Access checks re-done using role rights.

[timetracker.git] / topdf.php

diff --git a/topdf.php b/topdf.php
index f0fdb60..2be45cc 100644 (file)
--- a/topdf.php
+++ b/topdf.php
@@ -35,6 +35,12 @@ import('form.Form');
 import('form.ActionForm');
 import('ttReportHelper');
 
+// Access check.
+if (!ttAccessAllowed('view_own_reports')) {
+  header('Location: access_denied.php');
+  exit();
+}
+
 // Check whether TCPDF library is available.
 if (!file_exists('WEB-INF/lib/tcpdf/'))
   die('TCPDF library is not found in WEB-INF/lib/tcpdf/');
@@ -42,12 +48,6 @@ if (!file_exists('WEB-INF/lib/tcpdf/'))
 // Include TCPDF library.
 require_once('WEB-INF/lib/tcpdf/tcpdf.php');
 
-// Access check.
-if (!ttAccessCheck(right_view_reports)) {
-  header('Location: access_denied.php');
-  exit();
-}
-
 // Use custom fields plugin if it is enabled.
 if ($user->isPluginEnabled('cf')) {
   require_once('plugins/CustomFields.class.php');