A bit more progress on refactoring access checks.
authorNik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
committerNik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
19 files changed:
WEB-INF/lib/ttTeamHelper.class.php
WEB-INF/templates/footer.tpl
WEB-INF/templates/user_edit.tpl
expense_delete.php
predefined_expense_add.php
predefined_expense_delete.php
predefined_expense_edit.php
predefined_expenses.php
project_add.php
project_delete.php
project_edit.php
projects.php
quotas.php
report.php
report_send.php
reports.php
role_edit.php
swap_roles.php
user_edit.php

index de03479..5aeee21 100644 (file)
@@ -143,7 +143,7 @@ class ttTeamHelper {
     if (is_a($res, 'PEAR_Error'))
       return false;
     while ($val = $res->fetchRow()) {
-      $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right.
+      $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have track_own_time right.
       if ($isClient)
         continue; // Skip adding clients.
       $user_list[] = $val;
index 8b84e12..b99c720 100644 (file)
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4156 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4157 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
index 15bf3fe..6b09881 100644 (file)
@@ -108,7 +108,7 @@ function handleClientControl() {
 {if $user->id == $user_id}
       <tr>
       <td align="right">{$i18n.form.users.role}:</td>
-      <td>{$user->role_name} {if $user->can('swap_roles')}<a href="swap_roles.php">{$i18n.form.profile.swap_roles}</a>{/if}</td>
+      <td>{$user->role_name} {if $can_swap}<a href="swap_roles.php">{$i18n.form.profile.swap_roles}</a>{/if}</td>
     </tr>
 {/if}
     <tr>
index 42a6add..1f7fbb3 100644 (file)
@@ -41,8 +41,6 @@ if (!$user->isPluginEnabled('ex')) {
   exit();
 }
 
-
-
 $cl_id = $request->getParameter('id');
 $expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
 
index 82cf99b..2f1621c 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttPredefinedExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_name = trim($request->getParameter('name'));
index c8ae1c8..9b44503 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttPredefinedExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_predefined_expense_id = (int)$request->getParameter('id');
 $predefined_expense = ttPredefinedExpenseHelper::get($cl_predefined_expense_id);
index 220778a..7791b24 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttPredefinedExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $predefined_expense_id = (int) $request->getParameter('id');
 
index 4e79912..7aed7ad 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $form = new Form('predefinedExpensesForm');
 
index 6b55019..55b83b4 100644 (file)
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttProjectHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $users = ttTeamHelper::getActiveUsers();
 foreach ($users as $user_item)
index 683dbc5..2373bbe 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttProjectHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_project_id = (int)$request->getParameter('id');
 $project = ttProjectHelper::get($cl_project_id);
index be0e90f..d30782a 100644 (file)
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttProjectHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_project_id = (int)$request->getParameter('id');
 
index ed0103a..5315c4f 100644 (file)
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('track_own_time') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 if($user->canManageTeam()) {
   $active_projects = ttTeamHelper::getActiveProjects($user->team_id);
index 19e70e5..c921fba 100644 (file)
@@ -32,11 +32,15 @@ import('form.Form');
 import('ttTeamHelper');
 import('ttTimeHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('mq')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 // Start and end fallback values for the Year dropdown.
 $yearStart = 2015;
index 190dff8..c59f6b5 100644 (file)
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
index b420b3a..d7c031f 100644 (file)
@@ -33,7 +33,7 @@ import('ttSysConfig');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
index 390c85c..3a7367e 100644 (file)
@@ -37,7 +37,7 @@ import('ttFavReportHelper');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
index 3eb7696..f5f3762 100644 (file)
@@ -32,7 +32,7 @@ import('ttTeamHelper'); // TODO: remove this?
 import('ttTaskHelper'); // TODO: remove this?
 import('ttRoleHelper');
 
-// Access check.
+// Access checks.
 if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
@@ -43,6 +43,7 @@ if (!$role) {
   header('Location: access_denied.php');
   exit();
 }
+
 $assigned_rights = explode(',', $role['rights']);
 $available_rights = array_diff($user->rights, $assigned_rights);
 
index 09178cd..59a726c 100644 (file)
@@ -30,20 +30,23 @@ require_once('initialize.php');
 import('form.Form');
 import('ttUserHelper');
 
-// Access check.
+// Access checks.
 if (!ttAccessAllowed('swap_roles')) {
   header('Location: access_denied.php');
   exit();
 }
-
-$users = ttTeamHelper::getUsersForSwap();
+$users_for_swap = ttTeamHelper::getUsersForSwap();
+if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
+  header('Location: access_denied.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_id = $request->getParameter('swap_with');
 }
 
 $form = new Form('swapForm');
-$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
 $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
 $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
 
index 531e842..75d89e5 100644 (file)
@@ -222,11 +222,19 @@ if ($request->isPost()) {
   }
 } // isPost
 
+$can_swap = false;
+if ($user->id == $user_id && $user->can('swap_roles')) {
+  $users_for_swap = ttTeamHelper::getUsersForSwap();
+  if (is_array($users_for_swap) && sizeof($users_for_swap) > 0)
+    $can_swap = true;
+}
+
 $rates = ttProjectHelper::getRates($user_id);
 $smarty->assign('rates', $rates);
 
 $smarty->assign('auth_external', $auth->isPasswordExternal());
 $smarty->assign('active_roles', $active_roles);
+$smarty->assign('can_swap', $can_swap);
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('onload', 'onLoad="document.userForm.name.focus();handleClientControl();"');
 $smarty->assign('user_id', $user_id);