From 718f61be021c6afa8ddd836e6f5cd9d76faf8530 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Mon, 12 Mar 2018 14:46:34 +0000 Subject: [PATCH] Started redoing access checks using role rights. --- WEB-INF/lib/common.lib.php | 22 ++++++++++++++++++++++ WEB-INF/templates/footer.tpl | 2 +- admin_options.php | 2 +- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php index ec21d675..56214922 100644 --- a/WEB-INF/lib/common.lib.php +++ b/WEB-INF/lib/common.lib.php @@ -344,3 +344,25 @@ function ttAccessCheck($required_rights) return true; } + +// ttAccessAllowed checks whether user is allowed access to a particular page. +// This function is a replacement for ttAccessCheck above as part of roles revamp. +// To be used as an initial check on all publicly available pages +// (except login.php and register.php where we don't have to check). +function ttAccessAllowed($required_right) +{ + global $auth; + global $user; + + // Redirect to login page if user is not authenticated. + if (!$auth->isAuthenticated()) { + header('Location: login.php'); + exit(); + } + + // Check if user has the right. + if (in_array($required_right, $user->rights)) + return true; + + return false; +} \ No newline at end of file diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 42ecb58e..36dcb362 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.38.4059 | Copyright © Anuko | +  Anuko Time Tracker 1.17.39.4060 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/admin_options.php b/admin_options.php index ae901d6d..6f812558 100644 --- a/admin_options.php +++ b/admin_options.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttUserHelper'); // Access check. -if (!ttAccessCheck(right_administer_site)) { +if (!ttAccessAllowed('administer_site')) { header('Location: access_denied.php'); exit(); } -- 2.20.1