From 2bc6fcc813a04905b35d627f5f7a7ca990016e31 Mon Sep 17 00:00:00 2001
From: Joey Schulze <joey@infodrom.org>
Date: Sat, 6 Mar 2010 21:46:15 +0100
Subject: [PATCH] Display the edit box only when editing is permitted

---
 lib/mask.php | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/lib/mask.php b/lib/mask.php
index 9c3ec53..069b790 100644
--- a/lib/mask.php
+++ b/lib/mask.php
@@ -1,14 +1,25 @@
 <?php
 
-# function mask_fields($list)
-# {
-#   $ret = array();
-# 
-#   foreach ($list as $field => $data)
-#     $ret[] = $field;
-# 
-#   return $ret;
-# }
+function check_edit($name)
+{
+  $sql = sprintf("SELECT sys_mask.id,edit FROM sys_mask "
+		 . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
+		 . "WHERE gid = %d AND fname = '%s' "
+		 . "ORDER BY edit DESC LIMIT 1",
+		 $_SESSION['sys']['group'], pg_escape_string($name));
+
+  $sth = pg_query($sql);
+
+  if ($sth === false) return false;
+
+  $row = pg_fetch_assoc($sth);
+  if ($row === false) return false;
+
+  if ($row['edit'] == '0')
+    return false;
+
+  return true;
+}
 
 function build_form($name, $mask)
 {
@@ -229,7 +240,7 @@ function build_mask($name, $mask)
   else
     $select = array();
 
-  if (array_key_exists('edit', $mask))
+  if (array_key_exists('edit', $mask) && check_edit($name))
     $edit = build_form($name, $mask);
   else
     $edit = array();
-- 
2.20.1