Fixing unwanted delete items see #2121

14 years ago · 7fddb15fd9
parent dc590b736f
commit 7fddb15fd9
2 changed files with 66 additions and 33 deletions
--- a/main/attendance/index.php
+++ b/main/attendance/index.php
@ -179,34 +179,56 @@ if (isset($_POST['action']) && $_POST['action'] == 'attendance_delete_select') {
 }

 // distpacher actions to controller
+
 switch ($action) {	
-	case 'attendance_list'	: 
-		$attendance_controller->attendance_list();
+	case 'attendance_list'		:	
+        $attendance_controller->attendance_list();
 		break;
-	case 'attendance_add'	:	
-		$attendance_controller->attendance_add();
+	case 'attendance_add'		:
+        if (api_is_allowed_to_edit(null, true)) {
+            $attendance_controller->attendance_add();
+        } else {
+        	api_not_allowed();
+        }
+        break;
+	case 'attendance_edit'		:	
+        if (api_is_allowed_to_edit(null, true)) {
+            $attendance_controller->attendance_edit($attendance_id);
+        } else {
+            api_not_allowed();
+        }
 		break;
-	case 'attendance_edit'	:	
-		$attendance_controller->attendance_edit($attendance_id);
+	case 'attendance_delete'	:
+    	if (api_is_allowed_to_edit(null, true)) {
+        $attendance_controller->attendance_delete($attendance_id);
+        } else { api_not_allowed();}
+		 break;									
+	case 'attendance_sheet_list'	:	
+        $attendance_controller->attendance_sheet($action, $attendance_id, $student_id);
 		break;
-	case 'attendance_delete':	
-		$attendance_controller->attendance_delete($attendance_id);
-		break;									
-	case 'attendance_sheet_list':	
-		$attendance_controller->attendance_sheet($action, $attendance_id, $student_id);
+	case 'attendance_sheet_add' 	:	
+        if (api_is_allowed_to_edit(null, true)) {
+        $attendance_controller->attendance_sheet($action, $attendance_id);
+        } else { api_not_allowed();}
 		break;
-	case 'attendance_sheet_add' :	
-		$attendance_controller->attendance_sheet($action, $attendance_id);
-		break;	
-	case 'calendar_list' 	:	
-	case 'calendar_add'  	:
-	case 'calendar_edit' 	:
-	case 'calendar_all_delete':
-	case 'calendar_delete' 	:	
-		$attendance_controller->attendance_calendar($action, $attendance_id, $calendar_id);
+    case 'lock_attendance'          :
+    case 'unlock_attendance'        :
+        if (api_is_allowed_to_edit(null, true)) {       
+        $attendance_controller->lock_attendance($action, $attendance_id);
+        } else { api_not_allowed();}
+        break;		
+	case 'calendar_add'  		:
+	case 'calendar_edit' 		:
+	case 'calendar_all_delete' 	:
+	case 'calendar_delete' 		:
+        if (!api_is_allowed_to_edit(null, true)) {
+            api_not_allowed();
+        }   
+    case 'calendar_list'        :    	
+        $attendance_controller->attendance_calendar($action, $attendance_id, $calendar_id);        
 		break;
-	default		  				:	
-		$attendance_controller->attendance_list();
+	default		  		:	
+        $attendance_controller->attendance_list();
 }

 ?>
--- a/main/course_progress/index.php
+++ b/main/course_progress/index.php
@ -199,18 +199,29 @@ switch ($action) {
 	case 'thematic_details'			:
 	case 'moveup'					:
 	case 'movedown'					:
-	case 'thematic_list'			:	$thematic_controller->thematic($action);
-										break;
-	case 'thematic_plan_list'		:
+        if (!api_is_allowed_to_edit(null,true)) {
+        	api_not_allowed();
+        }
+	case 'thematic_list'			:	
+        $thematic_controller->thematic($action);
+		break;	
 	case 'thematic_plan_add'		:
 	case 'thematic_plan_edit'		:
-	case 'thematic_plan_delete'		:	$thematic_controller->thematic_plan($action);
-										break;
-	case 'thematic_advance_list'	:
+	case 'thematic_plan_delete'		:
+        if (!api_is_allowed_to_edit(null,true)) {
+            api_not_allowed();
+        }	
+    case 'thematic_plan_list'       :
+        $thematic_controller->thematic_plan($action);
+        break;
+	
 	case 'thematic_advance_add'		:
 	case 'thematic_advance_edit'	:
-	case 'thematic_advance_delete'	:	$thematic_controller->thematic_advance($action);
-										break;
-}
-
-?>
+	case 'thematic_advance_delete'	:
+        if (!api_is_allowed_to_edit(null,true)) {
+            api_not_allowed();            
+        }
+    case 'thematic_advance_list'    : 
+        $thematic_controller->thematic_advance($action);
+        break;
+}