From 2855a45208d2c130ed1fc156e06dd5d8fd90f62a Mon Sep 17 00:00:00 2001 From: Frank Schubert Date: Tue, 4 Jun 2024 18:41:42 +0200 Subject: [PATCH] Checking permissions in status- & discount import --- Layout/default/Preorder/Statusupdateimport.php | 3 ++- Layout/default/PreorderDiscount/Import.php | 3 ++- application/Preorder/PreorderController.php | 9 +++++++++ .../PreorderDiscount/PreorderDiscountController.php | 9 +++++++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Layout/default/Preorder/Statusupdateimport.php b/Layout/default/Preorder/Statusupdateimport.php index 062a391ad..93ead0c9e 100644 --- a/Layout/default/Preorder/Statusupdateimport.php +++ b/Layout/default/Preorder/Statusupdateimport.php @@ -7,7 +7,8 @@
  1. ">
    2. -
  2. Vorbestellung
    3. +
  3. ">Vorbestellung
    4. +
  4. Statusupdateimport

Statusupdates importieren

diff --git a/Layout/default/PreorderDiscount/Import.php b/Layout/default/PreorderDiscount/Import.php index dbf624213..3932b5bc2 100644 --- a/Layout/default/PreorderDiscount/Import.php +++ b/Layout/default/PreorderDiscount/Import.php @@ -7,7 +7,8 @@
  1. ">
    2. -
  2. Vorbestellung
    3. +
  3. ">Vorbestellung
    4. +
  4. Gutscheincodeimport

Gutscheincodes importieren

diff --git a/application/Preorder/PreorderController.php b/application/Preorder/PreorderController.php index 955260fd2..fb03d24e2 100644 --- a/application/Preorder/PreorderController.php +++ b/application/Preorder/PreorderController.php @@ -775,6 +775,7 @@ class PreorderController extends mfBaseController { } $i = 0; + $forbidden = 0; $notfound = 0; $invalidcode = 0; $nochange = 0; @@ -799,6 +800,11 @@ class PreorderController extends mfBaseController { continue; } + if($preorder->campaign->network->owner_id != $this->me->address_id) { + $forbidden++; + continue; + } + if($preorder->status->code != $new_status_code) { $new_status = PreorderstatusModel::getFirst(["code" => $new_status_code]); if(!$new_status_code) { @@ -818,6 +824,9 @@ class PreorderController extends mfBaseController { if($notfound) { $message .= "
$notfound Bestellungen nicht gefunden"; } + if($forbidden) { + $message .= "
$forbidden Bestellungen in falschem Netzgebiet"; + } if($nochange) { $message .= "
$nochange Bestelllungen haben bereits den neuen Status"; } diff --git a/application/PreorderDiscount/PreorderDiscountController.php b/application/PreorderDiscount/PreorderDiscountController.php index 9ceb292ec..70c69c32f 100644 --- a/application/PreorderDiscount/PreorderDiscountController.php +++ b/application/PreorderDiscount/PreorderDiscountController.php @@ -32,6 +32,7 @@ class PreorderDiscountController extends mfBaseController { } $i = 0; + $forbidden = 0; $notfound = 0; $exists = 0; $saved = 0; @@ -55,6 +56,11 @@ class PreorderDiscountController extends mfBaseController { continue; } + if($preorder->campaign->network->owner_id != $this->me->address_id) { + $forbidden++; + continue; + } + $discount_code = PreorderDiscountModel::getFirst(["code" => $code, "preorer_id" => $preorder->id]); if($discount_code) { $exists++; @@ -79,6 +85,9 @@ class PreorderDiscountController extends mfBaseController { if($notfound) { $message .= "
$notfound Bestellungen nicht gefunden"; } + if($forbidden) { + $message .= "
$forbidden Bestellungen in falschem Netzgebiet"; + } if($exists) { $message .= "
$exists Gutscheincodes schon verknüpft"; }