A bit more progress on refactoring access checks.

author Nik Okuntseff <support@anuko.com>

Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)

committer Nik Okuntseff <support@anuko.com>

Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
author Nik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
committer Nik Okuntseff <support@anuko.com>
Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php

index de034794f38fd2ef6c6cdcd88a0ba2fce8730de8..5aeee2196347dd24be377948a595d846d022a0d0 100644 (file)
--- a/WEB-INF/lib/ttTeamHelper.class.php
+++ b/WEB-INF/lib/ttTeamHelper.class.php
@@ -143,7 +143,7 @@ class ttTeamHelper {
      if (is_a($res, 'PEAR_Error'))
        return false;
      while ($val = $res->fetchRow()) {
      if (is_a($res, 'PEAR_Error'))
        return false;
      while ($val = $res->fetchRow()) {
-      $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right.
+      $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have track_own_time right.
        if ($isClient)
          continue; // Skip adding clients.
        $user_list[] = $val;
        if ($isClient)
          continue; // Skip adding clients.
        $user_list[] = $val;
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl

index 8b84e12b609ebe143a8afa150298b232b4e1442a..b99c720bf4d1b37c3f5fbabc404e86aa6e45487b 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4156 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.69.4157 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/user_edit.tpl b/WEB-INF/templates/user_edit.tpl

index 15bf3fe276cb3482281240827144d45c5cfdada9..6b09881d88b46434bc43c36ad2fa97d7beacb573 100644 (file)
--- a/WEB-INF/templates/user_edit.tpl
+++ b/WEB-INF/templates/user_edit.tpl
@@ -108,7 +108,7 @@ function handleClientControl() {
  {if $user->id == $user_id}
        <tr>
        <td align="right">{$i18n.form.users.role}:</td>
  {if $user->id == $user_id}
        <tr>
        <td align="right">{$i18n.form.users.role}:</td>
-      <td>{$user->role_name} {if $user->can('swap_roles')}<a href="swap_roles.php">{$i18n.form.profile.swap_roles}</a>{/if}</td>
+      <td>{$user->role_name} {if $can_swap}<a href="swap_roles.php">{$i18n.form.profile.swap_roles}</a>{/if}</td>
      </tr>
  {/if}
      <tr>
      </tr>
  {/if}
      <tr>
diff --git a/expense_delete.php b/expense_delete.php

index 42a6add80ca8e0a10558255fa3dd40bfc413084a..1f7fbb34bc0268b9811f934a078401a0f71faf11 100644 (file)
--- a/expense_delete.php
+++ b/expense_delete.php
@@ -41,8 +41,6 @@ if (!$user->isPluginEnabled('ex')) {
    exit();
  }
  
    exit();
  }
  
-
-
  $cl_id = $request->getParameter('id');
  $expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
  
  $cl_id = $request->getParameter('id');
  $expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
  
diff --git a/predefined_expense_add.php b/predefined_expense_add.php

index 82cf99b637798dafaf92fee87fa3a1756568dbd4..2f1621cacfaa87b4b6f193527fb93e8257e0f2dd 100644 (file)
--- a/predefined_expense_add.php
+++ b/predefined_expense_add.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  if ($request->isPost()) {
    $cl_name = trim($request->getParameter('name'));
  
  if ($request->isPost()) {
    $cl_name = trim($request->getParameter('name'));
diff --git a/predefined_expense_delete.php b/predefined_expense_delete.php

index c8ae1c822e048413ffc3248f03420dd32870bb01..9b4450325e3e1a9a99a0da02a2fe23d00f69d6f2 100644 (file)
--- a/predefined_expense_delete.php
+++ b/predefined_expense_delete.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $cl_predefined_expense_id = (int)$request->getParameter('id');
  $predefined_expense = ttPredefinedExpenseHelper::get($cl_predefined_expense_id);
  
  $cl_predefined_expense_id = (int)$request->getParameter('id');
  $predefined_expense = ttPredefinedExpenseHelper::get($cl_predefined_expense_id);
diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php

index 220778a980ea5aecfdcce67eefb093d330adc6dc..7791b2440190ee9296cda48cec4fe8befbfa77bd 100644 (file)
--- a/predefined_expense_edit.php
+++ b/predefined_expense_edit.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
  import('form.Form');
  import('ttPredefinedExpenseHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $predefined_expense_id = (int) $request->getParameter('id');
  
  
  $predefined_expense_id = (int) $request->getParameter('id');
  
diff --git a/predefined_expenses.php b/predefined_expenses.php

index 4e799121b5946d1270b7618edf09adc8ecd05792..7aed7ad608f36e7865d0a63123fbcf19ecdafaa5 100644 (file)
--- a/predefined_expenses.php
+++ b/predefined_expenses.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttTeamHelper');
  
  import('form.Form');
  import('ttTeamHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $form = new Form('predefinedExpensesForm');
  
  
  $form = new Form('predefinedExpensesForm');
  
diff --git a/project_add.php b/project_add.php

index 6b55019cb68c246326e470f45934d9557fe2d48d..55b83b42a8e06f1f955dbcb46fe96b72672fd709 100644 (file)
--- a/project_add.php
+++ b/project_add.php
@@ -31,11 +31,15 @@ import('form.Form');
  import('ttProjectHelper');
  import('ttTeamHelper');
  
  import('ttProjectHelper');
  import('ttTeamHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $users = ttTeamHelper::getActiveUsers();
  foreach ($users as $user_item)
  
  $users = ttTeamHelper::getActiveUsers();
  foreach ($users as $user_item)
diff --git a/project_delete.php b/project_delete.php

index 683dbc50c9d14cea9684c36d53c240c210815fb1..2373bbead3e08c11943bcb6cfc846b3069585042 100644 (file)
--- a/project_delete.php
+++ b/project_delete.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttProjectHelper');
  
  import('form.Form');
  import('ttProjectHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $cl_project_id = (int)$request->getParameter('id');
  $project = ttProjectHelper::get($cl_project_id);
  
  $cl_project_id = (int)$request->getParameter('id');
  $project = ttProjectHelper::get($cl_project_id);
diff --git a/project_edit.php b/project_edit.php

index be0e90fa93efc1407a6a2b42badd8c13e6800c5f..d30782ab540c1a0f4d81157f6d6790dcb43c28c7 100644 (file)
--- a/project_edit.php
+++ b/project_edit.php
@@ -31,11 +31,15 @@ import('form.Form');
  import('ttProjectHelper');
  import('ttTeamHelper');
  
  import('ttProjectHelper');
  import('ttTeamHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!ttAccessAllowed('manage_projects')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  $cl_project_id = (int)$request->getParameter('id');
  
  
  $cl_project_id = (int)$request->getParameter('id');
  
diff --git a/projects.php b/projects.php

index ed0103a4e3ad929cdcf28477957e936f37bcaf3d..5315c4f70015d9da5b79c28a1ee7cce0634f65a6 100644 (file)
--- a/projects.php
+++ b/projects.php
@@ -30,11 +30,15 @@ require_once('initialize.php');
  import('form.Form');
  import('ttTeamHelper');
  
  import('form.Form');
  import('ttTeamHelper');
  
-// Access check.
-if (!ttAccessAllowed('track_own_time') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  if($user->canManageTeam()) {
    $active_projects = ttTeamHelper::getActiveProjects($user->team_id);
  
  if($user->canManageTeam()) {
    $active_projects = ttTeamHelper::getActiveProjects($user->team_id);
diff --git a/quotas.php b/quotas.php

index 19e70e50529fb67a48673a3de3e666aa5081ddda..c921fba4ccad3748af38bd12298b488e6c3d9160 100644 (file)
--- a/quotas.php
+++ b/quotas.php
@@ -32,11 +32,15 @@ import('form.Form');
  import('ttTeamHelper');
  import('ttTimeHelper');
  
  import('ttTeamHelper');
  import('ttTimeHelper');
  
-// Access check.
-if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) {
+// Access checks.
+if (!ttAccessAllowed('manage_advanced_settings')) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+if (!$user->isPluginEnabled('mq')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
  
  // Start and end fallback values for the Year dropdown.
  $yearStart = 2015;
  
  // Start and end fallback values for the Year dropdown.
  $yearStart = 2015;
diff --git a/report.php b/report.php

index 190dff8ee24772d41b80f2d39fd4ce2280497fde..c59f6b5e3ec78d0ded043163cb00d89ff0a11b74 100644 (file)
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
  import('ttTeamHelper');
  
  // Access check.
  import('ttTeamHelper');
  
  // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
diff --git a/report_send.php b/report_send.php

index b420b3aca1bd62c11c8b404e83565afaea01e1af..d7c031fd7481a37ffbd24aecb451fc9661358fd3 100644 (file)
--- a/report_send.php
+++ b/report_send.php
@@ -33,7 +33,7 @@ import('ttSysConfig');
  import('ttReportHelper');
  
  // Access check.
  import('ttReportHelper');
  
  // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
diff --git a/reports.php b/reports.php

index 390c85c683fcefc3c665cd638e774ee91a3c1def..3a7367e77e6653f29948955f0d6fbb354a8e160e 100644 (file)
--- a/reports.php
+++ b/reports.php
@@ -37,7 +37,7 @@ import('ttFavReportHelper');
  import('ttClientHelper');
  
  // Access check.
  import('ttClientHelper');
  
  // Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
diff --git a/role_edit.php b/role_edit.php

index 3eb7696b0b3851ef4ef41f7d7868c86a170e4bb2..f5f3762b3221ba24177fe9bc1c050ca4e1d4c97a 100644 (file)
--- a/role_edit.php
+++ b/role_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper'); // TODO: remove this?
  import('ttTaskHelper'); // TODO: remove this?
  import('ttRoleHelper');
  
  import('ttTaskHelper'); // TODO: remove this?
  import('ttRoleHelper');
  
-// Access check.
+// Access checks.
  if (!ttAccessAllowed('manage_roles')) {
    header('Location: access_denied.php');
    exit();
  if (!ttAccessAllowed('manage_roles')) {
    header('Location: access_denied.php');
    exit();
@@ -43,6 +43,7 @@ if (!$role) {
    header('Location: access_denied.php');
    exit();
  }
    header('Location: access_denied.php');
    exit();
  }
+
  $assigned_rights = explode(',', $role['rights']);
  $available_rights = array_diff($user->rights, $assigned_rights);
  
  $assigned_rights = explode(',', $role['rights']);
  $available_rights = array_diff($user->rights, $assigned_rights);
  
diff --git a/swap_roles.php b/swap_roles.php

index 09178cd944d94a98f9869fa83cf09201f45988ef..59a726c5bc9a2049e2d2e6e4ac83996a3c4715ef 100644 (file)
--- a/swap_roles.php
+++ b/swap_roles.php
@@ -30,20 +30,23 @@ require_once('initialize.php');
  import('form.Form');
  import('ttUserHelper');
  
  import('form.Form');
  import('ttUserHelper');
  
-// Access check.
+// Access checks.
  if (!ttAccessAllowed('swap_roles')) {
    header('Location: access_denied.php');
    exit();
  }
  if (!ttAccessAllowed('swap_roles')) {
    header('Location: access_denied.php');
    exit();
  }
-
-$users = ttTeamHelper::getUsersForSwap();
+$users_for_swap = ttTeamHelper::getUsersForSwap();
+if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
+  header('Location: access_denied.php');
+  exit();
+}
  
  if ($request->isPost()) {
    $cl_id = $request->getParameter('swap_with');
  }
  
  $form = new Form('swapForm');
  
  if ($request->isPost()) {
    $cl_id = $request->getParameter('swap_with');
  }
  
  $form = new Form('swapForm');
-$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
  $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
  $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
  
  $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
  $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
  
diff --git a/user_edit.php b/user_edit.php

index 531e8424251bd4be92b686bb372053d58dae8a8f..75d89e5064d5d007e43bb32e2e9f91f6bd7f7119 100644 (file)
--- a/user_edit.php
+++ b/user_edit.php
@@ -222,11 +222,19 @@ if ($request->isPost()) {
    }
  } // isPost
  
    }
  } // isPost
  
+$can_swap = false;
+if ($user->id == $user_id && $user->can('swap_roles')) {
+  $users_for_swap = ttTeamHelper::getUsersForSwap();
+  if (is_array($users_for_swap) && sizeof($users_for_swap) > 0)
+    $can_swap = true;
+}
+
  $rates = ttProjectHelper::getRates($user_id);
  $smarty->assign('rates', $rates);
  
  $smarty->assign('auth_external', $auth->isPasswordExternal());
  $smarty->assign('active_roles', $active_roles);
  $rates = ttProjectHelper::getRates($user_id);
  $smarty->assign('rates', $rates);
  
  $smarty->assign('auth_external', $auth->isPasswordExternal());
  $smarty->assign('active_roles', $active_roles);
+$smarty->assign('can_swap', $can_swap);
  $smarty->assign('forms', array($form->getName()=>$form->toArray()));
  $smarty->assign('onload', 'onLoad="document.userForm.name.focus();handleClientControl();"');
  $smarty->assign('user_id', $user_id);
  $smarty->assign('forms', array($form->getName()=>$form->toArray()));
  $smarty->assign('onload', 'onLoad="document.userForm.name.focus();handleClientControl();"');
  $smarty->assign('user_id', $user_id);
author	Nik Okuntseff <support@anuko.com>
	Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
committer	Nik Okuntseff <support@anuko.com>
	Sat, 24 Mar 2018 19:37:00 +0000 (19:37 +0000)
WEB-INF/lib/ttTeamHelper.class.php		patch \| blob \| history
WEB-INF/templates/footer.tpl		patch \| blob \| history
WEB-INF/templates/user_edit.tpl		patch \| blob \| history
expense_delete.php		patch \| blob \| history
predefined_expense_add.php		patch \| blob \| history
predefined_expense_delete.php		patch \| blob \| history
predefined_expense_edit.php		patch \| blob \| history
predefined_expenses.php		patch \| blob \| history
project_add.php		patch \| blob \| history
project_delete.php		patch \| blob \| history
project_edit.php		patch \| blob \| history
projects.php		patch \| blob \| history
quotas.php		patch \| blob \| history
report.php		patch \| blob \| history
report_send.php		patch \| blob \| history
reports.php		patch \| blob \| history
role_edit.php		patch \| blob \| history
swap_roles.php		patch \| blob \| history
user_edit.php		patch \| blob \| history