Commit 8f6a1d2f authored by Reto Da Forno's avatar Reto Da Forno
Browse files

adjust access rights to flocklab API

parent 490b89ed
......@@ -33,6 +33,9 @@
?>
<?php include_once('include/presets.php');?>
<?php
//if (!isset($_POST['q']) && isset($_GET['q'])) {
// $_POST = $_GET;
//}
if (isset($_POST['q'])) {
$status = array('online');
$userrole = get_user_role($_POST['username']);
......@@ -109,7 +112,10 @@
$db = db_connect();
$sql = "SELECT title, description, test_status as status, UNIX_TIMESTAMP(time_start_wish) AS start_planned, UNIX_TIMESTAMP(time_start_act) AS start_act, UNIX_TIMESTAMP(time_end_wish) AS end_planned, UNIX_TIMESTAMP(time_end_act) AS end_act
FROM `flocklab`.`tbl_serv_tests`
WHERE serv_tests_key=".intval($_POST['id'])." AND owner_fk=$_SESSION[serv_users_key]";
WHERE serv_tests_key=".intval($_POST['id']);
if ($userrole != 'admin') {
$sql .= " AND owner_fk=$_SESSION[serv_users_key]";
}
$res = mysqli_query($db, $sql);
if (!$res) {
echo json_encode(array('status' => 'error', 'output' => mysqli_error($db)));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment