$e.name} {/if} -- 2.17.1