From 2c18e33db905089d1352a876de7c75203a4b2828 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Sun, 4 Jul 2021 00:57:20 +0200
Subject: [PATCH] Fix: unprivileged user can add employment_and_income_history
 to a applicant

---
 app/hooks/employment_and_income_history.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/hooks/employment_and_income_history.php b/app/hooks/employment_and_income_history.php
index 0d2d826..bdbde19 100644
--- a/app/hooks/employment_and_income_history.php
+++ b/app/hooks/employment_and_income_history.php
@@ -1,10 +1,10 @@
 <?php
 	// For help on using hooks, please refer to http://bigprof.com/appgini/help/working-with-generated-web-database-application/hooks
 
-	function employment_and_income_history_init(&$options, $memberInfo, &$args){
-		/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
-		$options->FilterPage = 'hooks/employment_and_income_history_filter.php';
-		/* End of Search Page Maker for AppGini code */
+	function employment_and_income_history_init(&$options, $memberInfo, &$args){
+		/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
+		$options->FilterPage = 'hooks/employment_and_income_history_filter.php';
+		/* End of Search Page Maker for AppGini code */
 
 
 		return TRUE;
@@ -75,6 +75,8 @@ function employment_and_income_history_footer($contentType, $memberInfo, &$args)
 	}
 
 	function employment_and_income_history_before_insert(&$data, $memberInfo, &$args){
+		// can current user view this parent?
+		if(!check_record_permission('applicants_and_tenants', $data['tenant'])) return false;
 
 		return TRUE;
 	}
@@ -85,6 +87,8 @@ function employment_and_income_history_after_insert($data, $memberInfo, &$args){
 	}
 
 	function employment_and_income_history_before_update(&$data, $memberInfo, &$args){
+		// can current user view this parent?
+		if(!check_record_permission('applicants_and_tenants', $data['tenant'])) return false;
 
 		return TRUE;
 	}