user_group station can now only access their own station
This commit is contained in:
@@ -9,8 +9,10 @@
|
||||
$_SESSION['select-statistics'] = $_GET['stationen'];
|
||||
}
|
||||
|
||||
if(!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") {
|
||||
if((!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") && $user_data['user_group'] != 'station') {
|
||||
$session = "total-score";
|
||||
} else if ($user_data['user_group'] == 'station') {
|
||||
$session = $user_data['s_id'];
|
||||
} else {
|
||||
$session = $_SESSION['select-statistics'];
|
||||
}
|
||||
@@ -22,21 +24,21 @@
|
||||
<div class="headline">
|
||||
<?php
|
||||
if($session == "total-score") {
|
||||
echo "<h2>Gesamtpunkte</h2\n";
|
||||
echo "<h2>Gesamtpunkte</h2>\n";
|
||||
} else {
|
||||
echo "<h2>" . get_station_name($con, $session)['name'] . "</h2>\n";
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<div>
|
||||
<form name="switch-statistics" method="get">
|
||||
<select name="stationen" id="station" onchange="this.form.submit()">
|
||||
<?php
|
||||
load_options_stations($con, $session, true);
|
||||
?>
|
||||
</select>
|
||||
</form>
|
||||
<?php
|
||||
if($user_data['user_group'] != "station") {
|
||||
echo "<form name=\"switch-statistics\" method=\"get\">
|
||||
<select name=\"stationen\" id=\"station\" onchange=\"this.form.submit()\">";
|
||||
load_options_stations($con, $session, true);
|
||||
echo "</select>
|
||||
</form>";
|
||||
}
|
||||
if($session != "total-score" && get_teams_no_points($con, $session)->rowCount() > 0) {
|
||||
echo "<form action=\"add_entry.php\" method=\"get\">
|
||||
<input type=\"hidden\" name=\"station\" value=\"$session\"/>
|
||||
@@ -44,27 +46,26 @@
|
||||
</form>\n";
|
||||
}
|
||||
|
||||
if ($session != "total-score") {
|
||||
//add edit button
|
||||
echo "<div>
|
||||
<form action=\"edit_statistics.php\" method=\"get\">
|
||||
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
|
||||
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
|
||||
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
|
||||
</form>
|
||||
</div>";
|
||||
//add delete button
|
||||
echo "<div>
|
||||
<form action=\"delete_statistics.php\" method=\"post\">
|
||||
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
|
||||
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
|
||||
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
|
||||
</form>
|
||||
</div>";
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
if ($session != "total-score") {
|
||||
//add edit button
|
||||
echo "<div>
|
||||
<form action=\"edit_statistics.php\" method=\"get\">
|
||||
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
|
||||
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
|
||||
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
|
||||
</form>
|
||||
</div>";
|
||||
//add delete button
|
||||
echo "<div>
|
||||
<form action=\"delete_statistics.php\" method=\"post\">
|
||||
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
|
||||
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
|
||||
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
|
||||
</form>
|
||||
</div>";
|
||||
} ?>
|
||||
<div class="table-div">
|
||||
<table id="table">
|
||||
<?php
|
||||
|
||||
Reference in New Issue
Block a user