gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-30 04:31:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check for access rights on controller actions

Browse Source
This commit is contained in:
Uwe Steinmann 2016-04-13 18:31:42 +02:00
parent 7e24402671
commit 8723151361
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
views/bootstrap/class.RoleMgr.php
View File

@ -111,9 +111,10 @@ $(document).ready( function() {
function showRoleForm($currRole) { /* {{{ */ function showRoleForm($currRole) { /* {{{ */
$dms = $this->params['dms']; $dms = $this->params['dms'];
$user = $this->params['user']; $user = $this->params['user'];
$accessop = $this->params['accessobject'];
$roles = $this->params['allroles']; $roles = $this->params['allroles'];
if($currRole && !$currRole->isUsed()) { if($currRole && !$currRole->isUsed() && $accessop->check_controller_access('RoleMgr', array('action'=>'removerole'))) {
?> ?>
<form style="display: inline-block;" method="post" action="../op/op.RoleMgr.php" > <form style="display: inline-block;" method="post" action="../op/op.RoleMgr.php" >
<?php echo createHiddenFieldWithKey('removerole'); ?> <?php echo createHiddenFieldWithKey('removerole'); ?>
@ -160,11 +161,15 @@ $(document).ready( function() {
echo "</td>"; echo "</td>";
echo "</tr>"; echo "</tr>";
} }
if($currRole && $accessop->check_controller_access('RoleMgr', array('action'=>'editrole')) || !$currRole && $accessop->check_controller_access('RoleMgr', array('action'=>'addrole'))) {
?> ?>
<tr> <tr>
<td></td> <td></td>
<td><button type="submit" class="btn"><i class="icon-save"></i> <?php printMLText($currRole ? "save" : "add_role")?></button></td> <td><button type="submit" class="btn"><i class="icon-save"></i> <?php printMLText($currRole ? "save" : "add_role")?></button></td>
</tr> </tr>
<?php
}
?>
</table> </table>
</form> </form>
<?php <?php
@ -173,6 +178,7 @@ $(document).ready( function() {
function show() { /* {{{ */ function show() { /* {{{ */
$dms = $this->params['dms']; $dms = $this->params['dms'];
$user = $this->params['user']; $user = $this->params['user'];
$accessop = $this->params['accessobject'];
$selrole = $this->params['selrole']; $selrole = $this->params['selrole'];
$roles = $this->params['allroles']; $roles = $this->params['allroles'];
@ -189,7 +195,9 @@ $(document).ready( function() {
<?php echo getMLText("selection")?>: <?php echo getMLText("selection")?>:
<select class="chzn-select" id="selector"> <select class="chzn-select" id="selector">
<option value="-1"><?php echo getMLText("choose_role")?> <option value="-1"><?php echo getMLText("choose_role")?>
<?php if($accessop->check_controller_access('RoleMgr', array('action'=>'addrole'))) { ?>
<option value="0"><?php echo getMLText("add_role")?> <option value="0"><?php echo getMLText("add_role")?>
<?php } ?>
<?php <?php
foreach ($roles as $currRole) { foreach ($roles as $currRole) {
print "<option value=\"".$currRole->getID()."\" ".($selrole && $currRole->getID()==$selrole->getID() ? 'selected' : '').">" . htmlspecialchars($currRole->getName()); print "<option value=\"".$currRole->getID()."\" ".($selrole && $currRole->getID()==$selrole->getID() ? 'selected' : '').">" . htmlspecialchars($currRole->getName());