From 0b090699b8d4f19a458b54ee1cf076d942a8d54a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Wed, 28 Jan 2026 14:38:08 +0100
Subject: [PATCH] Refactor permission checks in multiple files to ensure
correct access control for communications, users, downloads, and
translations. Updated conditions to validate permissions based on user roles.
---
account.php | 4 ++--
cartests.php | 2 +-
equipments.php | 2 +-
report_healthindex.php | 2 +-
rmas.php | 2 +-
translation_manage.php | 4 ++--
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/account.php b/account.php
index 5ebd2b1..831a34f 100644
--- a/account.php
+++ b/account.php
@@ -239,13 +239,13 @@ $soldto_id = explode("-",$account_hierarchy->soldto) ?? '';
//DISPLAY RELATED COMMUNICATION RECORDS
$view_communication = '';
-if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
+if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
$view_communication = ' '.$button_partner_assigned_communication.'';
}
//DISPLAY RELATED USERS
$view_users ='';
-if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
+if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
$view_users = ' '.$button_partner_assigned_users.'';
}
diff --git a/cartests.php b/cartests.php
index eb2a160..c73fc58 100644
--- a/cartests.php
+++ b/cartests.php
@@ -112,7 +112,7 @@ $view .= '
'.$general_filters_clear.'';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){
+if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 1){
$view .= '
Download
';
diff --git a/equipments.php b/equipments.php
index 0d1e811..31af2bf 100644
--- a/equipments.php
+++ b/equipments.php
@@ -192,7 +192,7 @@ $view .= '
X';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .= '
';
diff --git a/report_healthindex.php b/report_healthindex.php
index 50c5b82..a459bff 100644
--- a/report_healthindex.php
+++ b/report_healthindex.php
@@ -135,7 +135,7 @@ $view .= '
';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .='';
diff --git a/rmas.php b/rmas.php
index 3513b04..f3cb901 100644
--- a/rmas.php
+++ b/rmas.php
@@ -113,7 +113,7 @@ $view .= '
'.$general_filters_clear.'';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
-if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
+if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .= '
Download
';
diff --git a/translation_manage.php b/translation_manage.php
index 4bcb0b3..56e6bf8 100644
--- a/translation_manage.php
+++ b/translation_manage.php
@@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) {
if ($responses === 'NOK'){
} else {
- if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
+ if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']);
}
header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].'');
@@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) {
if ($NOK_error == 0){
//NO errors generatelanguagefile
- if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
+ if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']);
}
}