From 2cc4778de8ed465a0c870f120ec06510b6828edd Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 13 Apr 2012 22:03:36 +0200 Subject: Hide delete button if user doesn't own the id It won't work anyway. Signed-off-by: Florian Pritz --- application/controllers/file.php | 2 ++ application/models/file_mod.php | 2 +- application/views/file/delete_form.php | 8 ++++++-- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'application') diff --git a/application/controllers/file.php b/application/controllers/file.php index f6a37eaf8..cb10e9e2f 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -200,6 +200,8 @@ class File extends CI_Controller { } } + $this->data["can_delete"] = $this->data["filedata"]["user"] == $this->muser->get_userid(); + $this->load->view($this->var->view_dir.'/header', $this->data); $this->load->view($this->var->view_dir.'/delete_form', $this->data); $this->load->view($this->var->view_dir.'/footer', $this->data); diff --git a/application/models/file_mod.php b/application/models/file_mod.php index 48248fe7d..26d384fa9 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -55,7 +55,7 @@ class File_mod extends CI_Model { function get_filedata($id) { $sql = ' - SELECT hash, filename, mimetype, date + SELECT hash, filename, mimetype, date, user FROM `files` WHERE `id` = ? LIMIT 1'; diff --git a/application/views/file/delete_form.php b/application/views/file/delete_form.php index 9e4562081..55827c019 100644 --- a/application/views/file/delete_form.php +++ b/application/views/file/delete_form.php @@ -2,7 +2,9 @@ ".$msg."

"; ?> -

You are about to delete the following upload:

+ +

You are about to delete the following upload:

+ @@ -25,7 +27,9 @@
ID
- + + + -- cgit v1.2.3-24-g4f1b