From 2cc4778de8ed465a0c870f120ec06510b6828edd Mon Sep 17 00:00:00 2001
From: Florian Pritz
Date: Fri, 13 Apr 2012 22:03:36 +0200
Subject: Hide delete button if user doesn't own the id
It won't work anyway.
Signed-off-by: Florian Pritz
---
application/controllers/file.php | 2 ++
application/models/file_mod.php | 2 +-
application/views/file/delete_form.php | 8 ++++++--
3 files changed, 9 insertions(+), 3 deletions(-)
(limited to 'application')
diff --git a/application/controllers/file.php b/application/controllers/file.php
index f6a37eaf8..cb10e9e2f 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -200,6 +200,8 @@ class File extends CI_Controller {
}
}
+ $this->data["can_delete"] = $this->data["filedata"]["user"] == $this->muser->get_userid();
+
$this->load->view($this->var->view_dir.'/header', $this->data);
$this->load->view($this->var->view_dir.'/delete_form', $this->data);
$this->load->view($this->var->view_dir.'/footer', $this->data);
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 48248fe7d..26d384fa9 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -55,7 +55,7 @@ class File_mod extends CI_Model {
function get_filedata($id)
{
$sql = '
- SELECT hash, filename, mimetype, date
+ SELECT hash, filename, mimetype, date, user
FROM `files`
WHERE `id` = ?
LIMIT 1';
diff --git a/application/views/file/delete_form.php b/application/views/file/delete_form.php
index 9e4562081..55827c019 100644
--- a/application/views/file/delete_form.php
+++ b/application/views/file/delete_form.php
@@ -2,7 +2,9 @@
".$msg."
"; ?>
- You are about to delete the following upload:
+
+ You are about to delete the following upload:
+
-
+
+
+
--
cgit v1.2.3-24-g4f1b