From 28dc4d32ad13e24b8b94b829baf2e17172477f12 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 13 Apr 2016 18:42:58 +0200 Subject: [PATCH] check access rights --- out/out.MyAccount.php | 7 +++++-- out/out.MyDocuments.php | 7 +++++-- out/out.SubstituteUser.php | 7 +++++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/out/out.MyAccount.php b/out/out.MyAccount.php index 5aca11e08..e5d8fe9d5 100644 --- a/out/out.MyAccount.php +++ b/out/out.MyAccount.php @@ -26,17 +26,20 @@ include("../inc/inc.DBInit.php"); include("../inc/inc.ClassUI.php"); include("../inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); + if ($user->isGuest()) { UI::exitError(getMLText("my_account"),getMLText("access_denied")); } -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { $view->setParam('enableuserimage', $settings->_enableUserImage); $view->setParam('passwordexpiration', $settings->_passwordExpiration); $view->setParam('httproot', $settings->_httpRoot); $view->setParam('quota', $settings->_quota); + $view->setParam('accessobject', $accessop); $view($_GET); exit; } diff --git a/out/out.MyDocuments.php b/out/out.MyDocuments.php index 219ca3796..5997d8f84 100644 --- a/out/out.MyDocuments.php +++ b/out/out.MyDocuments.php @@ -31,6 +31,10 @@ include("../inc/inc.Authentication.php"); */ require_once("SeedDMS/Preview.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); + if ($user->isGuest()) { UI::exitError(getMLText("my_documents"),getMLText("access_denied")); } @@ -47,8 +51,6 @@ if (isset($_GET["orderby"]) && strlen($_GET["orderby"])==1 ) { $orderby=$_GET["orderby"]; } -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { $view->setParam('orderby', $orderby); $view->setParam('showinprocess', $showInProcess); @@ -57,6 +59,7 @@ if($view) { $view->setParam('previewWidthList', $settings->_previewWidthList); $view->setParam('previewconverters', $settings->_converters['preview']); $view->setParam('timeout', $settings->_cmdTimeout); + $view->setParam('accessobject', $accessop); $view($_GET); exit; } diff --git a/out/out.SubstituteUser.php b/out/out.SubstituteUser.php index 79a56145e..e7f4d727b 100644 --- a/out/out.SubstituteUser.php +++ b/out/out.SubstituteUser.php @@ -26,18 +26,21 @@ include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassAccessOperation.php"); include("../inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1]); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); + if ($user->isAdmin()) { $allUsers = $dms->getAllUsers($settings->_sortUsersInList); } else { $allUsers = $user->getReverseSubstitutes(); } -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1]); if($view) { $view->setParam('dms', $dms); $view->setParam('user', $user); $view->setParam('allusers', $allUsers); + $view->setParam('accessobject', $accessop); $view($_GET); exit; }