Started redoing access checks using role rights.

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index ec21d6751a053bc7588cd6a57d4553fb806b0abf..5621492228ff0f780510be76ccfeb80b22b4b19f 100644 (file)
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -344,3 +344,25 @@ function ttAccessCheck($required_rights)
     
   return true;
 }
     
   return true;
 }

+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// This function is a replacement for ttAccessCheck above as part of roles revamp.
+// To be used as an initial check on all publicly available pages
+// (except login.php and register.php where we don't have to check).
+function ttAccessAllowed($required_right)
+{
+  global $auth;
+  global $user;
+
+  // Redirect to login page if user is not authenticated.
+  if (!$auth->isAuthenticated()) {
+    header('Location: login.php');
+    exit();
+  }
+
+  // Check if user has the right.
+  if (in_array($required_right, $user->rights))
+    return true;
+
+  return false;
+}
\ No newline at end of file

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 42ecb58eed5b191047dd0e49d3a2fcf2c5dfe437..36dcb362ac9fab2648f1524c26479671c34c55e5 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>

-          <td align="center">&nbsp;Anuko Time Tracker 1.17.38.4059 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.39.4060 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |

             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/admin_options.php b/admin_options.php
index ae901d6d3a6439e45957e5e3fb4faea4bddaaa77..6f8125589a6ccdb47be1e17289b78295bea877a5 100644 (file)
--- a/admin_options.php
+++ b/admin_options.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
 import('ttUserHelper');
 
 // Access check.

-if (!ttAccessCheck(right_administer_site)) {
+if (!ttAccessAllowed('administer_site')) {

   header('Location: access_denied.php');
   exit();
 }
   header('Location: access_denied.php');
   exit();
 }