Commit 049eb581 authored by Ted Trask's avatar Ted Trask

Check permissions before displaying download buttons

parent 5b3647c7
......@@ -33,12 +33,14 @@ require("viewfunctions")
<% end %>
</TABLE>
<% if viewlibrary.check_permission("downloadadhocquery") then %>
<form action="/cgi-bin/acf/weblog/weblog/downloadadhocquery" method="POST">
<input class="hidden" type="hidden" name="query" value="<%= html.html_escape(form.value.query.value) %>" >
<DL>
<DT>Download query result</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD>
</DL>
</FORM>
<% end %>
<% end %>
<% end %>
......
......@@ -268,8 +268,8 @@ end %>
<% if #data.value.log.value == 0 then %>
<p>No results, try adjusting search parameters</p>
<% end %>
<DT>Download Options</DT>
<% if page_info.action == "viewweblog" then %>
<% if viewlibrary.check_permission("downloadweblog") then %>
<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/downloadweblog") %>" method="POST">
<input type="hidden" name="activelog" value="<%= html.html_escape(data.value.activelog.value) %>" >
<input type="hidden" name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" >
......@@ -283,7 +283,7 @@ end %>
<input type="hidden" name="sortby" value="<%= html.html_escape(data.value.sortby.value) %>" >
<input type="hidden" name="urisearch" value="<%= html.html_escape(data.value.urisearch.value) %>" >
<input type="hidden" name="selected" value="<%= html.html_escape(data.value.selected.value) %>" >
<DD><input class="submit" type="submit" name="Download" value="Export List"></DD>
<DT>Download log</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD>
</form>
<% end %>
</DL>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment