return true;
}
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
-{
- global $auth;
- global $user;
-
- // Redirect to login page if user is not authenticated.
- if (!$auth->isAuthenticated()) {
- header('Location: login.php');
- exit();
- }
-
- // Check rights.
- if (!($required_rights & $user->rights_mask))
- return false;
-
- return true;
-}
-
// ttAccessAllowed checks whether user is allowed access to a particular page.
-// This function is a replacement for ttAccessCheck above as part of roles revamp.
-// To be used as an initial check on all publicly available pages
-// (except login.php and register.php where we don't have to check).
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
function ttAccessAllowed($required_right)
{
global $auth;
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.41.4065 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.41.4066 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('lk')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('lk')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
header('Location: access_denied.php');
exit();
}
import('ttClientHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
header('Location: access_denied.php');
exit();
}
import('ttExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttProjectHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTaskHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('form.Form');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('ttTaskHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('form.TableColumn');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('ttUserHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('form.TableColumn');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('ttTimeHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
header('Location: access_denied.php');
exit();
}
import('ttNotificationHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
header('Location: access_denied.php');
exit();
}
import('ttNotificationHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
header('Location: access_denied.php');
exit();
}
import('ttNotificationHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
header('Location: access_denied.php');
exit();
}
import('ttPredefinedExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttPredefinedExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttPredefinedExpenseHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry|right_view_reports)) {
+if (!ttAccessAllowed('manage_own_settings')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttProjectHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
header('Location: access_denied.php');
exit();
}
import('ttTimeHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('mq')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
header('Location: access_denied.php');
exit();
}
import('ttReportHelper');
// Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
header('Location: access_denied.php');
exit();
}
import('ttClientHelper');
// Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
header('Location: access_denied.php');
exit();
}
import('form.Form');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
header('Location: access_denied.php');
exit();
}
import('ttTaskHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('form.Form');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('ttTaskHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
header('Location: access_denied.php');
exit();
}
// }
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
header('Location: access_denied.php');
exit();
}
import('ttReportHelper');
// Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
header('Location: access_denied.php');
exit();
}
import('form.ActionForm');
import('ttReportHelper');
+// Access check.
+if (!ttAccessAllowed('view_own_reports')) {
+ header('Location: access_denied.php');
+ exit();
+}
+
// Check whether TCPDF library is available.
if (!file_exists('WEB-INF/lib/tcpdf/'))
die('TCPDF library is not found in WEB-INF/lib/tcpdf/');
// Include TCPDF library.
require_once('WEB-INF/lib/tcpdf/tcpdf.php');
-// Access check.
-if (!ttAccessCheck(right_view_reports)) {
- header('Location: access_denied.php');
- exit();
-}
-
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
require_once('plugins/CustomFields.class.php');
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('ttUserHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
import('ttRoleHelper');
// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
header('Location: access_denied.php');
exit();
}
import('DateAndTime');
// Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('wv')) {
header('Location: access_denied.php');
exit();
}
import('ttTeamHelper');
// Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) {
header('Location: access_denied.php');
exit();
}