Don't allow people who don't own a project to update it
This commit is contained in:
parent
e60195d431
commit
9fec2d56f4
@ -44,6 +44,15 @@ if($id == 0){
|
||||
|
||||
$statement->execute();
|
||||
}else{
|
||||
$projectManager = new \pvv\side\ProjectManager($pdo);
|
||||
$owner = $projectManager->getProjectOwner($id);
|
||||
|
||||
if($uname != $owner['uname']){
|
||||
header('Content-Type: text/plain', true, 403);
|
||||
echo "Not project owner for project with ID " . $id . "\r\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
$query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id';
|
||||
$statement = $pdo->prepare($query);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user