Closed (fixed)
Project:
MERCI (Manage Equipment Reservations, Checkout and Inventory)
Version:
6.x-2.0-rc2
Component:
Merci UI
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
11 Mar 2012 at 00:18 UTC
Updated:
14 Nov 2014 at 19:23 UTC
Jump to comment: Most recent
Comments
Comment #1
arosboro commentedI figured this out.
In the view for My Reservations, there is a php validator for UID. It is set to:
global $user;
if ($context->uid == $user->uid && user_access('create reservations')) {
return TRUE;
}
if (user_access('manage_reservations')) {
return TRUE;
}
return FALSE;
Changing the first conditional statement to the following resolves the issue:
if($argument[0] == $user->uid && user_access('create reservations')) {
Comment #2
darrick commentedI've committed your fix here: http://drupalcode.org/project/merci.git/patch/07bdc15
Thanks
Comment #3
darrick commentedComment #5
memcinto commented7.x-2.0
The above PHP validation code did not work for me. What I used was:
Note no underscore in 'manage reservations' and $argument is a variable, not an array. Also node the changed user_access argument in the first if statement.
This allows a user with 'create merci_reservation content' to view their own reservations, but not someone else's reservations. This also allows a user with 'manage reservations' to view someone else's reservations.