RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow regular users to check their own workers

Browse Source 
Fixes #270
This commit is contained in:
Sebastian Grewe 2013-06-28 21:38:03 +02:00
parent 50edf2648a
commit 3421cf63b6
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
public/include/pages/api/getuserworkers.inc.php
View File

@ -5,17 +5,19 @@ if (!defined('SECURITY'))
die('Hacking attempt');
// Check user token
$id = $user->checkApiKey($_REQUEST['api_key']);
$user_id = $user->checkApiKey($_REQUEST['api_key']);
// We have to check if that user is admin too
if ( ! $user->isAdmin($id) ) {
if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
header("HTTP/1.1 401 Unauthorized");
die("Access denied");
} else if ($user->isAdmin($user_id)) {
$id = $_REQUEST['id'];
ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
} else {
$id = $user_id;
}
// Is it a username or a user ID
ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
// Output JSON format
echo json_encode(array('getuserworkers' => $worker->getWorkers($id)));