-
Bruno Nocera Zanette authored
Added permission control based on the ID requested by the URL. It compares this ID with logged-in user's ID and Professor's students/courses/... If the requested ID is equal to logged-in user's ID or is some of the students's/courses's ID it allows the access to the information. Otherwise it denies it. This is necessary for the cases when the user requests an ID's information direct from the URL (modifying it) and not from a menu (with restricted registers). In this case the user could request an information that is not allowed to him to view. Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>
d33f530d