liquid_feedback_frontend: 0ee1e0c42d4c app/main/interest/

liquid_feedback_frontend

view app/main/interest/_action/update.lua @ 9:0ee1e0c42d4c

Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.

author	bsw
date	Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents	374bbc2ff102
children	42547a48774d

line source

1 local issue_id = assert(param.get("issue_id", atom.integer), "no issue id given")

3 local interest = Interest:by_pk(issue_id, app.session.member.id)

5 local issue = Issue:by_id(issue_id)

7 if issue.closed then

8 slot.put_into("error", _"This issue is already closed.")

9 return false

10 elseif issue.fully_frozen then

11 slot.put_into("error", _"Voting for this issue has already begun.")

12 return false

13 end

15 if param.get("delete", atom.boolean) then

16 if interest then

17 interest:destroy()

18 slot.put_into("notice", _"Interest removed")

19 else

20 slot.put_into("notice", _"Interest not existant")

21 end

22 return

23 end

25 if not interest then

26 interest = Interest:new()

27 interest.issue_id = issue_id

28 interest.member_id = app.session.member_id

29 interest.autoreject = false

30 end

32 local autoreject = param.get("autoreject", atom.boolean)

33 if autoreject ~= nil then

34 interest.autoreject = autoreject

35 end

37 interest:save()

39 slot.put_into("notice", _"Interest updated")