create access object

2025-02-06 07:04:57 +00:00 · 2019-11-19 08:46:43 +01:00 · 2019-11-19 08:46:43 +01:00 · 096b117e34
commit 096b117e34
parent 6f06faabc0
2 changed files with 6 additions and 3 deletions
--- a/out/out.RemoveUser.php
+++ b/out/out.RemoveUser.php
@ -57,6 +57,7 @@ $allusers = $dms->getAllUsers($settings->_sortUsersInList);
 if($view) {
 	$view->setParam('rmuser', $rmuser);
 	$view->setParam('allusers', $allusers);
+	$view->setParam('accessobject', $accessop);
 	$view($_GET);
 	exit;
 }
--- a/out/out.RemoveUserFromProcesses.php
+++ b/out/out.RemoveUserFromProcesses.php
@ -20,6 +20,7 @@

 if(!isset($settings))
 	require_once("../inc/inc.Settings.php");
+require_once("inc/inc.LogInit.php");
 require_once("inc/inc.Language.php");
 require_once("inc/inc.Init.php");
 require_once("inc/inc.Extension.php");
@ -29,9 +30,9 @@ require_once("inc/inc.Authentication.php");

 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
-
-if (!$user->isAdmin()) {
-	UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
+$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
+if (!$accessop->check_view_access($view, $_GET)) {
+	UI::exitError(getMLText("admin_tools"),getMLText("access_denied"), false, $isajax);
 }

 if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["userid"])<1) {
@ -49,6 +50,7 @@ if ($rmuser->getID()==$user->getID()) {

 if($view) {
 	$view->setParam('rmuser', $rmuser);
+	$view->setParam('accessobject', $accessop);
 	$view($_GET);
 	exit;
 }