Add a CreatedBy column to the Reports table and a canEdit() method on
the Report class so $report->canEdit() (already called from
web/ajax/reports.php) resolves to a real check. canEdit() permits the
report owner (CreatedBy == user) or any user/role with System=Edit.
Wire actions/report.php to stamp CreatedBy on first save and refuse
save/delete on existing reports the current user cannot edit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Removed the getDelConfirmModal() function (and its call) from report.js, options.js, reports.js, devices.js, +++controlcaps.js(?view=options&tab=control), and snapshots.js. This is because it's now a single function in skin.js, which is called when the "Delete" button is pressed, rather than during page initialization.
- Slightly modified the local functions of manageDelConfirmModalBtns(). Removed the listener, so the code is executed immediately.
- You can now call local functions from the global getDelConfirmModal() function (instead of just executing submitThisForm() ). Applies to report.js, reports.js, devices.js, controlcaps.js, snapshots.js
- Changed the style of the "Delete" button on the Groups page
- Added deletion confirmation to the Storage, Roles, and Groups pages
- On the Event page, deletion permissions were broken. Deletes were allowed for those who did NOT have edit permissions, but deletions were blocked for those who did. !
- On the Report page, deletion didn't work and still doesn't work. This needs to be addressed, or maybe it's possible to delete reports only on the Reports page. (FIXED...)
- On the Devices page, the "canEdit.Device" permissions check was being performed, but it should be performed like this: "canEdit.Devices"
- The $action variable was not defined in \ajax\devices.php
- Added translations.
- Added a style for the disabled "Delete" button
- Minor fixes
