liquid_feedback_frontend: app/main/membership/

liquid_feedback_frontend

annotate app/main/membership/_action/update.lua @ 9:0ee1e0c42d4c

Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.

author	bsw
date	Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents	80c215dbf076
children	86988175dc89

rev	line source
bsw/jbe@0	1 local area_id = assert(param.get("area_id", atom.integer), "no area id given")
bsw/jbe@0	2 local membership = Membership:by_pk(area_id, app.session.member.id)
bsw/jbe@0	3
bsw/jbe@0	4 if param.get("delete", atom.boolean) then
bsw/jbe@0	5 if membership then
bsw/jbe@0	6 membership:destroy()
bsw/jbe@0	7 slot.put_into("notice", _"Membership removed")
bsw/jbe@0	8 else
bsw/jbe@0	9 slot.put_into("notice", _"Membership not existant")
bsw/jbe@0	10 end
bsw/jbe@0	11 return
bsw/jbe@0	12 end
bsw/jbe@0	13
bsw/jbe@0	14 if not membership then
bsw/jbe@0	15 membership = Membership:new()
bsw/jbe@0	16 membership.area_id = area_id
bsw/jbe@0	17 membership.member_id = app.session.member_id
bsw/jbe@0	18 membership.autoreject = false
bsw/jbe@0	19 end
bsw/jbe@0	20
bsw/jbe@0	21 local autoreject = param.get("autoreject", atom.boolean)
bsw/jbe@0	22 if autoreject ~= nil then
bsw/jbe@0	23 membership.autoreject = autoreject
bsw/jbe@0	24 end
bsw/jbe@0	25
bsw/jbe@0	26 membership:save()
bsw/jbe@0	27
bsw/jbe@4	28 --slot.put_into("notice", _"Membership updated")