liquid_feedback_frontend
annotate app/main/membership/_action/update.lua @ 1109:498d655dbc18
Added missing access control for member profile images
| author | bsw |
|---|---|
| date | Mon Nov 10 18:52:33 2014 +0100 (2014-11-10) |
| parents | 701a5cf6b067 |
| children |
| rev | line source |
|---|---|
| bsw/jbe@0 | 1 local area_id = assert(param.get("area_id", atom.integer), "no area id given") |
| bsw/jbe@0 | 2 local membership = Membership:by_pk(area_id, app.session.member.id) |
| bsw/jbe@0 | 3 |
| bsw@1045 | 4 local area = Area:by_id(area_id) |
| bsw/jbe@0 | 5 if param.get("delete", atom.boolean) then |
| bsw/jbe@0 | 6 if membership then |
| bsw/jbe@0 | 7 membership:destroy() |
| bsw@1045 | 8 slot.put_into("notice", _"Subscription removed") |
| bsw/jbe@0 | 9 else |
| bsw@1045 | 10 slot.put_into("notice", _"Subscription already removed") |
| bsw/jbe@0 | 11 end |
| bsw/jbe@0 | 12 return |
| bsw/jbe@0 | 13 end |
| bsw/jbe@0 | 14 |
| bsw@1045 | 15 if not app.session.member:has_voting_right_for_unit_id(area.unit_id) then |
| bsw@1045 | 16 slot.put_into("error", _"You are not eligible to participate") |
| bsw@1045 | 17 return false |
| bsw@1045 | 18 end |
| bsw@1045 | 19 |
| bsw/jbe@0 | 20 if not membership then |
| bsw/jbe@0 | 21 membership = Membership:new() |
| bsw/jbe@0 | 22 membership.area_id = area_id |
| bsw/jbe@0 | 23 membership.member_id = app.session.member_id |
| bsw@1045 | 24 membership:save() |
| bsw@1045 | 25 slot.put_into("notice", _"Subject area subscribed") |
| bsw/jbe@0 | 26 end |