gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 08:55:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add access check

Browse Source
This commit is contained in:
Uwe Steinmann 2016-08-12 15:57:47 +02:00
parent c56d026679
commit 224172f785
4 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
out/out.MyAccount.php
View File

@ -30,6 +30,9 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_view_access($view, $_GET)) {
UI::exitError(getMLText("my_account"),getMLText("access_denied"));
}
if ($user->isGuest()) {
UI::exitError(getMLText("my_account"),getMLText("access_denied"));

3
out/out.MyDocuments.php
View File

@ -30,6 +30,9 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_view_access($view, $_GET)) {
UI::exitError(getMLText("my_documents"),getMLText("access_denied"));
}
if ($user->isGuest()) {
UI::exitError(getMLText("my_documents"),getMLText("access_denied"));

3
out/out.SubstituteUser.php
View File

@ -29,6 +29,9 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1]);
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_view_access($view, $_GET)) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if ($user->isAdmin()) {
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);

3
out/out.TransmittalMgr.php
View File

@ -34,6 +34,9 @@ require_once("SeedDMS/Preview.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_view_access($view, $_GET)) {
UI::exitError(getMLText("my_transmittals"),getMLText("access_denied"));
}
if ($user->isGuest()) {
UI::exitError(getMLText("my_transmittals"),getMLText("access_denied"));