gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 13:42:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

propperly check access rights

Browse Source
This commit is contained in:
Uwe Steinmann 2015-06-15 14:20:51 +02:00
parent ae40f72b80
commit 5c43f191ce
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
op/op.ApproveDocument.php
View File

@ -75,7 +75,7 @@ if ($latestContent->getVersion()!=$version) {
$accessop = new SeedDMS_AccessOperation($document, $user, $settings); $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be approved // verify if document may be approved
if ($accessop->mayApprove()){ if (!$accessop->mayApprove()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

2
op/op.ReviewDocument.php
View File

@ -71,7 +71,7 @@ if ($latestContent->getVersion()!=$version) {
$accessop = new SeedDMS_AccessOperation($document, $user, $settings); $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed // verify if document may be reviewed
if ($accessop->mayReview()){ if (!$accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

2
out/out.ApproveDocument.php
View File

@ -63,7 +63,7 @@ if ($latestContent->getVersion()!=$version) {
} }
// verify if document may be approved // verify if document may be approved
if ($accessop->mayApprove()){ if (!$accessop->mayApprove()){
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }

2
out/out.ReviewDocument.php
View File

@ -63,7 +63,7 @@ if ($latestContent->getVersion()!=$version) {
$accessop = new SeedDMS_AccessOperation($document, $user, $settings); $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed // verify if document may be reviewed
if ($accessop->mayReview()){ if (!$accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }