From e4fd9dd2dc0e3920d001b52e325b47fe0c9c65a3 Mon Sep 17 00:00:00 2001
From: anuko <support@anuko.com>
Date: Sun, 25 Sep 2016 20:56:48 +0000
Subject: [PATCH] Added more access control checks to mobile pages.

---
 WEB-INF/templates/footer.tpl | 2 +-
 mobile/client_add.php        | 2 +-
 mobile/client_delete.php     | 2 +-
 mobile/client_edit.php       | 2 +-
 mobile/expense_delete.php    | 2 +-
 mobile/expense_edit.php      | 2 +-
 mobile/project_add.php       | 2 +-
 mobile/project_delete.php    | 2 +-
 mobile/project_edit.php      | 2 +-
 mobile/projects.php          | 2 +-
 mobile/task_add.php          | 2 +-
 mobile/task_delete.php       | 2 +-
 mobile/task_edit.php         | 2 +-
 mobile/tasks.php             | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index a62e521c..466a65a6 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.9.31.3539 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.9.31.3540 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/mobile/client_add.php b/mobile/client_add.php
index 56f5d08a..e4894962 100644
--- a/mobile/client_add.php
+++ b/mobile/client_add.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/client_delete.php b/mobile/client_delete.php
index a0caf4fe..51e87b43 100644
--- a/mobile/client_delete.php
+++ b/mobile/client_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/client_edit.php b/mobile/client_edit.php
index cd6266da..ac3e60c7 100644
--- a/mobile/client_edit.php
+++ b/mobile/client_edit.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php
index b027bd94..8e89513f 100644
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -32,7 +32,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php
index e14372ea..c2df1abb 100644
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -33,7 +33,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/project_add.php b/mobile/project_add.php
index 4c9ad185..1ae6b4df 100644
--- a/mobile/project_add.php
+++ b/mobile/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/project_delete.php b/mobile/project_delete.php
index 79ed438e..eb5e0403 100644
--- a/mobile/project_delete.php
+++ b/mobile/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttProjectHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/project_edit.php b/mobile/project_edit.php
index 490a11e2..f7a37aaf 100644
--- a/mobile/project_edit.php
+++ b/mobile/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/projects.php b/mobile/projects.php
index 33d1d51b..5dee3605 100644
--- a/mobile/projects.php
+++ b/mobile/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/task_add.php b/mobile/task_add.php
index 9319e2a9..700b9158 100644
--- a/mobile/task_add.php
+++ b/mobile/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/task_delete.php b/mobile/task_delete.php
index aa74be1f..1fea8e12 100644
--- a/mobile/task_delete.php
+++ b/mobile/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/task_edit.php b/mobile/task_edit.php
index 248167ff..e2dcc990 100644
--- a/mobile/task_edit.php
+++ b/mobile/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mobile/tasks.php b/mobile/tasks.php
index 9b778bbf..8b828cfb 100644
--- a/mobile/tasks.php
+++ b/mobile/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }
-- 
2.20.1