gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2021-06-23 09:00:33 +02:00
commit 1a3d3c8f80
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
op/op.TransferDocument.php
View File

@ -24,12 +24,17 @@ include("../inc/inc.Language.php");
include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassController.php");
include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_controller_access($controller, $_POST)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
}
/* Check if the form data comes from a trusted request */
if(!checkFormKey('transferdocument')) {

6
op/op.UsrMgr.php
View File

@ -26,6 +26,7 @@ include("../inc/inc.Language.php");
include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
include("../inc/inc.ClassPasswordStrength.php");
@ -34,6 +35,11 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_controller_access('UsrMgr', $_POST)) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (isset($_POST["action"])) $action=$_POST["action"];
else $action=NULL;

2
out/out.SendLoginData.php
View File

@ -40,10 +40,12 @@ if (!is_object($newuser)) {
UI::exitError(getMLText("rm_user"),getMLText("invalid_user_id"));
}
$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
if($view) {
$view->setParam('newuser', $newuser);
$view->setParam('accessobject', $accessop);
$view($_GET);
exit;
}

15
views/bootstrap/class.UsrMgr.php
View File

@ -212,15 +212,18 @@ $(document).ready( function() {
'menuitems'=>array(
)
);
if(!in_array($seluser->getID(), $undeluserids) && $accessobject->check_view_access('RemoveUser')) {
if(!in_array($seluser->getID(), $undeluserids) && $accessobject->check_controller_access('UsrMgr', ['action'=>'removeuser'])) {
$button['menuitems'][] = array('label'=>'<i class="fa fa-remove"></i> '.getMLText("rm_user"), 'link'=>'../out/out.RemoveUser.php?userid='.$seluser->getID());
}
$button['menuitems'][] = array('label'=>'<i class="fa fa-unlink"></i> '.getMLText("rm_user_from_processes"), 'link'=>'../out/out.RemoveUserFromProcesses.php?userid='.$seluser->getID());
$button['menuitems'][] = array('label'=>'<i class="fa fa-share-square-o"></i> '.getMLText("transfer_objects"), 'link'=>'../out/out.TransferObjects.php?userid='.$seluser->getID());
if($accessobject->check_controller_access('UsrMgr', ['action'=>'removefromprocesses']))
$button['menuitems'][] = array('label'=>'<i class="fa fa-unlink"></i> '.getMLText("rm_user_from_processes"), 'link'=>'../out/out.RemoveUserFromProcesses.php?userid='.$seluser->getID());
if($accessobject->check_controller_access('UsrMgr', ['action'=>'transferobjects']))
$button['menuitems'][] = array('label'=>'<i class="fa fa-share-square-o"></i> '.getMLText("transfer_objects"), 'link'=>'../out/out.TransferObjects.php?userid='.$seluser->getID());
if($user->isAdmin() && $seluser->getID() != $user->getID())
$button['menuitems'][] = array('label'=>'<i class="fa fa-exchange"></i> '.getMLText("substitute_user"), 'link'=>'../op/op.SubstituteUser.php?userid='.$seluser->getID());
if($enableemail)
$button['menuitems'][] = array('label'=>'<i class="fa fa-envelope-o"></i> '.getMLText("send_login_data"), 'link'=>'../out/out.SendLoginData.php?userid='.$seluser->getID());
$button['menuitems'][] = array('label'=>'<i class="fa fa-exchange"></i> '.getMLText("substitute_user"), 'link'=>'../op/op.SubstituteUser.php?userid='.$seluser->getID()."&formtoken=".createFormKey('substituteuser'));
if($accessobject->check_controller_access('UsrMgr', ['action'=>'sendlogindata']))
if($enableemail)
$button['menuitems'][] = array('label'=>'<i class="fa fa-envelope-o"></i> '.getMLText("send_login_data"), 'link'=>'../out/out.SendLoginData.php?userid='.$seluser->getID());
self::showButtonwithMenu($button);
}
} /* }}} */