//we want only visibles fields
$fields = $this->members_fields;
$fc = $this->fields_config;
- $visibles = $fc->getVisibilities();
- $access_level = $this->login->getAccessLevel();
-
- //remove not searchable fields
- unset($fields['mdp_adh']);
-
- foreach ($fields as $k => $f) {
- if (
- $visibles[$k] == FieldsConfig::NOBODY ||
- ($visibles[$k] == FieldsConfig::ADMIN &&
- $access_level < Authentication::ACCESS_ADMIN) ||
- ($visibles[$k] == FieldsConfig::STAFF &&
- $access_level < Authentication::ACCESS_STAFF) ||
- ($visibles[$k] == FieldsConfig::MANAGER &&
- $access_level < Authentication::ACCESS_MANAGER)
- ) {
- unset($fields[$k]);
- }
- }
+ $fc->filterVisible($this->login, $fields);
//add status label search
if ($pos = array_search(Status::PK, array_keys($fields))) {
} elseif ($id !== null) {
//load requested member
$member->load($id);
- if (!$member->canEdit($this->login) || $member->id != $id) {
+ if (!$member->canEdit($this->login)) {
$this->flash->addMessage(
'error_detected',
_T("You do not have permission for requested URL.")
}
/**
- * Get fields for massive changes
- * @see FieldsConfig::getFormElements
+ * Filter visible fields
*
- * @param array $fields Member fields
* @param Login $login Login instance
+ * @param array $fields Fields list
*
- * @return array
+ * @return void
*/
- public function getMassiveFormElements(array $fields, Login $login)
+ public function filterVisible(Login $login, array &$fields): void
{
- $visibles = $this->getVisibilities();
$access_level = $login->getAccessLevel();
+ $visibles = $this->getVisibilities();
//remove not searchable fields
unset($fields['mdp_adh']);
}
}
+ }
+
+ /**
+ * Get fields for massive changes
+ * @see FieldsConfig::getFormElements
+ *
+ * @param array $fields Member fields
+ * @param Login $login Login instance
+ *
+ * @return array
+ */
+ public function getMassiveFormElements(array $fields, Login $login)
+ {
+ $this->filterVisible($login, $fields);
+
$mass_fields = [
'titre_adh',
'sexe_adh',