protect "my" reports from other people
[Evergreen.git] / Open-ILS / src / reporter / templates / stage3.ttk
index eeb8c0c..012eb21 100644 (file)
@@ -247,10 +247,12 @@ BLOCK view_stage3;
                                WRAPPER html/cell style="border:solid gray 1px;";
                                        INCLUDE anchor content='Refresh' href=CGI.url('-path', 1) _ '?id=' _ rpt.id;
                                        '   ';
-                                       INCLUDE anchor content='Run again' href=CGI.url('-path', 1) _ '?action=rerun&id=' _ rpt.id;
-                                       '   ';
-                                       INCLUDE anchor content='Delete' href=CGI.url('-path', 1) _ '?action=delete_stage3&id=' _ rpt.id;
-                                       '   ';
+                                       IF user.id == rpt.owner;
+                                               INCLUDE anchor content='Run again' href=CGI.url('-path', 1) _ '?action=rerun&id=' _ rpt.id;
+                                               '   ';
+                                               INCLUDE anchor content='Delete' href=CGI.url('-path', 1) _ '?action=delete_stage3&id=' _ rpt.id;
+                                               '   ';
+                                       END;
                                END;
                        END;
                END;
@@ -321,8 +323,10 @@ BLOCK view_stage3;
                                        WRAPPER html/row;
                                                INCLUDE html/cell content="<b>Actions</b>" style="border:solid gray 1px;";
                                                WRAPPER html/cell style="border:solid gray 1px;";
-                                                       INCLUDE anchor content='Delete' href=CGI.url('-path', 1) _ '?action=delete_output&output=' _ run.id;
-                                                       '&nbsp;&nbsp;&nbsp;';
+                                                       IF user.id == rpt.owner;
+                                                               INCLUDE anchor content='Delete' href=CGI.url('-path', 1) _ '?action=delete_output&output=' _ run.id;
+                                                               '&nbsp;&nbsp;&nbsp;';
+                                                       END;
                                                END;
                                        END;
                                END;