In the current sample data, user profile "trainer1" has reading permissions for notes and form-id 4 (form name: "kurzsakala erholung und beanspruchung") of user profile "athlete1".
If using user profile "trainer1", this permissions are correctly transfered towards form_results.php. The coach is only able to see the notes and the form-id 4.
However, in results.php the coach is able to load all data from "athlete1", which shouldn't be possible.
In the current sample data, user profile "trainer1" has reading permissions for notes and form-id 4 (form name: "kurzsakala erholung und beanspruchung") of user profile "athlete1".
If using user profile "trainer1", this permissions are correctly transfered towards form_results.php. The coach is only able to see the notes and the form-id 4.
However, in results.php the coach is able to load all data from "athlete1", which shouldn't be possible.