liquid_feedback_frontend
annotate app/main/delegation/_action/update.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | afd9f769c7ae |
| children | 02aacb3dffe0 |
| rev | line source |
|---|---|
| bsw/jbe@0 | 1 local truster_id = app.session.member.id |
| bsw/jbe@0 | 2 |
| bsw/jbe@0 | 3 local trustee_id = param.get("trustee_id", atom.integer) |
| bsw/jbe@0 | 4 |
| bsw/jbe@0 | 5 local area_id = param.get("area_id", atom.integer) |
| bsw/jbe@0 | 6 |
| bsw/jbe@0 | 7 local issue_id = param.get("issue_id", atom.integer) |
| bsw/jbe@0 | 8 |
| bsw/jbe@0 | 9 if issue_id then |
| bsw/jbe@0 | 10 area_id = nil |
| bsw/jbe@0 | 11 end |
| bsw/jbe@0 | 12 |
| bsw/jbe@0 | 13 local delegation = Delegation:by_pk(truster_id, area_id, issue_id) |
| bsw/jbe@0 | 14 |
| bsw/jbe@4 | 15 if param.get("delete") or trustee_id == -1 then |
| bsw/jbe@0 | 16 |
| bsw/jbe@0 | 17 if delegation then |
| bsw/jbe@5 | 18 |
| bsw/jbe@0 | 19 delegation:destroy() |
| bsw/jbe@5 | 20 |
| bsw/jbe@0 | 21 if issue_id then |
| bsw/jbe@0 | 22 slot.put_into("notice", _"Your delegation for this issue has been deleted.") |
| bsw/jbe@0 | 23 elseif area_id then |
| bsw/jbe@0 | 24 slot.put_into("notice", _"Your delegation for this area has been deleted.") |
| bsw/jbe@0 | 25 else |
| bsw/jbe@0 | 26 slot.put_into("notice", _"Your global delegation has been deleted.") |
| bsw/jbe@0 | 27 end |
| bsw/jbe@0 | 28 |
| bsw/jbe@0 | 29 end |
| bsw/jbe@5 | 30 |
| bsw/jbe@0 | 31 else |
| bsw/jbe@0 | 32 |
| bsw/jbe@0 | 33 if not delegation then |
| bsw/jbe@0 | 34 delegation = Delegation:new() |
| bsw/jbe@0 | 35 delegation.truster_id = truster_id |
| bsw/jbe@0 | 36 delegation.area_id = area_id |
| bsw/jbe@0 | 37 delegation.issue_id = issue_id |
| bsw/jbe@5 | 38 if issue_id then |
| bsw/jbe@5 | 39 delegation.scope = "issue" |
| bsw/jbe@5 | 40 elseif area_id then |
| bsw/jbe@5 | 41 delegation.scope = "area" |
| bsw/jbe@5 | 42 else |
| bsw/jbe@5 | 43 delegation.scope = "global" |
| bsw/jbe@5 | 44 end |
| bsw/jbe@0 | 45 end |
| bsw/jbe@0 | 46 |
| bsw/jbe@0 | 47 delegation.trustee_id = trustee_id |
| bsw/jbe@0 | 48 |
| bsw/jbe@0 | 49 delegation:save() |
| bsw/jbe@0 | 50 |
| bsw/jbe@0 | 51 if issue_id then |
| bsw/jbe@0 | 52 slot.put_into("notice", _"Your delegation for this issue has been updated.") |
| bsw/jbe@0 | 53 elseif area_id then |
| bsw/jbe@0 | 54 slot.put_into("notice", _"Your delegation for this area has been updated.") |
| bsw/jbe@0 | 55 else |
| bsw/jbe@0 | 56 slot.put_into("notice", _"Your global delegation has been updated.") |
| bsw/jbe@0 | 57 end |
| bsw/jbe@0 | 58 |
| bsw/jbe@0 | 59 end |
| bsw/jbe@0 | 60 |