From 216d1c29ae204a1404a5d38cad77abce516e2386 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Tue, 27 Mar 2018 20:47:40 +0000 Subject: [PATCH] Refactored headers to use view_own_projects right check. --- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/header.tpl | 2 +- WEB-INF/templates/mobile/header.tpl | 2 +- mobile/project_add.php | 1 + mobile/projects.php | 4 ++-- projects.php | 3 +-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 67a6e0a0..e939e021 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.79.4191 | Copyright © Anuko | +  Anuko Time Tracker 1.17.79.4192 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/header.tpl b/WEB-INF/templates/header.tpl index ac6e99fe..b74923ba 100644 --- a/WEB-INF/templates/header.tpl +++ b/WEB-INF/templates/header.tpl @@ -113,7 +113,7 @@ || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode || $user->isPluginEnabled('cl'))} · {$i18n.menu.charts} {/if} - {if ($user->can('manage_projects') || $user->can('track_own_time') || $user->can('track_time')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)} + {if ($user->can('view_own_projects') || $user->can('manage_projects')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)} · {$i18n.menu.projects} {/if} {if ($smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode) && $user->can('manage_tasks')} diff --git a/WEB-INF/templates/mobile/header.tpl b/WEB-INF/templates/mobile/header.tpl index 507a07e0..7118cfa4 100644 --- a/WEB-INF/templates/mobile/header.tpl +++ b/WEB-INF/templates/mobile/header.tpl @@ -79,7 +79,7 @@ {if $user->isPluginEnabled('ex') && ($user->can('track_own_expenses') || $user->can('track_expenses'))} · {$i18n.menu.expenses} {/if} - {if ($user->can('manage_projects') || $user->can('track_own_time') || $user->can('track_time')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)} + {if ($user->can('view_own_projects') || $user->can('manage_projects')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)} · {$i18n.menu.projects} {/if} {if $user->can('manage_tasks') && $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode} diff --git a/mobile/project_add.php b/mobile/project_add.php index a9495d71..bb0f1d09 100644 --- a/mobile/project_add.php +++ b/mobile/project_add.php @@ -40,6 +40,7 @@ if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->t header('Location: feature_disabled.php'); exit(); } +// End of access checks. $users = ttTeamHelper::getActiveUsers(); foreach ($users as $user_item) diff --git a/mobile/projects.php b/mobile/projects.php index c35e738a..a9f8ab02 100644 --- a/mobile/projects.php +++ b/mobile/projects.php @@ -31,8 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access checks. -// TODO: introduce view_own_projects right to keep access checks simple. -if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) { +if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects'))) { header('Location: access_denied.php'); exit(); } @@ -40,6 +39,7 @@ if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->t header('Location: feature_disabled.php'); exit(); } +// End of access checks. if($user->can('manage_projects')) { $active_projects = ttTeamHelper::getActiveProjects($user->team_id); diff --git a/projects.php b/projects.php index 1d5f7e2e..bf6aed1c 100644 --- a/projects.php +++ b/projects.php @@ -31,8 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access checks. -// TODO: introduce view_projects right to keep access checks simple. -if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) { +if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects'))) { header('Location: access_denied.php'); exit(); } -- 2.20.1