diff options
| author | Florian Pritz <bluewind@xinu.at> | 2012-04-13 22:03:36 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2012-04-13 22:03:36 +0200 |
| commit | 2cc4778de8ed465a0c870f120ec06510b6828edd (patch) | |
| tree | 23e658f260cdf975450f6524ac506836a60c1d28 | |
| parent | 189e232fc65ab356eef9997a81a9755d17c41b37 (diff) | |
Hide delete button if user doesn't own the id
It won't work anyway.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
| -rw-r--r-- | application/controllers/file.php | 2 | ||||
| -rw-r--r-- | application/models/file_mod.php | 2 | ||||
| -rw-r--r-- | application/views/file/delete_form.php | 8 |
3 files changed, 9 insertions, 3 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index f6a37eaf8..cb10e9e2f 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -200,6 +200,8 @@ class File extends CI_Controller { } } + $this->data["can_delete"] = $this->data["filedata"]["user"] == $this->muser->get_userid(); + $this->load->view($this->var->view_dir.'/header', $this->data); $this->load->view($this->var->view_dir.'/delete_form', $this->data); $this->load->view($this->var->view_dir.'/footer', $this->data); diff --git a/application/models/file_mod.php b/application/models/file_mod.php index 48248fe7d..26d384fa9 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -55,7 +55,7 @@ class File_mod extends CI_Model { function get_filedata($id) { $sql = ' - SELECT hash, filename, mimetype, date + SELECT hash, filename, mimetype, date, user FROM `files` WHERE `id` = ? LIMIT 1'; diff --git a/application/views/file/delete_form.php b/application/views/file/delete_form.php index 9e4562081..55827c019 100644 --- a/application/views/file/delete_form.php +++ b/application/views/file/delete_form.php @@ -2,7 +2,9 @@ <?php echo form_open('file/delete/'.$id); ?> <?php if(isset($msg)) echo "<p>".$msg."</p>"; ?> <?php if($filedata): ?> - <p>You are about to delete the following upload:</p> + <?php if($can_delete) { ?> + <p>You are about to delete the following upload:</p> + <?php } ?> <table style="margin: auto"> <tr> <td class="title">ID</td> @@ -25,7 +27,9 @@ <td class="text"><?php echo $filedata["mimetype"]; ?></td> </tr> </table> - <input type="submit" value="Delete" name="process" /> + <?php if($can_delete) { ?> + <input type="submit" value="Delete" name="process" /> + <?php } ?> <?php endif; ?> </form> </div> |