diff --git a/html/includes/forms/edit-dashboard.inc.php b/html/includes/forms/edit-dashboard.inc.php
index 7e87af0a1..fe9d9c527 100644
--- a/html/includes/forms/edit-dashboard.inc.php
+++ b/html/includes/forms/edit-dashboard.inc.php
@@ -24,8 +24,8 @@
$status = 'error';
$message = 'unknown error';
-if (isset($_REQUEST['dashboard_id']) && isset($_REQUEST['dashboard_name'])) {
- if(dbUpdate(array('dashboard_name'=>$_REQUEST['dashboard_name']),'dashboards','user_id = ? && dashboard_id = ?',array($_SESSION['user_id'],$_REQUEST['dashboard_id']))) {
+if (isset($_REQUEST['dashboard_id']) && isset($_REQUEST['dashboard_name']) && isset($_REQUEST['access'])) {
+ if(dbUpdate(array('dashboard_name'=>$_REQUEST['dashboard_name'],'access'=>$_REQUEST['access']),'dashboards','(user_id = ? || access = 2) && dashboard_id = ?',array($_SESSION['user_id'],$_REQUEST['dashboard_id']))) {
$status = 'ok';
$message = 'Updated dashboard';
}
diff --git a/html/includes/forms/widget-settings.inc.php b/html/includes/forms/widget-settings.inc.php
index 1926d3491..fabe6c4aa 100644
--- a/html/includes/forms/widget-settings.inc.php
+++ b/html/includes/forms/widget-settings.inc.php
@@ -35,13 +35,19 @@ else {
if (!is_array($widget_settings)) {
$widget_settings = array();
}
- if (dbUpdate(array('settings'=>json_encode($widget_settings)),'users_widgets','user_widget_id=?',array($widget_id))) {
- $status = 'ok';
- $message = 'Updated';
+ if (dbFetchCell('select 1 from users_widgets inner join dashboards on users_widgets.dashboard_id = dashboards.dashboard_id where user_widget_id = ? && (users_widgets.user_id = ? || dashboards.access = 2)',array($widget_id,$_SESSION['user_id'])) == 1) {
+ if (dbUpdate(array('settings'=>json_encode($widget_settings)),'users_widgets','user_widget_id=?',array($widget_id))) {
+ $status = 'ok';
+ $message = 'Updated';
+ }
+ else {
+ $status = 'error';
+ $message = 'ERROR: Could not update';
+ }
}
else {
$status = 'error';
- $message = 'ERROR: Could not update';
+ $message = 'ERROR: You have no write-access to this dashboard';
}
}
diff --git a/html/pages/front/tiles.php b/html/pages/front/tiles.php
index 670a6bb58..a6d3083ce 100644
--- a/html/pages/front/tiles.php
+++ b/html/pages/front/tiles.php
@@ -23,13 +23,21 @@ if (dbFetchCell('SELECT dashboard_id FROM dashboards WHERE user_id=?',array($_SE
dbUpdate(array('dashboard_id'=>$vars['dashboard']),'users_widgets','user_id = ? && dashboard_id = ?',array($_SESSION['user_id'],0));
}
}
+if (!empty($vars['dashboard'])) {
+ $orig = $vars['dashboard'];
+ $vars['dashboard'] = dbFetchRow('select * from dashboards where user_id = ? && dashboard_id = ? order by dashboard_id limit 1',array($_SESSION['user_id'],$vars['dashboard']));
+ if (empty($vars['dashboard'])) {
+ $vars['dashboard'] = dbFetchRow('select dashboards.*,users.username from dashboards inner join users on dashboards.user_id = users.user_id where dashboards.dashboard_id = ? && dashboards.access > 0',array($orig));
+ }
+}
if (empty($vars['dashboard'])) {
- $vars['dashboard'] = dbFetchRow('select dashboard_id,dashboard_name from dashboards where user_id = ? order by dashboard_id limit 1',array($_SESSION['user_id']));
-} else {
- $vars['dashboard'] = dbFetchRow('select dashboard_id,dashboard_name from dashboards where user_id = ? && dashboard_id = ? order by dashboard_id limit 1',array($_SESSION['user_id'],$vars['dashboard']));
+ $vars['dashboard'] = dbFetchRow('select * from dashboards where user_id = ? order by dashboard_id limit 1',array($_SESSION['user_id']));
+ if (isset($orig)) {
+ $msg_box[] = array('type' => 'error', 'message' => 'Dashboard #'.$orig.' does not exist! Loaded '.$vars['dashboard']['dashboard_name'].' instead.','title' => 'Requested Dashboard Not Found!');
+ }
}
$data = array();
-foreach (dbFetchRows('SELECT user_widget_id,users_widgets.widget_id,title,widget,col,row,size_x,size_y,refresh FROM `users_widgets` LEFT JOIN `widgets` ON `widgets`.`widget_id`=`users_widgets`.`widget_id` WHERE `user_id`=? AND `dashboard_id`=?',array($_SESSION['user_id'],$vars['dashboard']['dashboard_id'])) as $items) {
+foreach (dbFetchRows('SELECT user_widget_id,users_widgets.widget_id,title,widget,col,row,size_x,size_y,refresh FROM `users_widgets` LEFT JOIN `widgets` ON `widgets`.`widget_id`=`users_widgets`.`widget_id` WHERE `dashboard_id`=?',array($vars['dashboard']['dashboard_id'])) as $items) {
$data[] = $items;
}
if (empty($data)) {
@@ -37,7 +45,7 @@ if (empty($data)) {
}
$data = serialize(json_encode($data));
$dash_config = unserialize(stripslashes($data));
-$dashboards = dbFetchRows("SELECT * FROM `dashboards` WHERE `user_id` = ?",array($_SESSION['user_id']));
+$dashboards = dbFetchRows("SELECT * FROM `dashboards` WHERE `user_id` = ? && `dashboard_id` != ?",array($_SESSION['user_id'],$vars['dashboard']['dashboard_id']));
?>