From 146b5d33e6edc23ed10916ac3c1f282289b4fc08 Mon Sep 17 00:00:00 2001 From: Gregorio Chiko Putra Date: Mon, 11 Sep 2017 10:20:20 +0700 Subject: [PATCH] Only administrator can make changes to categories --- App/Controllers/Posts.php | 13 +++++++++---- App/Views/Data/pengumuman.html | 8 +++++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/App/Controllers/Posts.php b/App/Controllers/Posts.php index 0d8f671..70c946b 100644 --- a/App/Controllers/Posts.php +++ b/App/Controllers/Posts.php @@ -81,11 +81,11 @@ class Posts $url = 'Data/pengumuman.html'; - $status = ''; + $privilage = ''; if (Session::exists('userid')) { $post = $this->model->showAll(); - $status = 'admin'; + $privilage = Session::get('privilage'); } if ($post !== false) { @@ -102,7 +102,7 @@ class Posts } View::render($url, [ 'posts' => $posts, - 'status' => $status + 'privilage' => $privilage ]); } @@ -198,6 +198,11 @@ class Posts public function category() { if (Session::exists('userid')) { + if (Session::get('privilage') != 1) { + Session::flash('info', 'Hanya admin yang bisa mengatur kategori.'); + Redirect::to('/'); + die(); + } $categories = []; $get_categories = $this->model->showAll([], 'kategori'); @@ -212,7 +217,7 @@ class Posts 'token' => Token::generate() ]); } else { - throw new \Exception("Bad request", 400); + throw new \Exception("Page not found", 404); } } diff --git a/App/Views/Data/pengumuman.html b/App/Views/Data/pengumuman.html index 20a125f..38b28c8 100644 --- a/App/Views/Data/pengumuman.html +++ b/App/Views/Data/pengumuman.html @@ -29,9 +29,11 @@
- {% if status %} + {% if privilage != "" %} + Tambah Pengumuman - + Tambah Kategori + {% if privilage == 1 %} + + Tambah Kategori + {% endif %} Keluar - {% endif %} + {% endif %} {% endblock %}