diff --git a/app/call_broadcast/call_broadcast.php b/app/call_broadcast/call_broadcast.php index 50f930acff..c17e2b6a84 100644 --- a/app/call_broadcast/call_broadcast.php +++ b/app/call_broadcast/call_broadcast.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2018 + Portions created by the Initial Developer are Copyright (C) 2008-2020 the Initial Developer. All Rights Reserved. Contributor(s): @@ -25,12 +25,16 @@ */ //includes - include "root.php"; + require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; + require_once "resources/paging.php"; //check permissions - if (!permission_exists('call_broadcast_view')) { + if (permission_exists('call_broadcast_view')) { + //access granted + } + else { echo "access denied"; exit; } @@ -95,7 +99,6 @@ $num_rows = $database->select($sql, $parameters, 'column'); //prepare the paging - require_once "resources/paging.php"; $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; $param = "&search=".$search; $page = $_GET['page']; @@ -104,7 +107,7 @@ list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); $offset = $rows_per_page * $page; -//get the call call broadcasts +//get the call broadcasts $sql = str_replace('count(*)','*', $sql); $sql .= order_by($order_by, $order); $sql .= limit_offset($rows_per_page, $offset); @@ -127,10 +130,10 @@ if (permission_exists('call_broadcast_add')) { echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'link'=>'call_broadcast_edit.php']); } - if (permission_exists('call_broadcast_add')) { + if (permission_exists('call_broadcast_add') && $result) { echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'onclick'=>"if (confirm('".$text['confirm-copy']."')) { list_action_set('copy'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); } - if (permission_exists('call_broadcast_delete')) { + if (permission_exists('call_broadcast_delete') && $result) { echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'onclick'=>"if (confirm('".$text['confirm-delete']."')) { list_action_set('delete'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); } echo "