Display the edit box only when editing is permitted

[misc/kostenrechnung] / lib / mask.php

diff --git a/lib/mask.php b/lib/mask.php
index 9c3ec53..069b790 100644 (file)
--- a/lib/mask.php
+++ b/lib/mask.php
@@ -1,14 +1,25 @@
 <?php
 
-# function mask_fields($list)
-# {
-#   $ret = array();
-# 
-#   foreach ($list as $field => $data)
-#     $ret[] = $field;
-# 
-#   return $ret;
-# }
+function check_edit($name)
+{
+  $sql = sprintf("SELECT sys_mask.id,edit FROM sys_mask "
+                . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
+                . "WHERE gid = %d AND fname = '%s' "
+                . "ORDER BY edit DESC LIMIT 1",
+                $_SESSION['sys']['group'], pg_escape_string($name));
+
+  $sth = pg_query($sql);
+
+  if ($sth === false) return false;
+
+  $row = pg_fetch_assoc($sth);
+  if ($row === false) return false;
+
+  if ($row['edit'] == '0')
+    return false;
+
+  return true;
+}
 
 function build_form($name, $mask)
 {
@@ -229,7 +240,7 @@ function build_mask($name, $mask)
   else
     $select = array();
 
-  if (array_key_exists('edit', $mask))
+  if (array_key_exists('edit', $mask) && check_edit($name))
     $edit = build_form($name, $mask);
   else
     $edit = array();