Refactor permission checks in multiple files to ensure correct access control for communications, users, downloads, and translations. Updated conditions to validate permissions based on user roles.

2026-01-28 14:38:08 +01:00
parent 9e5f5581be
commit 0b090699b8
6 changed files with 8 additions and 8 deletions
--- a/account.php
+++ b/account.php
@@ -239,13 +239,13 @@ $soldto_id = explode("-",$account_hierarchy->soldto) ?? '';

 //DISPLAY RELATED COMMUNICATION RECORDS
 $view_communication = '';
-if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
+if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
    $view_communication = ' <a href="index.php?page=communications&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_communication.'</a>';
 }

 //DISPLAY RELATED USERS
 $view_users ='';
-if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
+if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
    $view_users = ' <a href="index.php?page=users&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_users.'</a>';
 }

--- a/cartests.php
+++ b/cartests.php
@@ -112,7 +112,7 @@ $view .= '
                <a class="btn alt" href="index.php?page=cartests">'.$general_filters_clear.'</a>';
                
 //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){
+if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 1){
    $view .= '<a class="btn alt" href="index.php?page=cartests&download=">
                <i class="fa-solid fa-download"></i> Download
              </a>';
--- a/equipments.php
+++ b/equipments.php
@@ -192,7 +192,7 @@ $view .= '
                <a class="btn alt" href="index.php?page=equipments">X</a>';
                
 //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
    $view .= '<a class="btn alt" href="index.php?page=equipments&download=">
                <i class="fa-solid fa-download"></i>
              </a>';
--- a/report_healthindex.php
+++ b/report_healthindex.php
@@ -135,7 +135,7 @@ $view .= '
        ';

 //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
    $view .='<div class="filters">
                <a href="index.php?page=report_healthindex&download="><i class="fa-solid fa-download"></i></a>        
            </div>';
--- a/rmas.php
+++ b/rmas.php
@@ -113,7 +113,7 @@ $view .= '
                <a class="btn alt" href="index.php?page=rmas">'.$general_filters_clear.'</a>';
                
 //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
    $view .= '<a class="btn alt" href="index.php?page=rmas&download=">
                <i class="fa-solid fa-download"></i> Download
              </a>';
--- a/translation_manage.php
+++ b/translation_manage.php
@@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) {
            if ($responses === 'NOK'){

            } else {
-                if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
+                if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
                    generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']);
                }
                header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].'');
@@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) {

            if ($NOK_error == 0){
                //NO errors generatelanguagefile
-                if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
+                if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
                    generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']);
                }
            }