From 5d3fa4e1fccd44c78e9f935e6e6e5f0229ecc8ed Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Sun, 4 Jul 2021 00:59:34 +0200
Subject: [PATCH] Fix: unprivileged user can add residence_and_rental to a
 applicant

---
 app/hooks/residence_and_rental_history.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/hooks/residence_and_rental_history.php b/app/hooks/residence_and_rental_history.php
index 85ba26f..c2a53e6 100644
--- a/app/hooks/residence_and_rental_history.php
+++ b/app/hooks/residence_and_rental_history.php
@@ -1,10 +1,10 @@
 <?php
 	// For help on using hooks, please refer to http://bigprof.com/appgini/help/working-with-generated-web-database-application/hooks
 
-	function residence_and_rental_history_init(&$options, $memberInfo, &$args){
-		/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
-		$options->FilterPage = 'hooks/residence_and_rental_history_filter.php';
-		/* End of Search Page Maker for AppGini code */
+	function residence_and_rental_history_init(&$options, $memberInfo, &$args){
+		/* Inserted by Search Page Maker for AppGini on 2020-11-18 12:19:27 */
+		$options->FilterPage = 'hooks/residence_and_rental_history_filter.php';
+		/* End of Search Page Maker for AppGini code */
 
 
 		return TRUE;
@@ -75,6 +75,8 @@ function residence_and_rental_history_footer($contentType, $memberInfo, &$args){
 	}
 
 	function residence_and_rental_history_before_insert(&$data, $memberInfo, &$args){
+		// can current user view this parent?
+		if(!check_record_permission('applicants_and_tenants', $data['tenant'])) return false;
 
 		return TRUE;
 	}
@@ -85,6 +87,8 @@ function residence_and_rental_history_after_insert($data, $memberInfo, &$args){
 	}
 
 	function residence_and_rental_history_before_update(&$data, $memberInfo, &$args){
+		// can current user view this parent?
+		if(!check_record_permission('applicants_and_tenants', $data['tenant'])) return false;
 
 		return TRUE;
 	}