I'm using the signup module for subscribing to camps and courses. This way most signups occur anonymously. When the signups close for the events however, the module shows the signup details of the last anonymous signup and also gives the ability to cancel this signup. This way personal data is visible and privacy is violated, as well as other users can cancel another ones subscription. In order to solve this problem, I adjusted the code within signup.module.

Within function signup_nodeapi, case 'view', I added a check on $user->uid before showing the current signup info and give the option to cancel...

if (!$node->signup_status) {
if (user_access('sign up for content')) {
$output = '

' . t('Signups closed for this event') . '

';
// If they're already signed up, show their current signup
// info and give them the option to cancel.
$result = db_query("SELECT signup_time, form_data FROM {signup_log} WHERE uid = %d AND nid = %d", $user->uid, $node->nid);
if (( $user->uid ) and (db_num_rows($result))) {
$signup_info = db_fetch_object($result);
$output .= _signup_print_current_signup($node, $signup_info);
}
}
}

Comments

dww’s picture

dww
we/he/they
commented
Status: Reviewed & tested by the community » Closed (duplicate)

A) That's not a patch, please see http://druapl.org/patch

B) Sadly, a previous bug report was auto-closed about this, even though it seems to still be a bug. See http://drupal.org/node/163257.

So, please reply to #163257 with your findings, and if you can, post a real patch for that issue (and mark it "code needs review" -- you should never submit your own issues as "ready to be committed" -- that's for someone else to decide once they've reviewed and tested your patch).

Thanks,
-Derek