From: anuko <support@anuko.com>
Date: Sun, 25 Sep 2016 19:33:08 +0000 (+0000)
Subject: Work in progress added more checks for access control.
X-Git-Tag: timetracker_1.19-1~1637
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=5a6a33edf0ec2ac012715e12c35c7285b64c099b;p=timetracker.git

Work in progress added more checks for access control.
---

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index c4934a51..a62e521c 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.9.31.3538 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.9.31.3539 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/cf_custom_field_add.php b/cf_custom_field_add.php
index 965c2aba..1d293d37 100644
--- a/cf_custom_field_add.php
+++ b/cf_custom_field_add.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_custom_field_delete.php b/cf_custom_field_delete.php
index 86fa7d87..88779bed 100644
--- a/cf_custom_field_delete.php
+++ b/cf_custom_field_delete.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_custom_field_edit.php b/cf_custom_field_edit.php
index 196d85fa..b8e0f8ec 100644
--- a/cf_custom_field_edit.php
+++ b/cf_custom_field_edit.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_custom_fields.php b/cf_custom_fields.php
index 33c8b5e7..18de0605 100644
--- a/cf_custom_fields.php
+++ b/cf_custom_fields.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_dropdown_option_add.php b/cf_dropdown_option_add.php
index 20da6eef..ecf4892d 100644
--- a/cf_dropdown_option_add.php
+++ b/cf_dropdown_option_add.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_dropdown_option_delete.php b/cf_dropdown_option_delete.php
index ed295920..ec06b49f 100644
--- a/cf_dropdown_option_delete.php
+++ b/cf_dropdown_option_delete.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_dropdown_option_edit.php b/cf_dropdown_option_edit.php
index 78fc279c..ba486ae9 100644
--- a/cf_dropdown_option_edit.php
+++ b/cf_dropdown_option_edit.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/cf_dropdown_options.php b/cf_dropdown_options.php
index a7718fbe..544eefdb 100644
--- a/cf_dropdown_options.php
+++ b/cf_dropdown_options.php
@@ -31,7 +31,7 @@ require_once('plugins/CustomFields.class.php');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cf')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/client_add.php b/client_add.php
index 275a65ee..bd1516f1 100644
--- a/client_add.php
+++ b/client_add.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/client_delete.php b/client_delete.php
index 2340db03..767a919e 100644
--- a/client_delete.php
+++ b/client_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/client_edit.php b/client_edit.php
index c7ad1581..2b408c5d 100644
--- a/client_edit.php
+++ b/client_edit.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }