Finished improving access checks by providing separate error msg for disabled features.

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index a4a020e..4eb4fd6 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4158 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.70.4159 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/mobile/client_add.php b/mobile/client_add.php
index 134819b..fc57853 100644 (file)
--- a/mobile/client_add.php
+++ b/mobile/client_add.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttClientHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
+// Access checks.
+if (!ttAccessAllowed('manage_clients')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('cl')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $projects = ttTeamHelper::getActiveProjects($user->team_id);
 

diff --git a/mobile/client_delete.php b/mobile/client_delete.php
index e23cd02..154d893 100644 (file)
--- a/mobile/client_delete.php
+++ b/mobile/client_delete.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('form.Form');
 import('ttClientHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
+// Access checks.
+if (!ttAccessAllowed('manage_clients')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('cl')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $id = (int)$request->getParameter('id');
 $client = ttClientHelper::getClient($id);

diff --git a/mobile/client_edit.php b/mobile/client_edit.php
index e4bc9b2..eb85922 100644 (file)
--- a/mobile/client_edit.php
+++ b/mobile/client_edit.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttClientHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
+// Access checks.
+if (!ttAccessAllowed('manage_clients')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('cl')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_id = (int) $request->getParameter('id');
 

diff --git a/mobile/clients.php b/mobile/clients.php
index d1a49f1..43e6848 100644 (file)
--- a/mobile/clients.php
+++ b/mobile/clients.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
+// Access checks.
+if (!ttAccessAllowed('manage_clients')) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('cl')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $smarty->assign('active_clients', ttTeamHelper::getActiveClients($user->team_id, true));
 $smarty->assign('inactive_clients', ttTeamHelper::getInactiveClients($user->team_id, true));

diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php
index 48051b4..cca61b7 100644 (file)
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('DateAndTime');
 import('ttExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_id = $request->getParameter('id');
 $expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());

diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php
index 7107e78..8da55a1 100644 (file)
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -32,11 +32,15 @@ import('ttTeamHelper');
 import('DateAndTime');
 import('ttExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_id = $request->getParameter('id');
 

diff --git a/mobile/index.php b/mobile/index.php
index 1c7cf23..9b2ed53 100644 (file)
--- a/mobile/index.php
+++ b/mobile/index.php
@@ -30,7 +30,7 @@ require_once('../initialize.php');
 
 // Redirects for admin and client roles.
 if ($auth->isAuthenticated()) {
-  if ($user->isAdmin()) {
+  if ($user->can('administer_site')) {
     header('Location: ../admin_teams.php');
     exit();
   } elseif ($user->isClient()) {

diff --git a/mobile/project_add.php b/mobile/project_add.php
index bbaa8fa..a9495d7 100644 (file)
--- a/mobile/project_add.php
+++ b/mobile/project_add.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttProjectHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $users = ttTeamHelper::getActiveUsers();
 foreach ($users as $user_item)

diff --git a/mobile/project_delete.php b/mobile/project_delete.php
index d2b0b32..c8753b8 100644 (file)
--- a/mobile/project_delete.php
+++ b/mobile/project_delete.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('form.Form');
 import('ttProjectHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_project_id = (int)$request->getParameter('id');
 $project = ttProjectHelper::get($cl_project_id);

diff --git a/mobile/project_edit.php b/mobile/project_edit.php
index 31ea65d..74454ec 100644 (file)
--- a/mobile/project_edit.php
+++ b/mobile/project_edit.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttProjectHelper');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_project_id = (int)$request->getParameter('id');
 

diff --git a/mobile/projects.php b/mobile/projects.php
index 5dec7ee..93261d4 100644 (file)
--- a/mobile/projects.php
+++ b/mobile/projects.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('track_own_time') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 if($user->canManageTeam()) {
   $active_projects = ttTeamHelper::getActiveProjects($user->team_id);

diff --git a/mobile/task_add.php b/mobile/task_add.php
index 0c405b6..a976ac5 100644 (file)
--- a/mobile/task_add.php
+++ b/mobile/task_add.php
@@ -32,11 +32,15 @@ import('form.ActionForm');
 import('ttTeamHelper');
 import('ttTaskHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $projects = ttTeamHelper::getActiveProjects($user->team_id);
 

diff --git a/mobile/task_delete.php b/mobile/task_delete.php
index df3c964..1146a2a 100644 (file)
--- a/mobile/task_delete.php
+++ b/mobile/task_delete.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('ttTaskHelper');
 import('form.Form');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_task_id = (int)$request->getParameter('id');
 $task = ttTaskHelper::get($cl_task_id);

diff --git a/mobile/task_edit.php b/mobile/task_edit.php
index 2ba2cc5..346899d 100644 (file)
--- a/mobile/task_edit.php
+++ b/mobile/task_edit.php
@@ -31,11 +31,15 @@ import('form.Form');
 import('ttTeamHelper');
 import('ttTaskHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $cl_task_id = (int)$request->getParameter('id');
 $projects = ttTeamHelper::getActiveProjects($user->team_id);

diff --git a/mobile/tasks.php b/mobile/tasks.php
index 25575eb..edb5708 100644 (file)
--- a/mobile/tasks.php
+++ b/mobile/tasks.php
@@ -30,11 +30,15 @@ require_once('../initialize.php');
 import('form.Form');
 import('ttTeamHelper');
 
-// Access check.
-if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+// Access checks.
+if (!ttAccessAllowed('manage_tasks')) {
   header('Location: access_denied.php');
   exit();
 }
+if (MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 
 $smarty->assign('active_tasks', ttTeamHelper::getActiveTasks($user->team_id));
 $smarty->assign('inactive_tasks', ttTeamHelper::getInactiveTasks($user->team_id));

diff --git a/mobile/users.php b/mobile/users.php
index 131d2b4..6765437 100644 (file)
--- a/mobile/users.php
+++ b/mobile/users.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_users')) {
+if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
   header('Location: access_denied.php');
   exit();
 }