function allowed($action, $posting) { //checks if the author has the right to do a certain action //action 1 = edit a posting //action 2 = publish a posting //action 3 = administration tasks //admin may do anything if (getuserrights("admin")) { return true; } else { switch ($action) { case "1": $tempreturn = false; if (getuserrights("edit_all")) { $tempreturn = true; } else { if (getuserrights("edit_own") and owner($posting)) { $tempreturn = true; } } return $tempreturn; break; case "2": $tempreturn = false; if (getuserrights("publish_all")) { $tempreturn = true; } else { if (getuserrights("publish_own") and owner($posting)) { $tempreturn = true; } } return $tempreturn; break; default: return false; break; } } }
$j = 0; foreach ($cats as $showcat) { echo "<option value=\"" . $cats[$j]['id'] . "\""; $temp = "category" . $i . "_id"; if ($fields[$temp] == $cats[$j]['id']) { echo " selected"; } echo ">" . urldecode($cats[$j]['name']) . "</option>\n"; $j += 1; } echo "</select>\n"; } ?> <!-- author --> <?php if (getuserrights("admin")) { $dosql = "SELECT id, nickname FROM " . $GLOBALS['prefix'] . "lb_authors"; $authorarray = $GLOBALS['lbdata']->GetArray($dosql); foreach ($authorarray as $author) { if ($author['id'] == $fields['author_id']) { $me = $author['nickname']; $my_id = $author['id']; } } echo "<h3>" . bla("rec2_author") . "</h3>\n\n"; echo "<select name = \"author\" class = \"author\">\n"; echo "<option value =\"" . $my_id . "\">" . $me . "</option>"; foreach ($authorarray as $author) { if ($author['id'] == $my_id) { continue; }
/** * checks if the author has the right to do a certain action * action 1 = edit a posting * action 2 = publish a posting * action 3 = administration tasks * * @param unknown_type $action * @param unknown_type $posting * @return unknown */ function allowed($action, $posting) { //admin may do anything if (getuserrights('admin')) { return true; } else { switch ($action) { case '1': $tempreturn = false; if (getuserrights("edit_all")) { $tempreturn = true; } else { if (getuserrights("edit_own") and owner($posting)) { $tempreturn = true; } } return $tempreturn; break; case '2': $tempreturn = false; if (getuserrights("publish_all")) { $tempreturn = true; } else { if (getuserrights("publish_own") and owner($posting)) { $tempreturn = true; } } return $tempreturn; break; default: return false; break; } } }