projects / timetracker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 030d2c3)
More improvements to access checks.
authorNik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:52:42 +0000 (19:52 +0000)
committerNik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:52:42 +0000 (19:52 +0000)
13 files changed:
WEB-INF/templates/footer.tpl patch | blob | history
task_add.php patch | blob | history
task_delete.php patch | blob | history
task_edit.php patch | blob | history
tasks.php patch | blob | history
time.php patch | blob | history
time_delete.php patch | blob | history
time_edit.php patch | blob | history
tofile.php patch | blob | history
topdf.php patch | blob | history
users.php patch | blob | history
week.php patch | blob | history
week_view.php patch | blob | history

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index b99c720..a4a020e 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4157 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4158 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/task_add.php b/task_add.php
index 12c5446..a5149e8 100644 (file)
--- a/task_add.php
+++ b/task_add.php
@@ -32,11 +32,15 @@ import('form.ActionForm');
 import('ttTeamHelper');
 import('ttTaskHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $projects = ttTeamHelper::getActiveProjects($user->team_id);
 
diff --git a/task_delete.php b/task_delete.php
index d72220d..0e9f40c 100644 (file)
--- a/task_delete.php
+++ b/task_delete.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('ttTaskHelper');
 import('form.Form');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_task_id = (int)$request->getParameter('id');
 $task = ttTaskHelper::get($cl_task_id);
diff --git a/task_edit.php b/task_edit.php
index 36e717d..bba89be 100644 (file)
--- a/task_edit.php
+++ b/task_edit.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttTeamHelper');
 import('ttTaskHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_task_id = (int)$request->getParameter('id');
 $projects = ttTeamHelper::getActiveProjects($user->team_id);
diff --git a/tasks.php b/tasks.php
index 5bc3fd4..5505e6d 100644 (file)
--- a/tasks.php
+++ b/tasks.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $smarty->assign('active_tasks', ttTeamHelper::getActiveTasks($user->team_id));
 $smarty->assign('inactive_tasks', ttTeamHelper::getInactiveTasks($user->team_id));
diff --git a/time.php b/time.php
index 270a8aa..1c29aa8 100644 (file)
--- a/time.php
+++ b/time.php
@@ -42,7 +42,7 @@ import('DateAndTime');
 // }
 
 // Access check.
-if (!ttAccessAllowed('track_own_time')) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/time_delete.php b/time_delete.php
index 2ad3ea4..ec3c677 100644 (file)
--- a/time_delete.php
+++ b/time_delete.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessAllowed('track_own_time')) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/time_edit.php b/time_edit.php
index dd3edde..c14928f 100644 (file)
--- a/time_edit.php
+++ b/time_edit.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessAllowed('track_own_time')) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/tofile.php b/tofile.php
index 67c5b31..abd1f27 100644 (file)
--- a/tofile.php
+++ b/tofile.php
@@ -32,7 +32,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/topdf.php b/topdf.php
index b8f6684..3177d15 100644 (file)
--- a/topdf.php
+++ b/topdf.php
@@ -36,7 +36,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/users.php b/users.php
index 8602186..35fd416 100644 (file)
--- a/users.php
+++ b/users.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_users')) {
+if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/week.php b/week.php
index e26aa11..f1dc788 100644 (file)
--- a/week.php
+++ b/week.php
@@ -38,11 +38,15 @@ import('ttClientHelper');
 import('ttTimeHelper');
 import('DateAndTime');
 
-// Access check.
-if (!ttAccessAllowed('track_own_time') || !$user->isPluginEnabled('wv')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('wv')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 // Initialize and store date in session.
 $cl_date = $request->getParameter('date', @$_SESSION['date']);
diff --git a/week_view.php b/week_view.php
index b273d27..e5ec147 100644 (file)
--- a/week_view.php
+++ b/week_view.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('wv')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_week_note = $request->getParameter('week_note');
Unnamed repository; edit this file 'description' to name the repository.