Started redoing access checks using role rights.
authorNik Okuntseff <support@anuko.com>
Mon, 12 Mar 2018 14:46:34 +0000 (14:46 +0000)
committerNik Okuntseff <support@anuko.com>
Mon, 12 Mar 2018 14:46:34 +0000 (14:46 +0000)
WEB-INF/lib/common.lib.php
WEB-INF/templates/footer.tpl
admin_options.php

index ec21d67..5621492 100644 (file)
@@ -344,3 +344,25 @@ function ttAccessCheck($required_rights)
     
   return true;
 }
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// This function is a replacement for ttAccessCheck above as part of roles revamp.
+// To be used as an initial check on all publicly available pages
+// (except login.php and register.php where we don't have to check).
+function ttAccessAllowed($required_right)
+{
+  global $auth;
+  global $user;
+
+  // Redirect to login page if user is not authenticated.
+  if (!$auth->isAuthenticated()) {
+    header('Location: login.php');
+    exit();
+  }
+
+  // Check if user has the right.
+  if (in_array($required_right, $user->rights))
+    return true;
+
+  return false;
+}
\ No newline at end of file
index 42ecb58..36dcb36 100644 (file)
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.38.4059 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.39.4060 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
index ae901d6..6f81255 100644 (file)
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
-if (!ttAccessCheck(right_administer_site)) {
+if (!ttAccessAllowed('administer_site')) {
   header('Location: access_denied.php');
   exit();
 }