From: Nik Okuntseff Date: Sat, 24 Mar 2018 19:52:42 +0000 (+0000) Subject: More improvements to access checks. X-Git-Tag: timetracker_1.19-1~950 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=a8a4278a6a87c600835890a10c774dfdc58e930a;p=timetracker.git More improvements to access checks. --- diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index b99c720b..a4a020e7 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.69.4157 | Copyright © Anuko | +  Anuko Time Tracker 1.17.69.4158 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/task_add.php b/task_add.php index 12c54464..a5149e84 100644 --- a/task_add.php +++ b/task_add.php @@ -32,11 +32,15 @@ import('form.ActionForm'); import('ttTeamHelper'); import('ttTaskHelper'); -// Access check. -if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +// Access checks. +if (!ttAccessAllowed('manage_tasks')) { header('Location: access_denied.php'); exit(); } +if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { + header('Location: feature_disabled.php'); + exit(); +} $projects = ttTeamHelper::getActiveProjects($user->team_id); diff --git a/task_delete.php b/task_delete.php index d72220d2..0e9f40cf 100644 --- a/task_delete.php +++ b/task_delete.php @@ -30,11 +30,15 @@ require_once('initialize.php'); import('ttTaskHelper'); import('form.Form'); -// Access check. -if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +// Access checks. +if (!ttAccessAllowed('manage_tasks')) { header('Location: access_denied.php'); exit(); } +if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { + header('Location: feature_disabled.php'); + exit(); +} $cl_task_id = (int)$request->getParameter('id'); $task = ttTaskHelper::get($cl_task_id); diff --git a/task_edit.php b/task_edit.php index 36e717d7..bba89beb 100644 --- a/task_edit.php +++ b/task_edit.php @@ -31,11 +31,15 @@ import('form.Form'); import('ttTeamHelper'); import('ttTaskHelper'); -// Access check. -if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +// Access checks. +if (!ttAccessAllowed('manage_tasks')) { header('Location: access_denied.php'); exit(); } +if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { + header('Location: feature_disabled.php'); + exit(); +} $cl_task_id = (int)$request->getParameter('id'); $projects = ttTeamHelper::getActiveProjects($user->team_id); diff --git a/tasks.php b/tasks.php index 5bc3fd45..5505e6dd 100644 --- a/tasks.php +++ b/tasks.php @@ -30,11 +30,15 @@ require_once('initialize.php'); import('form.Form'); import('ttTeamHelper'); -// Access check. -if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +// Access checks. +if (!ttAccessAllowed('manage_tasks')) { header('Location: access_denied.php'); exit(); } +if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { + header('Location: feature_disabled.php'); + exit(); +} $smarty->assign('active_tasks', ttTeamHelper::getActiveTasks($user->team_id)); $smarty->assign('inactive_tasks', ttTeamHelper::getInactiveTasks($user->team_id)); diff --git a/time.php b/time.php index 270a8aae..1c29aa8f 100644 --- a/time.php +++ b/time.php @@ -42,7 +42,7 @@ import('DateAndTime'); // } // Access check. -if (!ttAccessAllowed('track_own_time')) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/time_delete.php b/time_delete.php index 2ad3ea41..ec3c677c 100644 --- a/time_delete.php +++ b/time_delete.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('track_own_time')) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/time_edit.php b/time_edit.php index dd3edde1..c14928f5 100644 --- a/time_edit.php +++ b/time_edit.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('track_own_time')) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/tofile.php b/tofile.php index 67c5b31c..abd1f278 100644 --- a/tofile.php +++ b/tofile.php @@ -32,7 +32,7 @@ import('form.ActionForm'); import('ttReportHelper'); // Access check. -if (!ttAccessAllowed('view_own_reports')) { +if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) { header('Location: access_denied.php'); exit(); } diff --git a/topdf.php b/topdf.php index b8f6684c..3177d155 100644 --- a/topdf.php +++ b/topdf.php @@ -36,7 +36,7 @@ import('form.ActionForm'); import('ttReportHelper'); // Access check. -if (!ttAccessAllowed('view_own_reports')) { +if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) { header('Location: access_denied.php'); exit(); } diff --git a/users.php b/users.php index 86021863..35fd4168 100644 --- a/users.php +++ b/users.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('ttRoleHelper'); // Access check. -if (!ttAccessAllowed('view_users')) { +if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) { header('Location: access_denied.php'); exit(); } diff --git a/week.php b/week.php index e26aa119..f1dc7889 100644 --- a/week.php +++ b/week.php @@ -38,11 +38,15 @@ import('ttClientHelper'); import('ttTimeHelper'); import('DateAndTime'); -// Access check. -if (!ttAccessAllowed('track_own_time') || !$user->isPluginEnabled('wv')) { +// Access checks. +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } +if (!$user->isPluginEnabled('wv')) { + header('Location: feature_disabled.php'); + exit(); +} // Initialize and store date in session. $cl_date = $request->getParameter('date', @$_SESSION['date']); diff --git a/week_view.php b/week_view.php index b273d278..e5ec1479 100644 --- a/week_view.php +++ b/week_view.php @@ -30,11 +30,15 @@ require_once('initialize.php'); import('form.Form'); import('ttTeamHelper'); -// Access check. -if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) { +// Access checks. +if (!ttAccessAllowed('manage_advanced_settings')) { header('Location: access_denied.php'); exit(); } +if (!$user->isPluginEnabled('wv')) { + header('Location: feature_disabled.php'); + exit(); +} if ($request->isPost()) { $cl_week_note = $request->getParameter('week_note');