Added more access control checks.

author anuko <support@anuko.com>

Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)

committer anuko <support@anuko.com>

Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)
author anuko <support@anuko.com>
Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)
committer anuko <support@anuko.com>
Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)
diff --git a/expense_delete.php b/expense_delete.php

index 38800b6..c5f53aa 100644 (file)
--- a/expense_delete.php
+++ b/expense_delete.php
@@ -32,7 +32,7 @@ import('DateAndTime');
  import('ttExpenseHelper');
  
  // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/expense_edit.php b/expense_edit.php

index 213cfcb..2f02691 100644 (file)
--- a/expense_edit.php
+++ b/expense_edit.php
@@ -33,7 +33,7 @@ import('DateAndTime');
  import('ttExpenseHelper');
  
  // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/invoice_add.php b/invoice_add.php

index f68753f..0e752dc 100644 (file)
--- a/invoice_add.php
+++ b/invoice_add.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
  import('ttInvoiceHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/invoice_delete.php b/invoice_delete.php

index 7db539a..41f7c19 100644 (file)
--- a/invoice_delete.php
+++ b/invoice_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttInvoiceHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/invoice_send.php b/invoice_send.php

index e519132..b9e2a29 100644 (file)
--- a/invoice_send.php
+++ b/invoice_send.php
@@ -32,7 +32,7 @@ import('ttInvoiceHelper');
  import('ttSysConfig');
  
  // Access check.
-if (!ttAccessCheck(right_view_invoices)) {
+if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/invoice_view.php b/invoice_view.php

index 2bb9876..e94c04b 100644 (file)
--- a/invoice_view.php
+++ b/invoice_view.php
@@ -32,7 +32,7 @@ import('ttInvoiceHelper');
  import('ttClientHelper');
  
  // Access check.
-if (!ttAccessCheck(right_view_invoices)) {
+if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/invoices.php b/invoices.php

index ad0b285..a014472 100644 (file)
--- a/invoices.php
+++ b/invoices.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_view_invoices)) {
+if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/locking.php b/locking.php

index dfdc2f2..8acdcd7 100644 (file)
--- a/locking.php
+++ b/locking.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('lk')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/notification_add.php b/notification_add.php

index 80f46bb..05b6ce0 100644 (file)
--- a/notification_add.php
+++ b/notification_add.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
  import('ttNotificationHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/notification_delete.php b/notification_delete.php

index 50c3395..834befb 100644 (file)
--- a/notification_delete.php
+++ b/notification_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttNotificationHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/notification_edit.php b/notification_edit.php

index 30a9d8f..cd3f41b 100644 (file)
--- a/notification_edit.php
+++ b/notification_edit.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
  import('ttNotificationHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/notifications.php b/notifications.php

index 6a66b2f..68cdfff 100644 (file)
--- a/notifications.php
+++ b/notifications.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/project_add.php b/project_add.php

index 1c825d9..fe46a6b 100644 (file)
--- a/project_add.php
+++ b/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/project_delete.php b/project_delete.php

index b6f4655..832bf4f 100644 (file)
--- a/project_delete.php
+++ b/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttProjectHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/project_edit.php b/project_edit.php

index 9cca73e..11abccc 100644 (file)
--- a/project_edit.php
+++ b/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/projects.php b/projects.php

index cc79e4a..d9f3685 100644 (file)
--- a/projects.php
+++ b/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/quotas.php b/quotas.php

index 68b8a61..d846ae2 100644 (file)
--- a/quotas.php
+++ b/quotas.php
@@ -32,7 +32,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('mq')) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/task_add.php b/task_add.php

index ff98c97..5ef549b 100644 (file)
--- a/task_add.php
+++ b/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
  import('ttTaskHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/task_delete.php b/task_delete.php

index 3fd8350..ebc96e2 100644 (file)
--- a/task_delete.php
+++ b/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
  import('form.Form');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/task_edit.php b/task_edit.php

index 943e9a9..077c7c6 100644 (file)
--- a/task_edit.php
+++ b/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
  import('ttTaskHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
    header('Location: access_denied.php');
    exit();
  }
diff --git a/tasks.php b/tasks.php

index cf7f607..3ea2faa 100644 (file)
--- a/tasks.php
+++ b/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
    header('Location: access_denied.php');
    exit();
  }
author	anuko <support@anuko.com>
	Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)
committer	anuko <support@anuko.com>
	Sun, 25 Sep 2016 20:35:09 +0000 (20:35 +0000)
expense_delete.php		patch \| blob \| history
expense_edit.php		patch \| blob \| history
invoice_add.php		patch \| blob \| history
invoice_delete.php		patch \| blob \| history
invoice_send.php		patch \| blob \| history
invoice_view.php		patch \| blob \| history
invoices.php		patch \| blob \| history
locking.php		patch \| blob \| history
notification_add.php		patch \| blob \| history
notification_delete.php		patch \| blob \| history
notification_edit.php		patch \| blob \| history
notifications.php		patch \| blob \| history
project_add.php		patch \| blob \| history
project_delete.php		patch \| blob \| history
project_edit.php		patch \| blob \| history
projects.php		patch \| blob \| history
quotas.php		patch \| blob \| history
task_add.php		patch \| blob \| history
task_delete.php		patch \| blob \| history
task_edit.php		patch \| blob \| history
tasks.php		patch \| blob \| history