Started redoing access checks using role rights.

[timetracker.git] / WEB-INF / lib / common.lib.php

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index ec21d6751a053bc7588cd6a57d4553fb806b0abf..5621492228ff0f780510be76ccfeb80b22b4b19f 100644 (file)
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -344,3 +344,25 @@ function ttAccessCheck($required_rights)
     
   return true;
 }
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// This function is a replacement for ttAccessCheck above as part of roles revamp.
+// To be used as an initial check on all publicly available pages
+// (except login.php and register.php where we don't have to check).
+function ttAccessAllowed($required_right)
+{
+  global $auth;
+  global $user;
+
+  // Redirect to login page if user is not authenticated.
+  if (!$auth->isAuthenticated()) {
+    header('Location: login.php');
+    exit();
+  }
+
+  // Check if user has the right.
+  if (in_array($required_right, $user->rights))
+    return true;
+
+  return false;
+}
\ No newline at end of file