$itemID = Request::option('itemID'); if ($itemID) { $_SESSION['itemID'] = $itemID; } elseif (Request::submitted('newButton')) { $_SESSION['itemID'] = "root"; } # ===================================================== END: check the itemID # # check the rangeID ======================================================== # if (Request::option("rangeID")) { $_SESSION['rangeID'] = Request::option("rangeID"); } # ==================================================== END: check the rangeID # # EVTAU: employees of the vote-team against urlhacking ====================== # $eval = new Evaluation($evalID, NULL, EVAL_LOAD_NO_CHILDREN); // someone has voted if ($eval->hasVoted()) { $error = EvalCommon::createReportMessage(_("An dieser Evaluation hat bereits jemand teilgenommen. Sie darf nicht mehr verändert werden."), EVAL_PIC_ERROR, EVAL_CSS_ERROR); $error_msgs[] = $error->createContent(); } // only the author or user with tutor perm in all evalRangeIDs should edit an eval $authorID = $eval->getAuthorID(); $db = new EvaluationObjectDB(); if ($authorID != $user->id) { $no_permisson = 0; if (is_array($eval->getRangeIDs())) { foreach ($eval->getRangeIDs() as $rangeID) { $user_perm = $db->getRangePerm($rangeID, $user->id, YES); // every range with a lower perm than Tutor if ($user_perm < 7) { $no_permisson++; }