pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor permission checks in multiple files to ensure correct access control for communications, users, downloads, and translations. Updated conditions to validate permissions based on user roles.

Browse Source
This commit is contained in:
“VeLiTi”
2026-01-28 14:38:08 +01:00
parent 9e5f5581be
commit 0b090699b8
6 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
account.php
View File

@@ -239,13 +239,13 @@ $soldto_id = explode("-",$account_hierarchy->soldto) ?? '';
//DISPLAY RELATED COMMUNICATION RECORDS //DISPLAY RELATED COMMUNICATION RECORDS
$view_communication = ''; $view_communication = '';
if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
$view_communication = ' <a href="index.php?page=communications&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_communication.'</a>'; $view_communication = ' <a href="index.php?page=communications&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_communication.'</a>';
} }
//DISPLAY RELATED USERS //DISPLAY RELATED USERS
$view_users =''; $view_users ='';
if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
$view_users = ' <a href="index.php?page=users&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_users.'</a>'; $view_users = ' <a href="index.php?page=users&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_users.'</a>';
} }

2
cartests.php
View File

@@ -112,7 +112,7 @@ $view .= '
<a class="btn alt" href="index.php?page=cartests">'.$general_filters_clear.'</a>'; <a class="btn alt" href="index.php?page=cartests">'.$general_filters_clear.'</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){ if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 1){
$view .= '<a class="btn alt" href="index.php?page=cartests&download="> $view .= '<a class="btn alt" href="index.php?page=cartests&download=">
<i class="fa-solid fa-download"></i> Download <i class="fa-solid fa-download"></i> Download
</a>'; </a>';

2
equipments.php
View File

@@ -192,7 +192,7 @@ $view .= '
<a class="btn alt" href="index.php?page=equipments">X</a>'; <a class="btn alt" href="index.php?page=equipments">X</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .= '<a class="btn alt" href="index.php?page=equipments&download="> $view .= '<a class="btn alt" href="index.php?page=equipments&download=">
<i class="fa-solid fa-download"></i> <i class="fa-solid fa-download"></i>
</a>'; </a>';

2
report_healthindex.php
View File

@@ -135,7 +135,7 @@ $view .= '
'; ';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .='<div class="filters"> $view .='<div class="filters">
<a href="index.php?page=report_healthindex&download="><i class="fa-solid fa-download"></i></a> <a href="index.php?page=report_healthindex&download="><i class="fa-solid fa-download"></i></a>
</div>'; </div>';

2
rmas.php
View File

@@ -113,7 +113,7 @@ $view .= '
<a class="btn alt" href="index.php?page=rmas">'.$general_filters_clear.'</a>'; <a class="btn alt" href="index.php?page=rmas">'.$general_filters_clear.'</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 1){
$view .= '<a class="btn alt" href="index.php?page=rmas&download="> $view .= '<a class="btn alt" href="index.php?page=rmas&download=">
<i class="fa-solid fa-download"></i> Download <i class="fa-solid fa-download"></i> Download
</a>'; </a>';

4
translation_manage.php
View File

@@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) {
if ($responses === 'NOK'){ if ($responses === 'NOK'){
} else { } else {
if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']); generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']);
} }
header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].''); header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].'');
@@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) {
if ($NOK_error == 0){ if ($NOK_error == 0){
//NO errors generatelanguagefile //NO errors generatelanguagefile
if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 1){
generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']); generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']);
} }
} }