liquid_feedback_frontend
view app/main/suggestion/_action/add.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 8d91bccab0bf |
| children | 53a45356c107 |
line source
1 local tmp = db:query({ "SELECT text_entries_left FROM member_contingent_left WHERE member_id = ?", app.session.member.id }, "opt_object")
2 if tmp and tmp.text_entries_left and tmp.text_entries_left < 1 then
3 slot.put_into("error", _"Sorry, you have reached your personal flood limit. Please be slower...")
4 return false
5 end
7 local name = param.get("name")
8 local name = util.trim(name)
10 if #name < 3 then
11 slot.put_into("error", _"This title is really too short!")
12 return false
13 end
15 local suggestion = Suggestion:new()
17 suggestion.author_id = app.session.member.id
18 suggestion.name = name
19 param.update(suggestion, "description", "initiative_id")
20 suggestion:save()
22 -- TODO important m1 selectors returning result _SET_!
23 local issue = suggestion.initiative:get_reference_selector("issue"):for_share():single_object_mode():exec()
25 if issue.closed then
26 slot.put_into("error", _"This issue is already closed.")
27 return false
28 elseif issue.fully_frozen then
29 slot.put_into("error", _"Voting for this issue has already begun.")
30 return false
31 end
33 local opinion = Opinion:new()
35 opinion.suggestion_id = suggestion.id
36 opinion.member_id = app.session.member.id
37 opinion.degree = param.get("degree", atom.integer)
38 opinion.fulfilled = false
40 opinion:save()
42 slot.put_into("notice", _"Your suggestion has been added")