Access checks re-done using role rights.

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index e9f9332..69c38b7 100644 (file)
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -325,30 +325,9 @@ function ttValidCondition($val, $emptyValid = true)
   return true;
 }
 
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
-{
-  global $auth;
-  global $user;
-  
-  // Redirect to login page if user is not authenticated.
-  if (!$auth->isAuthenticated()) {
-    header('Location: login.php');
-    exit();
-  }
-  
-  // Check rights.
-  if (!($required_rights & $user->rights_mask))
-    return false;
-    
-  return true;
-}
-
 // ttAccessAllowed checks whether user is allowed access to a particular page.
-// This function is a replacement for ttAccessCheck above as part of roles revamp.
-// To be used as an initial check on all publicly available pages
-// (except login.php and register.php where we don't have to check).
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
 function ttAccessAllowed($required_right)
 {
   global $auth;

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 3f18617..6436952 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.41.4065 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.41.4066 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/invoices.php b/invoices.php
index a014472..0617a44 100644 (file)
--- a/invoices.php
+++ b/invoices.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/locking.php b/locking.php
index f2b7779..1f9530c 100644 (file)
--- a/locking.php
+++ b/locking.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('lk')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('lk')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_add.php b/mobile/client_add.php
index e489496..71f51ca 100644 (file)
--- a/mobile/client_add.php
+++ b/mobile/client_add.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_delete.php b/mobile/client_delete.php
index 51e87b4..b57e581 100644 (file)
--- a/mobile/client_delete.php
+++ b/mobile/client_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_edit.php b/mobile/client_edit.php
index ac3e60c..fc22036 100644 (file)
--- a/mobile/client_edit.php
+++ b/mobile/client_edit.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/clients.php b/mobile/clients.php
index 6312c2d..aa6e6ad 100644 (file)
--- a/mobile/clients.php
+++ b/mobile/clients.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php
index 8e89513..1b4a390 100644 (file)
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -32,7 +32,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php
index a4b1f2d..e54ffb0 100644 (file)
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -33,7 +33,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expenses.php b/mobile/expenses.php
index 82fe428..24c78ce 100644 (file)
--- a/mobile/expenses.php
+++ b/mobile/expenses.php
@@ -34,7 +34,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_add.php b/mobile/project_add.php
index 1ae6b4d..f7dc3fb 100644 (file)
--- a/mobile/project_add.php
+++ b/mobile/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_delete.php b/mobile/project_delete.php
index eb5e040..6e57f4d 100644 (file)
--- a/mobile/project_delete.php
+++ b/mobile/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttProjectHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_edit.php b/mobile/project_edit.php
index f7a37aa..4c84c7c 100644 (file)
--- a/mobile/project_edit.php
+++ b/mobile/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/projects.php b/mobile/projects.php
index 5dee360..0a9c490 100644 (file)
--- a/mobile/projects.php
+++ b/mobile/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_add.php b/mobile/task_add.php
index 700b915..b413002 100644 (file)
--- a/mobile/task_add.php
+++ b/mobile/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_delete.php b/mobile/task_delete.php
index 44f840c..4b6b149 100644 (file)
--- a/mobile/task_delete.php
+++ b/mobile/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_edit.php b/mobile/task_edit.php
index b454cbe..c4bc9d3 100644 (file)
--- a/mobile/task_edit.php
+++ b/mobile/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/tasks.php b/mobile/tasks.php
index 8b828cf..1e8b40a 100644 (file)
--- a/mobile/tasks.php
+++ b/mobile/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time.php b/mobile/time.php
index aff2137..dcef648 100644 (file)
--- a/mobile/time.php
+++ b/mobile/time.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_delete.php b/mobile/time_delete.php
index c9602b4..81e0c65 100644 (file)
--- a/mobile/time_delete.php
+++ b/mobile/time_delete.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_edit.php b/mobile/time_edit.php
index 73496ca..74805ab 100644 (file)
--- a/mobile/time_edit.php
+++ b/mobile/time_edit.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/timer.php b/mobile/timer.php
index 9579031..47310b7 100644 (file)
--- a/mobile/timer.php
+++ b/mobile/timer.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_add.php b/mobile/user_add.php
index 24adc11..7737ed9 100644 (file)
--- a/mobile/user_add.php
+++ b/mobile/user_add.php
@@ -34,7 +34,7 @@ import('form.Table');
 import('form.TableColumn');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_delete.php b/mobile/user_delete.php
index aa25a5b..8a4236b 100644 (file)
--- a/mobile/user_delete.php
+++ b/mobile/user_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_edit.php b/mobile/user_edit.php
index 328b8fa..dc43258 100644 (file)
--- a/mobile/user_edit.php
+++ b/mobile/user_edit.php
@@ -35,7 +35,7 @@ import('form.Table');
 import('form.TableColumn');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/users.php b/mobile/users.php
index 1eee608..8ae0fc9 100644 (file)
--- a/mobile/users.php
+++ b/mobile/users.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_add.php b/notification_add.php
index 9f5bf36..3cac652 100644 (file)
--- a/notification_add.php
+++ b/notification_add.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_delete.php b/notification_delete.php
index 834befb..0b6cf5c 100644 (file)
--- a/notification_delete.php
+++ b/notification_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_edit.php b/notification_edit.php
index 8a2ab05..ec26f61 100644 (file)
--- a/notification_edit.php
+++ b/notification_edit.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notifications.php b/notifications.php
index 68cdfff..4205dff 100644 (file)
--- a/notifications.php
+++ b/notifications.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_add.php b/predefined_expense_add.php
index 76fbb22..5e73059 100644 (file)
--- a/predefined_expense_add.php
+++ b/predefined_expense_add.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_delete.php b/predefined_expense_delete.php
index 1c8a0fe..3b1cde5 100644 (file)
--- a/predefined_expense_delete.php
+++ b/predefined_expense_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php
index 83f3fdd..64bf9d8 100644 (file)
--- a/predefined_expense_edit.php
+++ b/predefined_expense_edit.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expenses.php b/predefined_expenses.php
index 4fa6d40..9db98e0 100644 (file)
--- a/predefined_expenses.php
+++ b/predefined_expenses.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/profile_edit.php b/profile_edit.php
index 04f91b4..ba157a9 100644 (file)
--- a/profile_edit.php
+++ b/profile_edit.php
@@ -32,7 +32,7 @@ import('ttUserHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry|right_view_reports)) {
+if (!ttAccessAllowed('manage_own_settings')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_add.php b/project_add.php
index fe46a6b..99f8c6d 100644 (file)
--- a/project_add.php
+++ b/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_delete.php b/project_delete.php
index 832bf4f..a6b6ed5 100644 (file)
--- a/project_delete.php
+++ b/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttProjectHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_edit.php b/project_edit.php
index 11abccc..d7b6756 100644 (file)
--- a/project_edit.php
+++ b/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/projects.php b/projects.php
index d9f3685..d5f3bc1 100644 (file)
--- a/projects.php
+++ b/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/quotas.php b/quotas.php
index 52d8136..06fdbbe 100644 (file)
--- a/quotas.php
+++ b/quotas.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('mq')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/report.php b/report.php
index bc2a0d1..c4bfd06 100644 (file)
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/report_send.php b/report_send.php
index a19756a..9be9676 100644 (file)
--- a/report_send.php
+++ b/report_send.php
@@ -33,7 +33,7 @@ import('ttSysConfig');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/reports.php b/reports.php
index 27a7224..fe56001 100644 (file)
--- a/reports.php
+++ b/reports.php
@@ -37,7 +37,7 @@ import('ttFavReportHelper');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_add.php b/role_add.php
index de25f70..684ee11 100644 (file)
--- a/role_add.php
+++ b/role_add.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_delete.php b/role_delete.php
index 4198ec6..7bf6ae6 100644 (file)
--- a/role_delete.php
+++ b/role_delete.php
@@ -31,7 +31,7 @@ import('ttRoleHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_edit.php b/role_edit.php
index 99fbbc4..ea0699a 100644 (file)
--- a/role_edit.php
+++ b/role_edit.php
@@ -33,7 +33,7 @@ import('ttTaskHelper'); // TODO: remove this?
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/roles.php b/roles.php
index b4facce..efeb495 100644 (file)
--- a/roles.php
+++ b/roles.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_add.php b/task_add.php
index 5ef549b..40eb488 100644 (file)
--- a/task_add.php
+++ b/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_delete.php b/task_delete.php
index f04f032..3cdb5b6 100644 (file)
--- a/task_delete.php
+++ b/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_edit.php b/task_edit.php
index bfc1bef..5c70f11 100644 (file)
--- a/task_edit.php
+++ b/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/tasks.php b/tasks.php
index 3ea2faa..a1033a5 100644 (file)
--- a/tasks.php
+++ b/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time.php b/time.php
index 381634f..aeeedd2 100644 (file)
--- a/time.php
+++ b/time.php
@@ -42,7 +42,7 @@ import('DateAndTime');
 // }
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_delete.php b/time_delete.php
index c501728..3b4d95c 100644 (file)
--- a/time_delete.php
+++ b/time_delete.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_edit.php b/time_edit.php
index 58d963f..b665bf8 100644 (file)
--- a/time_edit.php
+++ b/time_edit.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/tofile.php b/tofile.php
index 6849b7f..1b367e2 100644 (file)
--- a/tofile.php
+++ b/tofile.php
@@ -32,7 +32,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/topdf.php b/topdf.php
index f0fdb60..2be45cc 100644 (file)
--- a/topdf.php
+++ b/topdf.php
@@ -35,6 +35,12 @@ import('form.Form');
 import('form.ActionForm');
 import('ttReportHelper');
 
+// Access check.
+if (!ttAccessAllowed('view_own_reports')) {
+  header('Location: access_denied.php');
+  exit();
+}
+
 // Check whether TCPDF library is available.
 if (!file_exists('WEB-INF/lib/tcpdf/'))
   die('TCPDF library is not found in WEB-INF/lib/tcpdf/');
@@ -42,12 +48,6 @@ if (!file_exists('WEB-INF/lib/tcpdf/'))
 // Include TCPDF library.
 require_once('WEB-INF/lib/tcpdf/tcpdf.php');
 
-// Access check.
-if (!ttAccessCheck(right_view_reports)) {
-  header('Location: access_denied.php');
-  exit();
-}
-
 // Use custom fields plugin if it is enabled.
 if ($user->isPluginEnabled('cf')) {
   require_once('plugins/CustomFields.class.php');

diff --git a/user_add.php b/user_add.php
index 66d2f2d..69ee3b1 100644 (file)
--- a/user_add.php
+++ b/user_add.php
@@ -35,7 +35,7 @@ import('form.TableColumn');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/user_delete.php b/user_delete.php
index 1f0a40d..f30ec8a 100644 (file)
--- a/user_delete.php
+++ b/user_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/user_edit.php b/user_edit.php
index f890282..493b00b 100644 (file)
--- a/user_edit.php
+++ b/user_edit.php
@@ -36,7 +36,7 @@ import('form.TableColumn');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/users.php b/users.php
index 3fc2667..79f2df3 100644 (file)
--- a/users.php
+++ b/users.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/week.php b/week.php
index 1945324..be89944 100644 (file)
--- a/week.php
+++ b/week.php
@@ -39,7 +39,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('wv')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/week_view.php b/week_view.php
index 7c722da..99dc2ee 100644 (file)
--- a/week_view.php
+++ b/week_view.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) {
   header('Location: access_denied.php');
   exit();
 }