mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
propperly check for sufficient access rights
This commit is contained in:
Uwe Steinmann
parent
d12f9993dd
commit
80a49262f4
|
|
@ -79,7 +79,7 @@ $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
|||
|
||||
$olddocstatus = $content->getStatus();
|
||||
// verify if document may be approved
|
||||
if ($accessop->mayApprove()){
|
||||
if (!$accessop->mayApprove()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ include("../inc/inc.Init.php");
|
|||
include("../inc/inc.Extension.php");
|
||||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.DBInit.php");
|
||||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.ClassController.php");
|
||||
|
|
@ -72,8 +73,11 @@ if ($latestContent->getVersion()!=$version) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
// verify if document may be receіpted
|
||||
if (!$accessop->mayReceipt()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ include("../inc/inc.Init.php");
|
|||
include("../inc/inc.Extension.php");
|
||||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.DBInit.php");
|
||||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.ClassController.php");
|
||||
|
|
@ -77,7 +78,7 @@ $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
|||
|
||||
$olddocstatus = $content->getStatus();
|
||||
// verify if document may be reviewed
|
||||
if ($accessop->mayReview()){
|
||||
if (!$accessop->mayReview()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ include("../inc/inc.Init.php");
|
|||
include("../inc/inc.Extension.php");
|
||||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.DBInit.php");
|
||||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.ClassController.php");
|
||||
|
|
@ -72,9 +73,12 @@ if ($latestContent->getVersion()!=$version) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
$olddocstatus = $content->getStatus();
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
// verify if document maybe revised
|
||||
if (!$document->mayRevise()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ if ($latestContent->getVersion()!=$version) {
|
|||
}
|
||||
|
||||
// verify if document may be approved
|
||||
if ($accessop->mayApprove()){
|
||||
if (!$accessop->mayApprove()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -58,8 +58,11 @@ $latestContent = $document->getLatestContent();
|
|||
if ($latestContent->getVersion()!=$version) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
// verify if document may be receipted
|
||||
if (!$accessop->mayReceipt()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -68,9 +71,6 @@ if(!$receipts) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
|
||||
}
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content));
|
||||
if($view) {
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ if ($latestContent->getVersion()!=$version) {
|
|||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
// verify if document may be reviewed
|
||||
if ($accessop->mayReview()){
|
||||
if (!$accessop->mayReview()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -58,8 +58,12 @@ $latestContent = $document->getLatestContent();
|
|||
if ($latestContent->getVersion()!=$version) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
// verify if document maybe revised
|
||||
if (!$document->mayRevise()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -68,9 +72,6 @@ if(!$revisions) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
|
||||
}
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content, 'revisionid'=>(int) $_GET['revisionid']));
|
||||
if($view) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user