From b401022733a9645ed701522585b2d57db936f5cc Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Tue, 13 Mar 2018 00:02:32 +0000 Subject: [PATCH] Access checks re-done using role rights. --- WEB-INF/lib/common.lib.php | 25 ++----------------------- WEB-INF/templates/footer.tpl | 2 +- invoices.php | 2 +- locking.php | 2 +- mobile/client_add.php | 2 +- mobile/client_delete.php | 2 +- mobile/client_edit.php | 2 +- mobile/clients.php | 2 +- mobile/expense_delete.php | 2 +- mobile/expense_edit.php | 2 +- mobile/expenses.php | 2 +- mobile/project_add.php | 2 +- mobile/project_delete.php | 2 +- mobile/project_edit.php | 2 +- mobile/projects.php | 2 +- mobile/task_add.php | 2 +- mobile/task_delete.php | 2 +- mobile/task_edit.php | 2 +- mobile/tasks.php | 2 +- mobile/time.php | 2 +- mobile/time_delete.php | 2 +- mobile/time_edit.php | 2 +- mobile/timer.php | 2 +- mobile/user_add.php | 2 +- mobile/user_delete.php | 2 +- mobile/user_edit.php | 2 +- mobile/users.php | 2 +- notification_add.php | 2 +- notification_delete.php | 2 +- notification_edit.php | 2 +- notifications.php | 2 +- predefined_expense_add.php | 2 +- predefined_expense_delete.php | 2 +- predefined_expense_edit.php | 2 +- predefined_expenses.php | 2 +- profile_edit.php | 2 +- project_add.php | 2 +- project_delete.php | 2 +- project_edit.php | 2 +- projects.php | 2 +- quotas.php | 2 +- report.php | 2 +- report_send.php | 2 +- reports.php | 2 +- role_add.php | 2 +- role_delete.php | 2 +- role_edit.php | 2 +- roles.php | 2 +- task_add.php | 2 +- task_delete.php | 2 +- task_edit.php | 2 +- tasks.php | 2 +- time.php | 2 +- time_delete.php | 2 +- time_edit.php | 2 +- tofile.php | 2 +- topdf.php | 12 ++++++------ user_add.php | 2 +- user_delete.php | 2 +- user_edit.php | 2 +- users.php | 2 +- week.php | 2 +- week_view.php | 2 +- 63 files changed, 69 insertions(+), 90 deletions(-) diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php index e9f93327..69c38b73 100644 --- a/WEB-INF/lib/common.lib.php +++ b/WEB-INF/lib/common.lib.php @@ -325,30 +325,9 @@ function ttValidCondition($val, $emptyValid = true) return true; } -// ttAccessCheck is used to check whether user is allowed to proceed. This function is used -// as an initial check on all publicly available pages. -function ttAccessCheck($required_rights) -{ - global $auth; - global $user; - - // Redirect to login page if user is not authenticated. - if (!$auth->isAuthenticated()) { - header('Location: login.php'); - exit(); - } - - // Check rights. - if (!($required_rights & $user->rights_mask)) - return false; - - return true; -} - // ttAccessAllowed checks whether user is allowed access to a particular page. -// This function is a replacement for ttAccessCheck above as part of roles revamp. -// To be used as an initial check on all publicly available pages -// (except login.php and register.php where we don't have to check). +// It is used as an initial check on all publicly available pages +// (except login.php, register.php, and others where we don't have to check). function ttAccessAllowed($required_right) { global $auth; diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 3f186179..6436952c 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.41.4065 | Copyright © Anuko | +  Anuko Time Tracker 1.17.41.4066 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/invoices.php b/invoices.php index a014472f..0617a44f 100644 --- a/invoices.php +++ b/invoices.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) { +if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) { header('Location: access_denied.php'); exit(); } diff --git a/locking.php b/locking.php index f2b7779b..1f9530c9 100644 --- a/locking.php +++ b/locking.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('lk')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('lk')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/client_add.php b/mobile/client_add.php index e4894962..71f51ca1 100644 --- a/mobile/client_add.php +++ b/mobile/client_add.php @@ -32,7 +32,7 @@ import('ttClientHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) { +if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/client_delete.php b/mobile/client_delete.php index 51e87b43..b57e581d 100644 --- a/mobile/client_delete.php +++ b/mobile/client_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttClientHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) { +if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/client_edit.php b/mobile/client_edit.php index ac3e60c7..fc220369 100644 --- a/mobile/client_edit.php +++ b/mobile/client_edit.php @@ -32,7 +32,7 @@ import('ttClientHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) { +if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/clients.php b/mobile/clients.php index 6312c2dd..aa6e6ad3 100644 --- a/mobile/clients.php +++ b/mobile/clients.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) { +if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php index 8e89513f..1b4a3905 100644 --- a/mobile/expense_delete.php +++ b/mobile/expense_delete.php @@ -32,7 +32,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php index a4b1f2d0..e54ffb05 100644 --- a/mobile/expense_edit.php +++ b/mobile/expense_edit.php @@ -33,7 +33,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expenses.php b/mobile/expenses.php index 82fe428f..24c78ce0 100644 --- a/mobile/expenses.php +++ b/mobile/expenses.php @@ -34,7 +34,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/project_add.php b/mobile/project_add.php index 1ae6b4df..f7dc3fbf 100644 --- a/mobile/project_add.php +++ b/mobile/project_add.php @@ -32,7 +32,7 @@ import('ttProjectHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/project_delete.php b/mobile/project_delete.php index eb5e0403..6e57f4d4 100644 --- a/mobile/project_delete.php +++ b/mobile/project_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttProjectHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/project_edit.php b/mobile/project_edit.php index f7a37aaf..4c84c7c5 100644 --- a/mobile/project_edit.php +++ b/mobile/project_edit.php @@ -32,7 +32,7 @@ import('ttProjectHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/projects.php b/mobile/projects.php index 5dee3605..0a9c490c 100644 --- a/mobile/projects.php +++ b/mobile/projects.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/task_add.php b/mobile/task_add.php index 700b9158..b413002b 100644 --- a/mobile/task_add.php +++ b/mobile/task_add.php @@ -33,7 +33,7 @@ import('ttTeamHelper'); import('ttTaskHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/task_delete.php b/mobile/task_delete.php index 44f840c1..4b6b149d 100644 --- a/mobile/task_delete.php +++ b/mobile/task_delete.php @@ -31,7 +31,7 @@ import('ttTaskHelper'); import('form.Form'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/task_edit.php b/mobile/task_edit.php index b454cbe5..c4bc9d33 100644 --- a/mobile/task_edit.php +++ b/mobile/task_edit.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttTaskHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/tasks.php b/mobile/tasks.php index 8b828cfb..1e8b40a7 100644 --- a/mobile/tasks.php +++ b/mobile/tasks.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time.php b/mobile/time.php index aff21379..dcef6483 100644 --- a/mobile/time.php +++ b/mobile/time.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time_delete.php b/mobile/time_delete.php index c9602b4e..81e0c654 100644 --- a/mobile/time_delete.php +++ b/mobile/time_delete.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time_edit.php b/mobile/time_edit.php index 73496ca4..74805ab7 100644 --- a/mobile/time_edit.php +++ b/mobile/time_edit.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/timer.php b/mobile/timer.php index 95790311..47310b72 100644 --- a/mobile/timer.php +++ b/mobile/timer.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/user_add.php b/mobile/user_add.php index 24adc112..7737ed9a 100644 --- a/mobile/user_add.php +++ b/mobile/user_add.php @@ -34,7 +34,7 @@ import('form.Table'); import('form.TableColumn'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/user_delete.php b/mobile/user_delete.php index aa25a5b3..8a4236b0 100644 --- a/mobile/user_delete.php +++ b/mobile/user_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttUserHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/user_edit.php b/mobile/user_edit.php index 328b8fab..dc432580 100644 --- a/mobile/user_edit.php +++ b/mobile/user_edit.php @@ -35,7 +35,7 @@ import('form.Table'); import('form.TableColumn'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/users.php b/mobile/users.php index 1eee6089..8ae0fc93 100644 --- a/mobile/users.php +++ b/mobile/users.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttTimeHelper'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('view_users')) { header('Location: access_denied.php'); exit(); } diff --git a/notification_add.php b/notification_add.php index 9f5bf361..3cac6521 100644 --- a/notification_add.php +++ b/notification_add.php @@ -34,7 +34,7 @@ import('ttFavReportHelper'); import('ttNotificationHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) { header('Location: access_denied.php'); exit(); } diff --git a/notification_delete.php b/notification_delete.php index 834befbe..0b6cf5cc 100644 --- a/notification_delete.php +++ b/notification_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttNotificationHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) { header('Location: access_denied.php'); exit(); } diff --git a/notification_edit.php b/notification_edit.php index 8a2ab056..ec26f610 100644 --- a/notification_edit.php +++ b/notification_edit.php @@ -34,7 +34,7 @@ import('ttFavReportHelper'); import('ttNotificationHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) { header('Location: access_denied.php'); exit(); } diff --git a/notifications.php b/notifications.php index 68cdfff8..4205dffa 100644 --- a/notifications.php +++ b/notifications.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) { header('Location: access_denied.php'); exit(); } diff --git a/predefined_expense_add.php b/predefined_expense_add.php index 76fbb221..5e730599 100644 --- a/predefined_expense_add.php +++ b/predefined_expense_add.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttPredefinedExpenseHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/predefined_expense_delete.php b/predefined_expense_delete.php index 1c8a0fed..3b1cde55 100644 --- a/predefined_expense_delete.php +++ b/predefined_expense_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttPredefinedExpenseHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php index 83f3fddf..64bf9d84 100644 --- a/predefined_expense_edit.php +++ b/predefined_expense_edit.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttPredefinedExpenseHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/predefined_expenses.php b/predefined_expenses.php index 4fa6d403..9db98e0e 100644 --- a/predefined_expenses.php +++ b/predefined_expenses.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/profile_edit.php b/profile_edit.php index 04f91b4c..ba157a9c 100644 --- a/profile_edit.php +++ b/profile_edit.php @@ -32,7 +32,7 @@ import('ttUserHelper'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_data_entry|right_view_reports)) { +if (!ttAccessAllowed('manage_own_settings')) { header('Location: access_denied.php'); exit(); } diff --git a/project_add.php b/project_add.php index fe46a6bd..99f8c6d5 100644 --- a/project_add.php +++ b/project_add.php @@ -32,7 +32,7 @@ import('ttProjectHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/project_delete.php b/project_delete.php index 832bf4f7..a6b6ed53 100644 --- a/project_delete.php +++ b/project_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttProjectHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/project_edit.php b/project_edit.php index 11abccc8..d7b67565 100644 --- a/project_edit.php +++ b/project_edit.php @@ -32,7 +32,7 @@ import('ttProjectHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/projects.php b/projects.php index d9f36851..d5f3bc12 100644 --- a/projects.php +++ b/projects.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/quotas.php b/quotas.php index 52d8136f..06fdbbe5 100644 --- a/quotas.php +++ b/quotas.php @@ -33,7 +33,7 @@ import('ttTeamHelper'); import('ttTimeHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('mq')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) { header('Location: access_denied.php'); exit(); } diff --git a/report.php b/report.php index bc2a0d16..c4bfd068 100644 --- a/report.php +++ b/report.php @@ -33,7 +33,7 @@ import('ttReportHelper'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_view_reports)) { +if (!ttAccessAllowed('view_own_reports')) { header('Location: access_denied.php'); exit(); } diff --git a/report_send.php b/report_send.php index a19756a2..9be9676f 100644 --- a/report_send.php +++ b/report_send.php @@ -33,7 +33,7 @@ import('ttSysConfig'); import('ttReportHelper'); // Access check. -if (!ttAccessCheck(right_view_reports)) { +if (!ttAccessAllowed('view_own_reports')) { header('Location: access_denied.php'); exit(); } diff --git a/reports.php b/reports.php index 27a72244..fe560016 100644 --- a/reports.php +++ b/reports.php @@ -37,7 +37,7 @@ import('ttFavReportHelper'); import('ttClientHelper'); // Access check. -if (!ttAccessCheck(right_view_reports)) { +if (!ttAccessAllowed('view_own_reports')) { header('Location: access_denied.php'); exit(); } diff --git a/role_add.php b/role_add.php index de25f70c..684ee11b 100644 --- a/role_add.php +++ b/role_add.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_roles')) { header('Location: access_denied.php'); exit(); } diff --git a/role_delete.php b/role_delete.php index 4198ec60..7bf6ae69 100644 --- a/role_delete.php +++ b/role_delete.php @@ -31,7 +31,7 @@ import('ttRoleHelper'); import('form.Form'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_roles')) { header('Location: access_denied.php'); exit(); } diff --git a/role_edit.php b/role_edit.php index 99fbbc49..ea0699ab 100644 --- a/role_edit.php +++ b/role_edit.php @@ -33,7 +33,7 @@ import('ttTaskHelper'); // TODO: remove this? import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_roles')) { header('Location: access_denied.php'); exit(); } diff --git a/roles.php b/roles.php index b4facce1..efeb4957 100644 --- a/roles.php +++ b/roles.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_roles')) { header('Location: access_denied.php'); exit(); } diff --git a/task_add.php b/task_add.php index 5ef549bb..40eb4887 100644 --- a/task_add.php +++ b/task_add.php @@ -33,7 +33,7 @@ import('ttTeamHelper'); import('ttTaskHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/task_delete.php b/task_delete.php index f04f0326..3cdb5b69 100644 --- a/task_delete.php +++ b/task_delete.php @@ -31,7 +31,7 @@ import('ttTaskHelper'); import('form.Form'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/task_edit.php b/task_edit.php index bfc1bef0..5c70f11b 100644 --- a/task_edit.php +++ b/task_edit.php @@ -32,7 +32,7 @@ import('ttTeamHelper'); import('ttTaskHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/tasks.php b/tasks.php index 3ea2faaa..a1033a5c 100644 --- a/tasks.php +++ b/tasks.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { +if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) { header('Location: access_denied.php'); exit(); } diff --git a/time.php b/time.php index 381634f6..aeeedd25 100644 --- a/time.php +++ b/time.php @@ -42,7 +42,7 @@ import('DateAndTime'); // } // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/time_delete.php b/time_delete.php index c5017284..3b4d95c2 100644 --- a/time_delete.php +++ b/time_delete.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/time_edit.php b/time_edit.php index 58d963fb..b665bf86 100644 --- a/time_edit.php +++ b/time_edit.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('data_entry')) { header('Location: access_denied.php'); exit(); } diff --git a/tofile.php b/tofile.php index 6849b7f1..1b367e25 100644 --- a/tofile.php +++ b/tofile.php @@ -32,7 +32,7 @@ import('form.ActionForm'); import('ttReportHelper'); // Access check. -if (!ttAccessCheck(right_view_reports)) { +if (!ttAccessAllowed('view_own_reports')) { header('Location: access_denied.php'); exit(); } diff --git a/topdf.php b/topdf.php index f0fdb602..2be45cc4 100644 --- a/topdf.php +++ b/topdf.php @@ -35,6 +35,12 @@ import('form.Form'); import('form.ActionForm'); import('ttReportHelper'); +// Access check. +if (!ttAccessAllowed('view_own_reports')) { + header('Location: access_denied.php'); + exit(); +} + // Check whether TCPDF library is available. if (!file_exists('WEB-INF/lib/tcpdf/')) die('TCPDF library is not found in WEB-INF/lib/tcpdf/'); @@ -42,12 +48,6 @@ if (!file_exists('WEB-INF/lib/tcpdf/')) // Include TCPDF library. require_once('WEB-INF/lib/tcpdf/tcpdf.php'); -// Access check. -if (!ttAccessCheck(right_view_reports)) { - header('Location: access_denied.php'); - exit(); -} - // Use custom fields plugin if it is enabled. if ($user->isPluginEnabled('cf')) { require_once('plugins/CustomFields.class.php'); diff --git a/user_add.php b/user_add.php index 66d2f2d4..69ee3b11 100644 --- a/user_add.php +++ b/user_add.php @@ -35,7 +35,7 @@ import('form.TableColumn'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/user_delete.php b/user_delete.php index 1f0a40de..f30ec8a8 100644 --- a/user_delete.php +++ b/user_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttUserHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/user_edit.php b/user_edit.php index f890282d..493b00ba 100644 --- a/user_edit.php +++ b/user_edit.php @@ -36,7 +36,7 @@ import('form.TableColumn'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_manage_team)) { +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } diff --git a/users.php b/users.php index 3fc26677..79f2df3e 100644 --- a/users.php +++ b/users.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('ttRoleHelper'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('view_users')) { header('Location: access_denied.php'); exit(); } diff --git a/week.php b/week.php index 19453247..be89944c 100644 --- a/week.php +++ b/week.php @@ -39,7 +39,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('wv')) { +if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('wv')) { header('Location: access_denied.php'); exit(); } diff --git a/week_view.php b/week_view.php index 7c722da0..99dc2eee 100644 --- a/week_view.php +++ b/week_view.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('wv')) { +if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) { header('Location: access_denied.php'); exit(); } -- 2.20.1