From 8ccdc0ed79c1703162607702c6846d2c76a7a755 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Mon, 12 Mar 2018 18:10:55 +0000 Subject: [PATCH] Extended right set for more flexibility. --- WEB-INF/lib/ttRoleHelper.class.php | 12 ++++++------ WEB-INF/templates/footer.tpl | 2 +- charts.php | 2 +- dbinstall.php | 4 ++++ expense_delete.php | 2 +- expense_edit.php | 2 +- expenses.php | 2 +- export.php | 2 +- import.php | 2 +- invoice_add.php | 2 +- invoice_delete.php | 2 +- invoice_send.php | 2 +- mysql.sql | 2 +- role_add.php | 2 +- 14 files changed, 22 insertions(+), 18 deletions(-) diff --git a/WEB-INF/lib/ttRoleHelper.class.php b/WEB-INF/lib/ttRoleHelper.class.php index 3ed85c3d..20d31bcd 100644 --- a/WEB-INF/lib/ttRoleHelper.class.php +++ b/WEB-INF/lib/ttRoleHelper.class.php @@ -221,9 +221,9 @@ class ttRoleHelper { $mdb2 = getConnection(); - $rights_client = 'view_own_data,manage_own_settings'; - $rights_user = 'data_entry,view_own_data,manage_own_settings,view_users'; - $rights_supervisor = $rights_user.',on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets'; + $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings'; + $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users'; + $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices'; $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'; @@ -279,9 +279,9 @@ class ttRoleHelper { global $i18n; global $user; - $rights_client = 'view_own_data,manage_own_settings'; - $rights_user = 'data_entry,view_own_data,manage_own_settings,view_users'; - $rights_supervisor = $rights_user.',on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets'; + $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings'; + $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users'; + $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices'; $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'; diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 4d0147de..27fdad16 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.39.4062 | Copyright © Anuko | +  Anuko Time Tracker 1.17.40.4063 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/charts.php b/charts.php index df38cce6..9df70d55 100644 --- a/charts.php +++ b/charts.php @@ -38,7 +38,7 @@ import('ttUserHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessAllowed('view_own_data') || !$user->isPluginEnabled('ch')) { +if (!ttAccessAllowed('view_own_charts') || !$user->isPluginEnabled('ch')) { header('Location: access_denied.php'); exit(); } diff --git a/dbinstall.php b/dbinstall.php index f333bd3a..6a37805f 100755 --- a/dbinstall.php +++ b/dbinstall.php @@ -752,6 +752,10 @@ if ($_POST) { setChange("INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_data,manage_own_settings,view_users,on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups')"); setChange("UPDATE `tt_site_config` SET `param_value` = '1.17.35' where param_name = 'version_db'"); setChange("update `tt_users` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set role_id = (select id from tt_roles where rank = 1024) where role = 1024"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = 'data_entry,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups' where team_id = 0 and rank = 512"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_own_data', 'view_own_reports,view_own_charts') where team_id > 0"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_data', 'view_reports,view_charts') where team_id > 0"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_own_charts', 'view_own_charts,view_own_invoices') where team_id > 0 and rank = 16"); } if ($_POST["cleanup"]) { diff --git a/expense_delete.php b/expense_delete.php index c5f53aa9..d17f251e 100644 --- a/expense_delete.php +++ b/expense_delete.php @@ -32,7 +32,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/expense_edit.php b/expense_edit.php index f13c7919..3fd23591 100644 --- a/expense_edit.php +++ b/expense_edit.php @@ -33,7 +33,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/expenses.php b/expenses.php index 99418276..a6502fa1 100644 --- a/expenses.php +++ b/expenses.php @@ -34,7 +34,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/export.php b/export.php index f0469497..7ccce330 100644 --- a/export.php +++ b/export.php @@ -31,7 +31,7 @@ import('ttExportHelper'); import('form.Form'); // Access check. -if (!ttAccessCheck(right_export_team)) { +if (!ttAccessAllowed('export_data')) { header('Location: access_denied.php'); exit(); } diff --git a/import.php b/import.php index ce6aa723..dd30ad3a 100644 --- a/import.php +++ b/import.php @@ -31,7 +31,7 @@ import('ttImportHelper'); import('form.Form'); // Access check. -if (!ttAccessCheck(right_administer_site)) { +if (!ttAccessAllowed('administer_site')) { header('Location: access_denied.php'); exit(); } diff --git a/invoice_add.php b/invoice_add.php index 0e752dca..01b77615 100644 --- a/invoice_add.php +++ b/invoice_add.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttInvoiceHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) { +if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) { header('Location: access_denied.php'); exit(); } diff --git a/invoice_delete.php b/invoice_delete.php index 175889e2..6fd8270d 100644 --- a/invoice_delete.php +++ b/invoice_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttInvoiceHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) { +if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) { header('Location: access_denied.php'); exit(); } diff --git a/invoice_send.php b/invoice_send.php index eb4b2a3f..ee333a62 100644 --- a/invoice_send.php +++ b/invoice_send.php @@ -32,7 +32,7 @@ import('ttInvoiceHelper'); import('ttSysConfig'); // Access check. -if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) { +if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) { header('Location: access_denied.php'); exit(); } diff --git a/mysql.sql b/mysql.sql index 35ff8ce2..4cacf9a0 100644 --- a/mysql.sql +++ b/mysql.sql @@ -66,7 +66,7 @@ create unique index role_idx on tt_roles(team_id, rank, status); # Insert site-wide roles - site administrator and top manager. INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site'); -INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_data,manage_own_settings,view_users,on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'); +INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'); # diff --git a/role_add.php b/role_add.php index b44304be..de25f70c 100644 --- a/role_add.php +++ b/role_add.php @@ -67,7 +67,7 @@ if ($request->isPost()) { 'name' => $cl_name, 'rank' => $cl_rank, 'description' => $cl_description, - 'rights' => 'data_entry,view_own_data,manage_own_settings,view_users', // Default user rights. + 'rights' => 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users', // Default user rights. 'status' => ACTIVE))) { header('Location: roles.php'); exit(); -- 2.20.1