diff options
| author | Greg Roach <fisharebest@webtrees.net> | 2019-01-27 15:55:40 +0000 |
|---|---|---|
| committer | Greg Roach <fisharebest@webtrees.net> | 2019-01-27 15:55:40 +0000 |
| commit | 755682b67142b223143273d940850167e46c0d64 (patch) | |
| tree | 5c828d91e43cb8cde401ba65fc3d66d5fa95e31e | |
| parent | 027742ffa439257ce7caa15e34947a8d8de6e7ef (diff) | |
| download | webtrees-755682b67142b223143273d940850167e46c0d64.tar.gz webtrees-755682b67142b223143273d940850167e46c0d64.tar.bz2 webtrees-755682b67142b223143273d940850167e46c0d64.zip | |
Fix: #2143 - ajax tab requests
| -rw-r--r-- | app/Http/Controllers/IndividualController.php | 33 |
1 files changed, 14 insertions, 19 deletions
diff --git a/app/Http/Controllers/IndividualController.php b/app/Http/Controllers/IndividualController.php index fae94deffa..08e0414538 100644 --- a/app/Http/Controllers/IndividualController.php +++ b/app/Http/Controllers/IndividualController.php @@ -154,28 +154,22 @@ class IndividualController extends AbstractBaseController /** * @param Request $request * @param Tree $tree + * @param User $user * * @return Response */ - public function tab(Request $request, Tree $tree): Response + public function tab(Request $request, Tree $tree, User $user): Response { - $xref = $request->get('xref', ''); - $record = Individual::getInstance($xref, $tree); - $tab = $request->get('module'); - $tabs = Module::findByComponent('tab', $tree, Auth::user()); + $xref = $request->get('xref', ''); + $record = Individual::getInstance($xref, $tree); + $module_name = $request->get('module'); + $module = Module::findByName($module_name); - if ($record === null || !array_key_exists($tab, $tabs)) { - return new Response('', Response::HTTP_NOT_FOUND); - } - - if (!$record->canShow()) { - return new Response('', Response::HTTP_FORBIDDEN); - } - - $tab = $tabs[$tab]; + Auth::checkIndividualAccess($record); + Auth::checkComponentAccess($module, 'tab', $tree, $user); $layout = view('layouts/ajax', [ - 'content' => $tab->getTabContent($record), + 'content' => $module->getTabContent($record), ]); return new Response($layout); @@ -321,7 +315,7 @@ class IndividualController extends AbstractBaseController $edit_links = FontAwesome::linkIcon('delete', I18N::translate('Delete this name'), [ 'class' => 'btn btn-link', - 'data-confirm' => I18N::translate('Are you sure you want to delete this fact?'), + 'data-confirm' => I18N::translate('Are you sure you want to delete this fact?'), 'href' => '#', 'onclick' => 'return delete_fact(this.dataset.confirm", "' . e($individual->tree()->name()) . '", "' . e($individual->xref()) . '", "' . $fact->id() . '");', ]) . @@ -378,9 +372,10 @@ class IndividualController extends AbstractBaseController if ($individual->canEdit() && !$fact->isPendingDeletion()) { $edit_links = FontAwesome::linkIcon('edit', I18N::translate('Edit the gender'), [ 'class' => 'btn btn-link', - 'href' => route('edit-fact', ['xref' => $individual->xref(), - 'fact_id' => $fact->id(), - 'ged' => $individual->tree()->name(), + 'href' => route('edit-fact', [ + 'xref' => $individual->xref(), + 'fact_id' => $fact->id(), + 'ged' => $individual->tree()->name(), ]), ]); } else { |
