arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Disable the save and delete option for system reports, and print a message

Browse Source 
saying that the report can only be saved as a new report.
- Add checks to the report_save and report_delete fucntions to ensure system
  reports cannot be saved/deleted.
This commit is contained in:
dave 2007-11-21 22:30:19 +00:00
parent ac3e50f94e
commit 44205d5039
2 changed files with 48 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
admin/reports.inc.php
View File

@ -297,8 +297,24 @@ foreach($stock as $n=>$v) {
/* New report */ /* New report */
mysql_query("INSERT INTO reports (`id`) VALUES ('')"); mysql_query("INSERT INTO reports (`id`) VALUES ('')");
$report['id'] = mysql_insert_id(); $report['id'] = mysql_insert_id();
} else {
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
$i = mysql_fetch_assoc($q);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
* properly setup the editor pages so that the user
* cannot save this report. The only way to get here
* is by directly modifying the POST variables.. so..
* we don't have to worry about being user friendly. */
echo "ERROR: attempt to save a system report (reports.id={$report['id']})";
exit;
}
} }
/* /*
print("<pre>"); print("<pre>");
print_r($_POST); print_r($_POST);
@ -361,6 +377,19 @@ foreach($stock as $n=>$v) {
function report_delete($report_id) function report_delete($report_id)
{ {
$r = intval($report_id); $r = intval($report_id);
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='$r'");
$i = mysql_fetch_assoc($q);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
* properly setup the editor pages so that the user
* cannot delete this report. The only way to get here
* is by directly modifying the POST variables.. so..
* we don't have to worry about being user friendly. */
echo "ERROR: attempt to delete a system report (reports.id=$r)";
exit;
}
mysql_query("DELETE FROM reports WHERE `id`=$r"); mysql_query("DELETE FROM reports WHERE `id`=$r");
mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r"); mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r");
} }

31
admin/reports_editor.php
View File

@ -178,9 +178,7 @@ function reportChange()
return $ret; return $ret;
} }
//print_r($_POST);
/* Decode the report */ /* Decode the report */
$report = array(); $report = array();
$report['id'] = intval($_POST['id']); $report['id'] = intval($_POST['id']);
$report['name'] = stripslashes($_POST['name']); $report['name'] = stripslashes($_POST['name']);
@ -213,8 +211,7 @@ function reportChange()
} }
if($repaction == 'try') { if($repaction == 'try') {
/* Try this report save it to the database under a new report, and mark it as /* Generate the report from what was passed through POST */
* temporary, so when the generator finishes with it, it deletes it */
report_gen($report); report_gen($report);
exit; exit;
} }
@ -427,15 +424,25 @@ function reportChange()
} }
echo "<br />"; echo "<br />";
if($report['system_report_id'] != 0) {
echo notice(i18n('This is a system report, it cannot be changed or deleted. To save changes you have made to it, please select the \'Save as a new report\' option.'));
}
echo "<select name=\"repaction\">"; echo "<select name=\"repaction\">";
$sel = ($repaction_save == 'save') ? "selected=\"selected\"" : ''; if($report['system_report_id'] == 0) {
echo " <option value=\"save\" $sel>Save this report</option>"; $sel = ($repaction_save == 'save') ? "selected=\"selected\"" : '';
$sel = ($repaction_save == 'try') ? "selected=\"selected\"" : ''; echo " <option value=\"save\" $sel>Save this report</option>";
echo " <option value=\"try\" $sel>Try this report</option>"; $sel = ($repaction_save == 'try') ? "selected=\"selected\"" : '';
echo " <option value=\"\" ></option>"; echo " <option value=\"try\" $sel>Try this report</option>";
echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>"; echo " <option value=\"\" ></option>";
echo " <option value=\"\" ></option>"; echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>";
echo " <option value=\"del\" >Delete this report</option>"; echo " <option value=\"\" ></option>";
echo " <option value=\"del\" >Delete this report</option>";
} else {
echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>";
$sel = ($repaction_save == 'try') ? "selected=\"selected\"" : '';
echo " <option value=\"try\" $sel>Try this report</option>";
}
echo "</select>"; echo "</select>";
echo "<input type=\"submit\" value=\"Go\">"; echo "<input type=\"submit\" value=\"Go\">";