Index: openacs-4/packages/notifications/www/request-change-frequency.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/notifications/www/request-change-frequency.tcl,v diff -u -r1.8 -r1.8.2.1 --- openacs-4/packages/notifications/www/request-change-frequency.tcl 12 Jul 2018 14:13:01 -0000 1.8 +++ openacs-4/packages/notifications/www/request-change-frequency.tcl 19 Apr 2021 13:19:08 -0000 1.8.2.1 @@ -10,14 +10,21 @@ return_url:localurl } +auth::require_login + set user_id [ad_conn user_id] -# get the notification information - -db_1row select_notification_request { +# Get the notification information. Make also sure only the requesting +# user can modify the frequency. +if {![db_0or1row select_notification_request { select type_id, interval_id, object_id from notification_requests where request_id = :request_id + and user_id = :user_id +}]} { + # Don't be very vocal about why we have failed. + ns_returnnotfound + ad_script_abort } acs_object::get -object_id $object_id -array obj