gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 23:24:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add access checks for all tabs

Browse Source
This commit is contained in:
Uwe Steinmann 2023-04-20 13:28:03 +02:00
parent c4c36735b6
commit ff64e76213
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
views/bootstrap/class.ViewDocument.php
View File

@ -1017,7 +1017,7 @@ $(document).ready( function() {
?>
<ul class="nav nav-pills" id="docinfotab" role="tablist">
<li class="nav-item <?php if(!$currenttab || $currenttab == 'docinfo') echo 'active'; ?>"><a class="nav-link <?php if(!$currenttab || $currenttab == 'docinfo') echo 'active'; ?>" data-target="#docinfo" data-toggle="tab" role="button"><?php printMLText('current_version'); ?></a></li>
<?php if (count($versions)>1) { ?>
<?php if (count($versions)>1 && $accessobject->check_view_access($this, array('action'=>'previous'))) { ?>
<li class="nav-item <?php if($currenttab == 'previous') echo 'active'; ?>"><a class="nav-link <?php if($currenttab == 'previous') echo 'active'; ?>" data-target="#previous" data-toggle="tab" role="button"><?php printMLText('previous_versions'); ?></a></li>
<?php
}
@ -1035,20 +1035,26 @@ $(document).ready( function() {
<?php
}
}
if(is_array($receiptStatus) && count($receiptStatus)>0) {
if(is_array($receiptStatus) && count($receiptStatus)>0 && $accessobject->check_view_access($this, array('action'=>'recipients'))) {
?>
<li class="nav-item <?php if($currenttab == 'recipients') echo 'active'; ?>"><a class="nav-link <?php if($currenttab == 'recipients') echo 'active'; ?>" data-target="#recipients" data-toggle="tab" role="button"><?php echo getMLText('recipients'); ?></a></li>
<?php
}
if(is_array($revisionStatus) && count($revisionStatus)>0) {
if(is_array($revisionStatus) && count($revisionStatus)>0 && $accessobject->check_view_access($this, array('action'=>'revision'))) {
?>
<li class="nav-item <?php if($currenttab == 'revision') echo 'active'; ?>"><a class="nav-link <?php if($currenttab == 'revision') echo 'active'; ?>" data-target="#revision" data-toggle="tab" role="button"><?php echo getMLText('revise_document'); ?></a></li>
<?php
}
if($accessobject->check_view_access($this, array('action'=>'attachments'))) {
?>
<li class="nav-item <?php if($currenttab == 'attachments') echo 'active'; ?>"><a class="nav-link <?php if($currenttab == 'attachments') echo 'active'; ?>" data-target="#attachments" data-toggle="tab" role="button"><?php printMLText('linked_files'); echo (count($files)) ? " (".count($files).")" : ""; ?></a></li>
<?php
}
if($accessobject->check_view_access($this, array('action'=>'links'))) {
?>
<li class="nav-item <?php if($currenttab == 'links') echo 'active'; ?>"><a class="nav-link <?php if($currenttab == 'links') echo 'active'; ?>" data-target="#links" data-toggle="tab" role="button"><?php printMLText('linked_documents'); echo (count($links) || count($reverselinks)) ? " (".count($links)."/".count($reverselinks).")" : ""; ?></a></li>
<?php
}
$tabs = $this->callHook('extraTabs', $document);
if($tabs) {
foreach($tabs as $tabid=>$tab) {
@ -1621,7 +1627,7 @@ $(document).ready( function() {
<?php
}
}
if(is_array($receiptStatus) && count($receiptStatus)>0) {
if(is_array($receiptStatus) && count($receiptStatus)>0 && $accessobject->check_view_access($this, array('action'=>'recipients'))) {
?>
<div class="tab-pane <?php if($currenttab == 'recipients') echo 'active'; ?>" id="recipients">
<?php
@ -1759,7 +1765,7 @@ $(document).ready( function() {
</div>
<?php
}
if(is_array($revisionStatus) && count($revisionStatus)>0) {
if(is_array($revisionStatus) && count($revisionStatus)>0 && $accessobject->check_view_access($this, array('action'=>'revision'))) {
?>
<div class="tab-pane <?php if($currenttab == 'revision') echo 'active'; ?>" id="revision">
<?php
@ -1876,7 +1882,7 @@ $(document).ready( function() {
</div>
<?php
}
if (count($versions)>1) {
if (count($versions)>1 && $accessobject->check_view_access($this, array('action'=>'previous'))) {
?>
<div class="tab-pane <?php if($currenttab == 'previous') echo 'active'; ?>" id="previous" role="tabpanel">
<?php
@ -1894,6 +1900,7 @@ $(document).ready( function() {
</div>
<?php
}
if($accessobject->check_view_access($this, array('action'=>'attachments'))) {
?>
<div class="tab-pane <?php if($currenttab == 'attachments') echo 'active'; ?>" id="attachments" role="tabpanel">
<?php
@ -1919,6 +1926,10 @@ $(document).ready( function() {
$this->rowEnd();
?>
</div>
<?php
}
if($accessobject->check_view_access($this, array('action'=>'links'))) {
?>
<div class="tab-pane <?php if($currenttab == 'links') echo 'active'; ?>" id="links" role="tabpanel">
<?php
if (count($links) > 0) {
@ -2026,6 +2037,7 @@ $(document).ready( function() {
?>
</div>
<?php
}
if($tabs) {
foreach($tabs as $tabid=>$tab) {
echo '<div class="tab-pane '.($currenttab == $tabid ? 'active' : '').'" id="'.$tabid.'" role="tabpanel">';