• Bruno Nocera Zanette's avatar
    Added permission control based on requested ID · d33f530d
    Bruno Nocera Zanette authored
    Added permission control based on the ID requested by the URL.
    It compares this ID with logged-in user's ID and Professor's students/courses/...
    If the requested ID is equal to logged-in user's ID or is some of the students's/courses's ID
    it allows the access to the information. Otherwise it denies it.
    This is necessary for the cases when the user requests an ID's information direct from the URL (modifying it) and
    not from a menu (with restricted registers). In this case the user could request an information
    that is not allowed to him to view.
    Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
Last commit
Last update
main Loading commit data...