From c86e82354cdafa9aaa785455505a2e8b0ce5fc73 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 30 Apr 2021 10:15:25 +0300
Subject: Check can_edit_reports and can_edit_bugs flags

---
 report/edit.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'report/edit.php')

diff --git a/report/edit.php b/report/edit.php
index cd2e1a8..b6d5049 100644
--- a/report/edit.php
+++ b/report/edit.php
@@ -29,6 +29,11 @@ if($id != "") {
     $description = $result['description'];
 }
 
+if(!$_SESSION['user_can_edit_reports'] || ($submitter != $_SESSION['user_name'])) {
+    echo "You cannot edit reports!";
+    goto footer;
+}
+
 # get bug id's
 $bugs = $conn->query("SELECT id, title FROM bugs");
 
@@ -42,9 +47,11 @@ $bugs = $conn->query("SELECT id, title FROM bugs");
 <p>Assign to bug: <select name="bug_id">
 <option value="">None</option>
 <?php
+if($_SESSION['user_can_edit_bugs']) {
 foreach($bugs as $bug) {
     echo "<option value=$bug[id]>$bug[title]</option>";
 }
+}
 ?>
 </select></p>
 <input type="submit" value="submit" >
-- 
cgit v1.2.1