1
tomodea
Dictionary module - Edit and Delete options shown even though the user does not have permission
  • 2008/3/14 5:13

  • tomodea

  • Just popping in

  • Posts: 47

  • Since: 2008/2/19


I am using version 0.91 of the Dictionary module.

I found that the Edit and Delete options are shown on the item detail page even though the user does not have permission to use these. When the user selects Edit or Delete, permissions are then checked and the user gets the usual "you do not have permission" message. The display of this page then goes into a loop until the user clicks on the Back button on the browser.

In my view, it would be preferable not to tempt the user in the first place.

To resolve this, I have modified detail.php (line 30).

The line is:
$post['admin'] = "[ "._EDIT." | "._DELETE." ] ";

I only want this line to be executed if the user has admin rights.

I've simply added this line before:
if ($adminview) {

and this line after:
}

This seems to have done the trick. If the user has admin permissions, then Edit and Delete will be shown but not for users without admin permissions.
Regards, Tom O'Dea
Melbourne, Australia

Login

Who's Online

321 user(s) are online (294 user(s) are browsing Support Forums)


Members: 0


Guests: 321


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits