mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-10-17 22:41:00 +00:00
check for access
This commit is contained in:
parent
40b84b89bd
commit
2e19ad3dcb
|
@ -32,6 +32,10 @@ include("../inc/inc.Authentication.php");
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$controller = Controller::factory($tmp[1]);
|
$controller = Controller::factory($tmp[1]);
|
||||||
|
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||||
|
if (!$accessop->check_controller_access($controller, $_POST)) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => "")),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_GET["version"])) {
|
if (isset($_GET["version"])) {
|
||||||
|
|
||||||
|
|
|
@ -30,6 +30,10 @@ include("../inc/inc.Authentication.php");
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$controller = Controller::factory($tmp[1]);
|
$controller = Controller::factory($tmp[1]);
|
||||||
|
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||||
|
if (!$accessop->check_controller_access($controller, $_POST)) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => "")),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$documentid = $_GET["documentid"];
|
$documentid = $_GET["documentid"];
|
||||||
if (!isset($documentid) || !is_numeric($documentid) || intval($documentid)<1) {
|
if (!isset($documentid) || !is_numeric($documentid) || intval($documentid)<1) {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user