diff options
author | Ted Trask <ttrask01@yahoo.com> | 2011-09-09 20:49:31 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2011-09-09 20:49:31 +0000 |
commit | 049eb581d3169f87b167bb99de5ed3af1c7bcab3 (patch) | |
tree | ffcf64d413d8dd6562617b261a8e4abae16933e8 | |
parent | 5b3647c7f98f04f33ae21e28e75dca9b8d9e9ff5 (diff) | |
download | acf-weblog-049eb581d3169f87b167bb99de5ed3af1c7bcab3.tar.bz2 acf-weblog-049eb581d3169f87b167bb99de5ed3af1c7bcab3.tar.xz |
Check permissions before displaying download buttons
-rw-r--r-- | weblog-adhocquery-html.lsp | 2 | ||||
-rw-r--r-- | weblog-viewweblog-html.lsp | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/weblog-adhocquery-html.lsp b/weblog-adhocquery-html.lsp index 69feb37..2923005 100644 --- a/weblog-adhocquery-html.lsp +++ b/weblog-adhocquery-html.lsp @@ -33,12 +33,14 @@ require("viewfunctions") <% end %> </TABLE> + <% if viewlibrary.check_permission("downloadadhocquery") then %> <form action="/cgi-bin/acf/weblog/weblog/downloadadhocquery" method="POST"> <input class="hidden" type="hidden" name="query" value="<%= html.html_escape(form.value.query.value) %>" > <DL> <DT>Download query result</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD> </DL> </FORM> + <% end %> <% end %> <% end %> diff --git a/weblog-viewweblog-html.lsp b/weblog-viewweblog-html.lsp index fe1f74d..4df704e 100644 --- a/weblog-viewweblog-html.lsp +++ b/weblog-viewweblog-html.lsp @@ -268,8 +268,8 @@ end %> <% if #data.value.log.value == 0 then %> <p>No results, try adjusting search parameters</p> <% end %> -<DT>Download Options</DT> -<% if page_info.action == "viewweblog" then %> + +<% if viewlibrary.check_permission("downloadweblog") then %> <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/downloadweblog") %>" method="POST"> <input type="hidden" name="activelog" value="<%= html.html_escape(data.value.activelog.value) %>" > <input type="hidden" name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" > @@ -283,7 +283,7 @@ end %> <input type="hidden" name="sortby" value="<%= html.html_escape(data.value.sortby.value) %>" > <input type="hidden" name="urisearch" value="<%= html.html_escape(data.value.urisearch.value) %>" > <input type="hidden" name="selected" value="<%= html.html_escape(data.value.selected.value) %>" > -<DD><input class="submit" type="submit" name="Download" value="Export List"></DD> +<DT>Download log</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD> </form> <% end %> </DL> |