diff --git a/participant_invite.php b/participant_invite.php index 4ca3be5..db5fb80 100644 --- a/participant_invite.php +++ b/participant_invite.php @@ -81,7 +81,12 @@ //this is ajax too, but we dont explicitly say AJAX==1, thats silly :p if($_POST['action']=="uninvite") { if($_POST['userid']) { - user_uninvite(intval($_POST['userid']),$type); + echo "uninviting userid: ".$_POST['userid']." from type: ".$type."\n"; + $r=user_uninvite(intval($_POST['userid']),$type); + //this will return the user object if valid, if its just a string, then its an error string + if(!is_array($r)) { + echo "error: $r"; + } } exit; } @@ -157,6 +162,7 @@ function uninvite(id) { if(confirmClick('Are you sure you want to uninvite this participant?')) { $.post("participant_invite.php",{action: 'uninvite', userid: id},function() { +// alert('done'); document.location.href='participant_invite.php'; }); } diff --git a/user.inc.php b/user.inc.php index fdb8b6b..02d7630 100644 --- a/user.inc.php +++ b/user.inc.php @@ -1807,8 +1807,13 @@ function user_uninvite($uid, $roles_id){ } if($returnval == null){ - if($user['schools_id'] != $u['schools_id']){ - $returnval = 'You can not uninvite students form other schools'; + if($_SESSION['superuser']=="yes" || array_key_exists('admin',$u['roles'])) { + //superuser or admin, let them do it + } else { + //else, the school must match + if($user['schools_id'] != $u['schools_id']){ + $returnval = 'You can not uninvite students form other schools'; + } } }