pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files

Browse Source 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
This commit is contained in:
“VeLiTi”
2026-01-20 15:00:00 +01:00
parent 24481279d5
commit 18469fe958
90 changed files with 368 additions and 384 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
communications.php
View File

@@ -19,15 +19,15 @@ $back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'communication';
$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
//GET PARAMETERS
$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
@@ -83,7 +83,7 @@ if ($create_allowed === 1){
$view .= '<a href="index.php?page=communication" class="btn">'.$button_create_communication.'</a>';
}
if (isAllowed('communication_send',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U') === 1){
if (isAllowed('communication_send',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U') === 1){
$view .= '<a href="index.php?page=communication_send" class="btn red mar-right-2">'.$button_create_communication_send.'</a>';
}