Access checks re-done using role rights.

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index e9f9332777963d8f90a659915f2db8aeada6ba5d..69c38b731e63a867d6530c7d99faf96f1bd5f1e8 100644 (file)
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -325,30 +325,9 @@ function ttValidCondition($val, $emptyValid = true)
   return true;
 }
 
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
-{
-  global $auth;
-  global $user;
-  
-  // Redirect to login page if user is not authenticated.
-  if (!$auth->isAuthenticated()) {
-    header('Location: login.php');
-    exit();
-  }
-  
-  // Check rights.
-  if (!($required_rights & $user->rights_mask))
-    return false;
-    
-  return true;
-}
-
 // ttAccessAllowed checks whether user is allowed access to a particular page.
-// This function is a replacement for ttAccessCheck above as part of roles revamp.
-// To be used as an initial check on all publicly available pages
-// (except login.php and register.php where we don't have to check).
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
 function ttAccessAllowed($required_right)
 {
   global $auth;

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 3f1861797eebfcc65fae834eaa616285ed7bb8f5..6436952c5f8447de8fcd69a5afd6ca15859423f9 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.41.4065 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.41.4066 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/invoices.php b/invoices.php
index a014472f3920c80b4e1b1d8a2de7c158978dadfd..0617a44f2020043dedee8797af0f704f4521057d 100644 (file)
--- a/invoices.php
+++ b/invoices.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/locking.php b/locking.php
index f2b7779b522c0bc437610ca3d95e7c7475f1cb6f..1f9530c97a753de6cda024bd6717b4c65c60f376 100644 (file)
--- a/locking.php
+++ b/locking.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('lk')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('lk')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_add.php b/mobile/client_add.php
index e489496279bf44b5466b7116e1583097d3e352fe..71f51ca1350e9afafc0ec99d5bff98a28576e7bc 100644 (file)
--- a/mobile/client_add.php
+++ b/mobile/client_add.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_delete.php b/mobile/client_delete.php
index 51e87b43ecac5e9fbd9eea41f2b46b2163815435..b57e581dbc9d9b94172fd1fea0287fcc602e762e 100644 (file)
--- a/mobile/client_delete.php
+++ b/mobile/client_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/client_edit.php b/mobile/client_edit.php
index ac3e60c71a2b8fb79816d838edfd4404075db518..fc22036975f92dcf3067e51ba76caa95e3c9880c 100644 (file)
--- a/mobile/client_edit.php
+++ b/mobile/client_edit.php
@@ -32,7 +32,7 @@ import('ttClientHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/clients.php b/mobile/clients.php
index 6312c2dd4e3c207115c5b2ec9ec52364d6528106..aa6e6ad306e3741012bb28f446ef3ede2869c6f1 100644 (file)
--- a/mobile/clients.php
+++ b/mobile/clients.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
+if (!ttAccessAllowed('manage_clients') || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php
index 8e89513fd603573830cb166d55576d0c756d4c12..1b4a3905a5bc7eafdcabfc916cfd809bb0e9c93b 100644 (file)
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -32,7 +32,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php
index a4b1f2d0147634080c5c28e3a70b03d1a7e5c0c3..e54ffb05872e528b745398b81af61cba1c3498f5 100644 (file)
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -33,7 +33,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/expenses.php b/mobile/expenses.php
index 82fe428f8be31547f8e4ebf75dbf00d27d0cc831..24c78ce0bca95b81f734a8de84cd7df0341f8dfd 100644 (file)
--- a/mobile/expenses.php
+++ b/mobile/expenses.php
@@ -34,7 +34,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_add.php b/mobile/project_add.php
index 1ae6b4dfa3df13a5cbf20fa1c74408c583666313..f7dc3fbf8d454fd36791c0c189a1a1a9c50e053d 100644 (file)
--- a/mobile/project_add.php
+++ b/mobile/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_delete.php b/mobile/project_delete.php
index eb5e0403908d737eb03c9503bb45236ed094c5ce..6e57f4d492b305db61dad64cf754884d9611cadd 100644 (file)
--- a/mobile/project_delete.php
+++ b/mobile/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttProjectHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/project_edit.php b/mobile/project_edit.php
index f7a37aaf5c4e08c398f8f4db5757778dabfd184d..4c84c7c5bc984742703291fb35464167d236f418 100644 (file)
--- a/mobile/project_edit.php
+++ b/mobile/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/projects.php b/mobile/projects.php
index 5dee3605d2188134f496ff990edc69b7713b0072..0a9c490c5ffcfa7e8eab5781f9462aeda7915c9f 100644 (file)
--- a/mobile/projects.php
+++ b/mobile/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_add.php b/mobile/task_add.php
index 700b91584eb8947d6509b5a7404f3fb1cc909744..b413002b81f4587a65d44b00f5aa73d689d86692 100644 (file)
--- a/mobile/task_add.php
+++ b/mobile/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_delete.php b/mobile/task_delete.php
index 44f840c1dc79d4b6a84487b7248c19bb9963a76c..4b6b149df88e79ef042469c4d243be7d80d7ceea 100644 (file)
--- a/mobile/task_delete.php
+++ b/mobile/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/task_edit.php b/mobile/task_edit.php
index b454cbe557d4ba1c592d985c8777f9faddaba437..c4bc9d333e051dffebe591148d735900b8e0d641 100644 (file)
--- a/mobile/task_edit.php
+++ b/mobile/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/tasks.php b/mobile/tasks.php
index 8b828cfba471144adb1a8f964ac665993faa8e09..1e8b40a7a7c46d126c950f33bcce9458e2d8cf26 100644 (file)
--- a/mobile/tasks.php
+++ b/mobile/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time.php b/mobile/time.php
index aff21379884f38bcd040ba376d44af5d3c3a426c..dcef6483876921f6004be4244812f8b9adcbf512 100644 (file)
--- a/mobile/time.php
+++ b/mobile/time.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_delete.php b/mobile/time_delete.php
index c9602b4e7f7bba7312eda710711c3a481237979e..81e0c6540c7325444f0f9a5b75fc94534d0fe01b 100644 (file)
--- a/mobile/time_delete.php
+++ b/mobile/time_delete.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_edit.php b/mobile/time_edit.php
index 73496ca412f892e31be362fa5836d97be0a6003e..74805ab7e2a2de805fb2c0a79ec74c3a310aee57 100644 (file)
--- a/mobile/time_edit.php
+++ b/mobile/time_edit.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/timer.php b/mobile/timer.php
index 95790311d53c937d2dcd86ac664758fd0bfc80b2..47310b72699cd726f089d466d92fc3ed7ece60e7 100644 (file)
--- a/mobile/timer.php
+++ b/mobile/timer.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_add.php b/mobile/user_add.php
index 24adc112715d37a29f70e9e9db1b1a6fba7c90cd..7737ed9a8d8f33ec77f9c35476e86faafcfa5040 100644 (file)
--- a/mobile/user_add.php
+++ b/mobile/user_add.php
@@ -34,7 +34,7 @@ import('form.Table');
 import('form.TableColumn');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_delete.php b/mobile/user_delete.php
index aa25a5b354b2c832779613df0f5759cda70055ef..8a4236b0bd40ea5b53646a31d41257eeced1f35a 100644 (file)
--- a/mobile/user_delete.php
+++ b/mobile/user_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/user_edit.php b/mobile/user_edit.php
index 328b8fabaa622ccea5d98d6b01469174e2ab3643..dc432580d7b5182bc9104d92460e7ed7e82937cc 100644 (file)
--- a/mobile/user_edit.php
+++ b/mobile/user_edit.php
@@ -35,7 +35,7 @@ import('form.Table');
 import('form.TableColumn');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/users.php b/mobile/users.php
index 1eee6089d949269cb1181cabf8b62178233d7b4a..8ae0fc930bb78d57442cb227ca318136c3eb276e 100644 (file)
--- a/mobile/users.php
+++ b/mobile/users.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_add.php b/notification_add.php
index 9f5bf361c72fb6c4767efe4d3c46fda8ecca172e..3cac65217adb0e9d57a9855db765edb7cec3e471 100644 (file)
--- a/notification_add.php
+++ b/notification_add.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_delete.php b/notification_delete.php
index 834befbe3439eeb4b0dfcc1847a5e9403faba164..0b6cf5ccc4862efa63235ad70875bad3849f31e3 100644 (file)
--- a/notification_delete.php
+++ b/notification_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notification_edit.php b/notification_edit.php
index 8a2ab05630e417f88e549e9f8ce4d5f9fdef98fa..ec26f610b68f246b93beb3f19bb2b7ff3590357f 100644 (file)
--- a/notification_edit.php
+++ b/notification_edit.php
@@ -34,7 +34,7 @@ import('ttFavReportHelper');
 import('ttNotificationHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/notifications.php b/notifications.php
index 68cdfff8b5bc2a678c9846c04d82071a6a77f14a..4205dffaf66b28ea52c8122da23d64ff51d8542f 100644 (file)
--- a/notifications.php
+++ b/notifications.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('no')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('no')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_add.php b/predefined_expense_add.php
index 76fbb221e52a428d60157b8938317aeb016f066f..5e7305996735da08a50af3b33ff420b6081e76bc 100644 (file)
--- a/predefined_expense_add.php
+++ b/predefined_expense_add.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_delete.php b/predefined_expense_delete.php
index 1c8a0fed401ff33346396a6dbb08597f566a9e1a..3b1cde554cea4d757c25327052dd36992c7c38e5 100644 (file)
--- a/predefined_expense_delete.php
+++ b/predefined_expense_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php
index 83f3fddf215e8377878699bad71527eaa8516ca6..64bf9d84d350e27e56a82430f2c5e204c303d4e3 100644 (file)
--- a/predefined_expense_edit.php
+++ b/predefined_expense_edit.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttPredefinedExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/predefined_expenses.php b/predefined_expenses.php
index 4fa6d403c14dc7c4d8bab504e8e8a164cf4adfc1..9db98e0ea8d1a1040dad1fff127255ece0e2b4e5 100644 (file)
--- a/predefined_expenses.php
+++ b/predefined_expenses.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/profile_edit.php b/profile_edit.php
index 04f91b4c163e110a281a0b1f8d9999740df15f25..ba157a9cad3b0cf1fbfb0a03f6691edbbea67038 100644 (file)
--- a/profile_edit.php
+++ b/profile_edit.php
@@ -32,7 +32,7 @@ import('ttUserHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry|right_view_reports)) {
+if (!ttAccessAllowed('manage_own_settings')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_add.php b/project_add.php
index fe46a6bd4c2de9426c9c4845a956087ee79f97c2..99f8c6d5feecff85f606bc75457adc1aa3504ad6 100644 (file)
--- a/project_add.php
+++ b/project_add.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_delete.php b/project_delete.php
index 832bf4f739db38ea09153e3cafe88b0eecddb372..a6b6ed532b7cf39b0d72de62f716d2e425c43d20 100644 (file)
--- a/project_delete.php
+++ b/project_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttProjectHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/project_edit.php b/project_edit.php
index 11abccc830c367bfa4bd3e0fd8457fe1dc5b9693..d7b67565cb9b4207e5453a5aa89416435374038b 100644 (file)
--- a/project_edit.php
+++ b/project_edit.php
@@ -32,7 +32,7 @@ import('ttProjectHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('manage_projects') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/projects.php b/projects.php
index d9f3685124104338c4c3d0aa2ebf009caaa5e2d3..d5f3bc12e9aaf85551d683b101d3e87db095d4fc 100644 (file)
--- a/projects.php
+++ b/projects.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
+if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/quotas.php b/quotas.php
index 52d8136fc4aa564e8617480736d18ed5b3bf7e65..06fdbbe5a55769604f9f6d17f9880b2aa149c3d4 100644 (file)
--- a/quotas.php
+++ b/quotas.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('mq')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('mq')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/report.php b/report.php
index bc2a0d1661aa9b55bb9a75bd02aec0b1fa2d78bf..c4bfd0683482fd0e28b4d5c8d3c56d5a99dba6a6 100644 (file)
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/report_send.php b/report_send.php
index a19756a2a323f35c13f9d3f0ab7d39c69153a04f..9be9676fd65c3bf7a395379dc4d1510279431995 100644 (file)
--- a/report_send.php
+++ b/report_send.php
@@ -33,7 +33,7 @@ import('ttSysConfig');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/reports.php b/reports.php
index 27a722446f1ab3a010f0a13dd11345d08c52e122..fe560016eff16df0daa16604fc3a2d33ab900afb 100644 (file)
--- a/reports.php
+++ b/reports.php
@@ -37,7 +37,7 @@ import('ttFavReportHelper');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_add.php b/role_add.php
index de25f70c3cd937a2cbe57917b61d3503b0f18ff3..684ee11bbf6188c803e5aea5012f0a5321cf9f1a 100644 (file)
--- a/role_add.php
+++ b/role_add.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_delete.php b/role_delete.php
index 4198ec60edc7af96fc398297903b3c6fadf09479..7bf6ae692c23f2047da711c036567b18dd1d56d5 100644 (file)
--- a/role_delete.php
+++ b/role_delete.php
@@ -31,7 +31,7 @@ import('ttRoleHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/role_edit.php b/role_edit.php
index 99fbbc49767cc34cdd56f0e3e33aa52d87880778..ea0699ab1ff6435f15745458addd33c4a3c854f1 100644 (file)
--- a/role_edit.php
+++ b/role_edit.php
@@ -33,7 +33,7 @@ import('ttTaskHelper'); // TODO: remove this?
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/roles.php b/roles.php
index b4facce1cfd7efcb808b801bb0756c5f6061cf58..efeb495752c660132a1305dbcbc1c7a45c2ce3ec 100644 (file)
--- a/roles.php
+++ b/roles.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_add.php b/task_add.php
index 5ef549bb18f088933f05e877497371ee132dee20..40eb4887d26638a5de2532a6bf6d7538c6a2c0e4 100644 (file)
--- a/task_add.php
+++ b/task_add.php
@@ -33,7 +33,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_delete.php b/task_delete.php
index f04f03260ff94a25622496d02e18030a98015a17..3cdb5b691c7f8a657b69d948dc791d56b20f6cf1 100644 (file)
--- a/task_delete.php
+++ b/task_delete.php
@@ -31,7 +31,7 @@ import('ttTaskHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/task_edit.php b/task_edit.php
index bfc1bef06d2a4f78bf281f30524241cac616ece0..5c70f11b904c36a67d8302d17742789780b4dbf7 100644 (file)
--- a/task_edit.php
+++ b/task_edit.php
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttTaskHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/tasks.php b/tasks.php
index 3ea2faaa0fb6dec831e03a7af2bd32f9aa013801..a1033a5c09142fcc8287a8bbe9ee77b89142c478 100644 (file)
--- a/tasks.php
+++ b/tasks.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
+if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time.php b/time.php
index 381634f6e4cf9d3d40eea0ab75557448f0d98828..aeeedd25c2b959741e34455bf813ffa61669bd7d 100644 (file)
--- a/time.php
+++ b/time.php
@@ -42,7 +42,7 @@ import('DateAndTime');
 // }
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_delete.php b/time_delete.php
index c50172849aceea17cd40f842ede54d2334cfcb23..3b4d95c2ef806334b79a4801d879eeafc9a4d6e3 100644 (file)
--- a/time_delete.php
+++ b/time_delete.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_edit.php b/time_edit.php
index 58d963fb30177ce58fd96efa8d6396c1e7435f53..b665bf862486cea03b8da011b41c1561c0384978 100644 (file)
--- a/time_edit.php
+++ b/time_edit.php
@@ -35,7 +35,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('data_entry')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/tofile.php b/tofile.php
index 6849b7f153307fcd070ad5ad42d1cd021fb5b3dc..1b367e253936e1f9fa249f50142dadcaf93e9077 100644 (file)
--- a/tofile.php
+++ b/tofile.php
@@ -32,7 +32,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access check.
-if (!ttAccessCheck(right_view_reports)) {
+if (!ttAccessAllowed('view_own_reports')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/topdf.php b/topdf.php
index f0fdb6023483437e1997652820bd8a9ce6c381db..2be45cc4930173673c9e3f714e14bcfc8c22ca6d 100644 (file)
--- a/topdf.php
+++ b/topdf.php
@@ -35,6 +35,12 @@ import('form.Form');
 import('form.ActionForm');
 import('ttReportHelper');
 
+// Access check.
+if (!ttAccessAllowed('view_own_reports')) {
+  header('Location: access_denied.php');
+  exit();
+}
+
 // Check whether TCPDF library is available.
 if (!file_exists('WEB-INF/lib/tcpdf/'))
   die('TCPDF library is not found in WEB-INF/lib/tcpdf/');
@@ -42,12 +48,6 @@ if (!file_exists('WEB-INF/lib/tcpdf/'))
 // Include TCPDF library.
 require_once('WEB-INF/lib/tcpdf/tcpdf.php');
 
-// Access check.
-if (!ttAccessCheck(right_view_reports)) {
-  header('Location: access_denied.php');
-  exit();
-}
-
 // Use custom fields plugin if it is enabled.
 if ($user->isPluginEnabled('cf')) {
   require_once('plugins/CustomFields.class.php');

diff --git a/user_add.php b/user_add.php
index 66d2f2d4e4f7706bc4dd185714729661f2b41f0f..69ee3b1181fd936dfe2ac612ba39bfd9c733fb23 100644 (file)
--- a/user_add.php
+++ b/user_add.php
@@ -35,7 +35,7 @@ import('form.TableColumn');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/user_delete.php b/user_delete.php
index 1f0a40dea943da718fc8b3deabb6c0ccd8a43ff2..f30ec8a8ebd06595704b5ac0f325f7523e85c7c6 100644 (file)
--- a/user_delete.php
+++ b/user_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttUserHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/user_edit.php b/user_edit.php
index f890282de7c93917409d6ff5f55579d9a4a7ae72..493b00ba24f49a06e0d6eb22d335da034b95cffe 100644 (file)
--- a/user_edit.php
+++ b/user_edit.php
@@ -36,7 +36,7 @@ import('form.TableColumn');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessAllowed('manage_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/users.php b/users.php
index 3fc266775d68ff0d7a487635ec221c26dc4a1620..79f2df3e6c52bfe5c4a58f122223ad0cc2201420 100644 (file)
--- a/users.php
+++ b/users.php
@@ -33,7 +33,7 @@ import('ttTimeHelper');
 import('ttRoleHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry)) {
+if (!ttAccessAllowed('view_users')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/week.php b/week.php
index 194532470323f5a2a4480f9d891a7e0fee622c46..be89944c99ba3dbdc3a4c6558beabbfdd3a04059 100644 (file)
--- a/week.php
+++ b/week.php
@@ -39,7 +39,7 @@ import('ttTimeHelper');
 import('DateAndTime');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('wv')) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/week_view.php b/week_view.php
index 7c722da02247dc93fd61d7194c17f446eb663130..99dc2eee949f223862aedbddfd22f66eb92f2cb7 100644 (file)
--- a/week_view.php
+++ b/week_view.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('wv')) {
+if (!ttAccessAllowed('manage_advanced_settings') || !$user->isPluginEnabled('wv')) {
   header('Location: access_denied.php');
   exit();
 }