phpffcms /
ffcms
| @@ 141-147 (lines=7) @@ | ||
| 138 | // check if action is submited |
|
| 139 | if (App::$Request->request->get('closeRequest', false)) { |
|
| 140 | // if created by authorized user |
|
| 141 | if ((int)$record->user_id !== 0) { |
|
| 142 | $user = App::$User->identity(); |
|
| 143 | // button is pressed not by request creator |
|
| 144 | if ($user === null || $user->getId() !== (int)$record->user_id) { |
|
| 145 | throw new ForbiddenException(__('This feedback request was created by another user')); |
|
| 146 | } |
|
| 147 | } |
|
| 148 | ||
| 149 | // switch closed to 1 and make sql query |
|
| 150 | $record->closed = 1; |
|
| @@ 330-332 (lines=3) @@ | ||
| 327 | $new = $record->id === null; |
|
| 328 | ||
| 329 | // reject edit published items and items from other authors |
|
| 330 | if (($new === false && (int)$record->author_id !== App::$User->identity()->getId()) || (int)$record->display === 1) { |
|
| 331 | throw new ForbiddenException(__('You have no permissions to edit this content')); |
|
| 332 | } |
|
| 333 | ||
| 334 | // initialize model |
|
| 335 | $model = new FormNarrowContentUpdate($record, $configs); |
|
