[Mapbender-commits] r5791 - trunk/mapbender/http/php

[svn_mapbender at osgeo.org]

Author: christoph
Date: 2010-03-16 13:03:26 -0400 (Tue, 16 Mar 2010)
New Revision: 5791

Modified:
   trunk/mapbender/http/php/mod_customTree_server.php
Log:
checked if user is allowed to update custom tree

Modified: trunk/mapbender/http/php/mod_customTree_server.php
===================================================================
--- trunk/mapbender/http/php/mod_customTree_server.php	2010-03-16 16:59:06 UTC (rev 5790)
+++ trunk/mapbender/http/php/mod_customTree_server.php	2010-03-16 17:03:26 UTC (rev 5791)
@@ -159,16 +159,21 @@
 	case 'update':
 		$elementArray = $queryObj->parameters->data->folderArray;		
 		$applicationId = $queryObj->parameters->data->applicationId;		
-		$sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
-		$v = array($applicationId);
-		$t = array("s");
-		$res = db_prep_query($sql, $v, $t);
+		// get all of the users applications
+		$allowedApplicationArray = $user->getApplicationsByPermission(0);
+
+		if (in_array($applicationId, $allowedApplicationArray)) {
+
+			$sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
+			$v = array($applicationId);
+			$t = array("s");
+			$res = db_prep_query($sql, $v, $t);
+			
+			$rowArray = array();
+			for ($i = 0; $i < count($elementArray); $i++) {
 		
-		$rowArray = array();
-		for ($i = 0; $i < count($elementArray); $i++) {
+				$currentElement = $elementArray[$i];
 	
-			$currentElement = $elementArray[$i];
-
 			$sql = "INSERT INTO gui_treegde (fkey_gui_id, lft, rgt, " . 
 				"my_layer_title, wms_id) VALUES ($1, $2, $3, $4, $5)";
 			$v = array(
@@ -185,6 +190,7 @@
 		$data = array("sql" => $sql, "data" => $rowArray);
 		$resultObj["data"] = $data;
 		$resultObj["success"] = "Elements have been updated in the database.";
+		}
 		break;