AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move account/asset post logic to new permissions system

Browse Source
This commit is contained in:
wrongecho
2024-10-03 19:42:48 +01:00
parent 6d6689e7c5
commit 18889d228a
3 changed files with 41 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
post/user/account.php
View File

@@ -5,6 +5,7 @@
*/
if (isset($_POST['add_account'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
@@ -24,6 +25,7 @@ if (isset($_POST['add_account'])) {
}
if (isset($_POST['edit_account'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_POST['csrf_token']);
$account_id = intval($_POST['account_id']);
@@ -42,6 +44,8 @@ if (isset($_POST['edit_account'])) {
}
if (isset($_GET['archive_account'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_GET['csrf_token']);
$account_id = intval($_GET['archive_account']);
@@ -58,6 +62,8 @@ if (isset($_GET['archive_account'])) {
// Not used anywhere?
if (isset($_GET['delete_account'])) {
enforceUserPermission('module_financial', 3);
$account_id = intval($_GET['delete_account']);
mysqli_query($mysqli,"DELETE FROM accounts WHERE account_id = $account_id");