mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-05-30 01:15:33 -04:00
2630d55ffb
Add a CreatedBy column to the Reports table and a canEdit() method on the Report class so $report->canEdit() (already called from web/ajax/reports.php) resolves to a real check. canEdit() permits the report owner (CreatedBy == user) or any user/role with System=Edit. Wire actions/report.php to stamp CreatedBy on first save and refuse save/delete on existing reports the current user cannot edit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
1.0 KiB
PHP
41 lines
1.0 KiB
PHP
<?php
|
|
namespace ZM;
|
|
require_once('database.php');
|
|
require_once('Object.php');
|
|
|
|
class Report extends ZM_Object {
|
|
protected static $table = 'Reports';
|
|
|
|
protected $defaults = array(
|
|
'Id' => null,
|
|
'Name' => '',
|
|
'FilterId' => null,
|
|
'StartDateTime' => null,
|
|
'EndDateTime' => null,
|
|
'Interval' => '86400',
|
|
'CreatedBy' => null,
|
|
);
|
|
|
|
public static function find( $parameters = array(), $options = array() ) {
|
|
return ZM_Object::_find(self::class, $parameters, $options);
|
|
}
|
|
|
|
public static function find_one( $parameters = array(), $options = array() ) {
|
|
return ZM_Object::_find_one(self::class, $parameters, $options);
|
|
}
|
|
|
|
public function canEdit($u=null) {
|
|
global $user;
|
|
if (!$u) $u = $user;
|
|
if (!$u) return false;
|
|
|
|
if ($u->System() == 'Edit') return true;
|
|
$role = $u->Role();
|
|
if ($role && ($role->System() == 'Edit')) return true;
|
|
|
|
if ($this->CreatedBy() and $this->CreatedBy() == $u->Id()) return true;
|
|
return false;
|
|
}
|
|
} # end class Report
|
|
?>
|