fix permissions

2018-05-04 22:41:36 +10:00
parent 9a4b327250
commit 6a056c80eb
1 changed files with 803 additions and 809 deletions
--- a/booking.module
+++ b/booking.module
@@ -420,6 +420,7 @@ function booking_menu() {
      'title'                               => 'Variety Session CSV',
      'description'                         => 'CSV Report of Variety Session Timeslot',
      'page callback'                       => 'booking_varietysessions_csv_report',
+      'access arguments'                    => array('access administration pages'),			
      'page arguments'                      => array(4),		
      //'type'                                => MENU_CALLBACK,
    );		
@@ -823,14 +824,12 @@ function booking_node_access($node, $op, $account) {
    //watchdog('booking', "Booking node_access processing user id '!account' performing operation !op for node type !type. @info", 
    //	array('!account' => $account->uid, '!op' => $op, '!type' => $type, '@info' => var_export($account, TRUE)));	
      
-	  	if ($op == 'view')
-		{
+    if ($op == 'view') {
      //watchdog('booking', 'Booking node_access checking permissions for view operation.');		
      if (user_access('view bookings', $account))
        return NODE_ACCESS_ALLOW;
    }
-		elseif ($op == 'create')
-		{
+    elseif ($op == 'create') {
      //watchdog('booking', 'Booking node_access checking permissions for create operation.');
      if (user_access('create bookings', $account))
        return NODE_ACCESS_ALLOW;
@@ -839,8 +838,7 @@ function booking_node_access($node, $op, $account) {
      else
        return NODE_ACCESS_DENY;
    }
-		elseif ($op == 'update' || $op == 'delete')
-		{
+    elseif ($op == 'update' || $op == 'delete') {
      if (user_access('edit bookings', $account))
        return NODE_ACCESS_ALLOW;
    }
@@ -853,20 +851,16 @@ function booking_node_access($node, $op, $account) {
    return NODE_ACCESS_DENY;
  }
  //Check access levels for travel form node	
-	elseif ($type == 'travel' && in_array($type, node_permissions_get_configured_types())) 
-	{		
-	  	if ($op == 'view')
-		{	
+  elseif ($type == 'travel' && in_array($type, node_permissions_get_configured_types())) {		
+    if ($op == 'view') {	
      if (user_access('view_travel_forms', $account))
        return NODE_ACCESS_ALLOW;
    }
-		elseif ($op == 'create')
-		{
+    elseif ($op == 'create') {
      if (user_access('create_travel_forms', $account))
        return NODE_ACCESS_ALLOW;
    }
-		elseif ($op == 'update' || $op == 'delete')
-		{
+    elseif ($op == 'update' || $op == 'delete') {
      if (user_access('edit_travel_forms', $account))
        return NODE_ACCESS_ALLOW;
    }