jukka/intra.noxus.fi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Korjaa isAdmin() -> isCompanyAdmin() todo-endpointeissa

Browse Source 
isAdmin() ei ollut olemassa, oikea funktio on isCompanyAdmin().
Aiheutti PHP fatal errorin ja tyhjän vastauksen.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jukka Lampikoski
2026-03-11 14:14:01 +02:00
parent 77aa809439
commit fb22e09c0b
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api.php
View File

@@ -2241,7 +2241,7 @@ switch ($action) {
requireAdmin();
} elseif (!$isNew) {
$existing = dbLoadTodo($input['id']);
if ($existing && $existing['created_by'] !== currentUser() && !isAdmin()) {
if ($existing && $existing['created_by'] !== currentUser() && !isCompanyAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Voit muokata vain omia ehdotuksiasi']);
break;
@@ -2303,12 +2303,12 @@ switch ($action) {
break;
}
$type = $rows[0]['type'];
if ($type === 'feature_request' && !isAdmin()) {
if ($type === 'feature_request' && !isCompanyAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Vain admin voi muuttaa ehdotuksen statusta']);
break;
}
if ($type === 'task' && !isAdmin()) {
if ($type === 'task' && !isCompanyAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Vain admin voi muuttaa tehtävän statusta']);
break;
@@ -2374,7 +2374,7 @@ switch ($action) {
$commentId = $input['id'] ?? '';
// Tarkista onko oma kommentti tai admin
$rows = _dbFetchAll("SELECT author FROM todo_comments WHERE id = ?", [$commentId]);
if (!empty($rows) && ($rows[0]['author'] === currentUser() || isAdmin())) {
if (!empty($rows) && ($rows[0]['author'] === currentUser() || isCompanyAdmin())) {
dbDeleteTodoComment($commentId);
echo json_encode(['success' => true]);
} else {
@@ -2414,7 +2414,7 @@ switch ($action) {
$input = json_decode(file_get_contents('php://input'), true);
$entryId = $input['id'] ?? '';
$rows = _dbFetchAll("SELECT user FROM todo_time_entries WHERE id = ?", [$entryId]);
if (!empty($rows) && ($rows[0]['user'] === currentUser() || isAdmin())) {
if (!empty($rows) && ($rows[0]['user'] === currentUser() || isCompanyAdmin())) {
dbDeleteTodoTimeEntry($entryId);
echo json_encode(['success' => true]);
} else {