DataObjects/Core_person_settings.php

author Edward <edward@roojs.com>

Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)

committer Edward <edward@roojs.com>

Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)
author Edward <edward@roojs.com>
Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)
committer Edward <edward@roojs.com>
Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)
diff --git a/DataObjects/Core_person_settings.php b/DataObjects/Core_person_settings.php

index 358b7db..dea40bd 100644 (file)
--- a/DataObjects/Core_person_settings.php
+++ b/DataObjects/Core_person_settings.php
@@ -41,6 +41,15 @@ class Pman_Core_DataObjects_Core_person_settings extends DB_DataObject
      }
      
      function beforeUpdate($old, $q, $roo)
+    {
+        if(!$this->hasPermission($roo)) {
+            $roo->jerr('Access Dennied');
+        }
+        
+        
+    }
+    
+    function beforeDelete($dependants_array, $roo)
      {
          if(
                  !$roo->authUser ||
@@ -50,14 +59,16 @@ class Pman_Core_DataObjects_Core_person_settings extends DB_DataObject
          }
      }
      
-    function beforeDelete($dependants_array, $roo)
+    function hasPermission($roo)
      {
          if(
                  !$roo->authUser ||
                  (!empty($this->person_id) && $this->person_id != $roo->authUser->id)
          ) {
-            $roo->jerr('Access Dennied');
+            return false;
          }
+        
+        return true;
      }
      
      function isExist()
author	Edward <edward@roojs.com>
	Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)
committer	Edward <edward@roojs.com>
	Wed, 3 Apr 2019 05:44:09 +0000 (13:44 +0800)