diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 81f403d5c..f2cd2bbb9 100755 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -878,6 +878,13 @@ class AttributesController extends AppController { } } else { $this->set('id', $id); + $attribute = $this->Attribute->find('first', array( + 'conditions' => array('id' => $id), + 'recursive' => -1, + 'fields' => array('id', 'event_id'), + )); + $this->set('event_id', $attribute['Attribute']['event_id']); + $this->render('ajax/attributeConfirmationForm'); } } else { if (!$this->request->is('post') && !$this->_isRest()) { diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php index f7fa385ba..65905383e 100644 --- a/app/Controller/ShadowAttributesController.php +++ b/app/Controller/ShadowAttributesController.php @@ -197,30 +197,41 @@ class ShadowAttributesController extends AppController { */ // This method will discard a proposed change. Users that can delete the proposals are the publishing users of the org that created the event and of the ones that created the proposal - in addition to site admins of course public function discard($id = null) { - if (!$this->request->is('post') || !$this->request->is('ajax')) { + if (!$this->request->is('ajax')) { throw new MethodNotAllowedException(); } - $this->ShadowAttribute->id = $id; - $this->ShadowAttribute->read(); - $eventId = $this->ShadowAttribute->data['ShadowAttribute']['event_id']; - $this->loadModel('Event'); - $this->Event->Behaviors->detach('SysLogLogable.SysLogLogable'); - $this->Event->recursive = -1; - $this->Event->id = $eventId; - $this->Event->read(); - // Send those away that shouldn't be able to see this - if (!$this->_isSiteAdmin()) { - if ((($this->Event->data['Event']['orgc'] != $this->Auth->user('org')) && ($this->Auth->user('org') != $this->ShadowAttribute->data['ShadowAttribute']['org'])) || (!$this->userRole['perm_modify'])) { - $this->Session->setFlash('You don\'t have permission to do that'); - $this->redirect(array('controller' => 'events', 'action' => 'view', $eventId)); + if ($this->request->is('post')) { + $this->ShadowAttribute->id = $id; + $this->ShadowAttribute->read(); + $eventId = $this->ShadowAttribute->data['ShadowAttribute']['event_id']; + $this->loadModel('Event'); + $this->Event->Behaviors->detach('SysLogLogable.SysLogLogable'); + $this->Event->recursive = -1; + $this->Event->id = $eventId; + $this->Event->read(); + // Send those away that shouldn't be able to see this + if (!$this->_isSiteAdmin()) { + if ((($this->Event->data['Event']['orgc'] != $this->Auth->user('org')) && ($this->Auth->user('org') != $this->ShadowAttribute->data['ShadowAttribute']['org'])) || (!$this->userRole['perm_modify'])) { + $this->Session->setFlash('You don\'t have permission to do that'); + $this->redirect(array('controller' => 'events', 'action' => 'view', $eventId)); + } + } + if ($this->ShadowAttribute->delete($id, $cascade = false)) { + $this->_setProposalLock($eventId, false); + $this->autoRender = false; + return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Proposal discarded.')),'status'=>200)); + } else { + return new CakeResponse(array('body'=> json_encode(array('false' => true, 'errors' => 'Could not discard proposal.')),'status'=>200)); } - } - if ($this->ShadowAttribute->delete($id, $cascade = false)) { - $this->_setProposalLock($eventId, false); - $this->autoRender = false; - return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Proposal discarded.')),'status'=>200)); } else { - return new CakeResponse(array('body'=> json_encode(array('false' => true, 'errors' => 'Could not discard proposal.')),'status'=>200)); + $this->set('id', $id); + $shadowAttribute = $this->ShadowAttribute->find('first', array( + 'conditions' => array('id' => $id), + 'recursive' => -1, + 'fields' => array('id', 'event_id'), + )); + $this->set('event_id', $shadowAttribute['ShadowAttribute']['event_id']); + $this->render('ajax/shadowAttributeConfirmationForm'); } } diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp index 6e3a98ef6..f0d993fdb 100755 --- a/app/View/Attributes/add.ctp +++ b/app/View/Attributes/add.ctp @@ -1,4 +1,3 @@ - echo $this->Html->script('ajaxification');?>
Are you sure you want to delete Attribute #?
++ Yes + | ++ | ++ No + | +