[Mapbender-commits] r5790 - branches/2.6/http/php

[svn_mapbender at osgeo.org]

Author: christoph
Date: 2010-03-16 12:59:06 -0400 (Tue, 16 Mar 2010)
New Revision: 5790

Modified:
   branches/2.6/http/php/mod_customTree_server.php
Log:
checked if user is allowed to update custom tree

Modified: branches/2.6/http/php/mod_customTree_server.php
===================================================================
--- branches/2.6/http/php/mod_customTree_server.php	2010-03-16 16:39:45 UTC (rev 5789)
+++ branches/2.6/http/php/mod_customTree_server.php	2010-03-16 16:59:06 UTC (rev 5790)
@@ -159,32 +159,38 @@
 	case 'update':
 		$elementArray = $queryObj->parameters->data->folderArray;		
 		$applicationId = $queryObj->parameters->data->applicationId;		
-		$sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
-		$v = array($applicationId);
-		$t = array("s");
-		$res = db_prep_query($sql, $v, $t);
+		// get all of the users applications
+		$allowedApplicationArray = $user->getApplicationsByPermission(0);
+
+		if (in_array($applicationId, $allowedApplicationArray)) {
+
+			$sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
+			$v = array($applicationId);
+			$t = array("s");
+			$res = db_prep_query($sql, $v, $t);
+			
+			$rowArray = array();
+			for ($i = 0; $i < count($elementArray); $i++) {
 		
-		$rowArray = array();
-		for ($i = 0; $i < count($elementArray); $i++) {
+				$currentElement = $elementArray[$i];
 	
-			$currentElement = $elementArray[$i];
-
-			$sql = "INSERT INTO gui_treegde (fkey_gui_id, lft, rgt, " . 
-				"my_layer_title, wms_id) VALUES ($1, $2, $3, $4, $5)";
-			$v = array(
-				$applicationId, 
-				$currentElement->left, 
-				$currentElement->right, 
-				$currentElement->name, 
-				$currentElement->wms
-			);
-			$t = array("s", "i", "i", "s", "s");
-			$res = db_prep_query($sql, $v, $t);
-			$rowArray[]= $v;
+				$sql = "INSERT INTO gui_treegde (fkey_gui_id, lft, rgt, " . 
+					"my_layer_title, wms_id) VALUES ($1, $2, $3, $4, $5)";
+				$v = array(
+					$applicationId, 
+					$currentElement->left, 
+					$currentElement->right, 
+					$currentElement->name, 
+					$currentElement->wms
+				);
+				$t = array("s", "i", "i", "s", "s");
+				$res = db_prep_query($sql, $v, $t);
+				$rowArray[]= $v;
+			}
+			$data = array("sql" => $sql, "data" => $rowArray);
+			$resultObj["data"] = $data;
+			$resultObj["success"] = "Elements have been updated in the database.";
 		}
-		$data = array("sql" => $sql, "data" => $rowArray);
-		$resultObj["data"] = $data;
-		$resultObj["success"] = "Elements have been updated in the database.";
 		break;