<?php
-# function mask_fields($list)
-# {
-# $ret = array();
-#
-# foreach ($list as $field => $data)
-# $ret[] = $field;
-#
-# return $ret;
-# }
+function check_edit($name)
+{
+ $sql = sprintf("SELECT sys_mask.id,edit FROM sys_mask "
+ . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
+ . "WHERE gid = %d AND fname = '%s' "
+ . "ORDER BY edit DESC LIMIT 1",
+ $_SESSION['sys']['group'], pg_escape_string($name));
+
+ $sth = pg_query($sql);
+
+ if ($sth === false) return false;
+
+ $row = pg_fetch_assoc($sth);
+ if ($row === false) return false;
+
+ if ($row['edit'] == '0')
+ return false;
+
+ return true;
+}
function build_form($name, $mask)
{
else
$select = array();
- if (array_key_exists('edit', $mask))
+ if (array_key_exists('edit', $mask) && check_edit($name))
$edit = build_form($name, $mask);
else
$edit = array();