pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files

Browse Source 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
This commit is contained in:
“VeLiTi”
2026-01-20 15:00:00 +01:00
parent 24481279d5
commit 18469fe958
90 changed files with 368 additions and 384 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
equipment.php
View File

@@ -14,19 +14,19 @@ include_once './settings/settings_redirector.php';
$_SESSION['prev_origin_equipment'] = $_SERVER['REQUEST_URI'];
$page = 'equipment';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'equipment_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
$view_product = isAllowed('product' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R');
$view_history = isAllowed('history' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
$view_contracts = isAllowed('contracts' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
$view_product = isAllowed('product' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R');
$view_history = isAllowed('history' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
$view_contracts = isAllowed('contracts' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
@@ -108,7 +108,7 @@ if (!empty($responses->sw_version_upgrade) && isset($products_software) && $prod
}
//Calculate Healthindex based on last test
$total_score = assetHealthIndex($_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],$equipment_data,0);
$total_score = assetHealthIndex($_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],$equipment_data,0);
//GetPartnerDetails
$partner_data = json_decode($responses->accounthierarchy);
@@ -369,7 +369,7 @@ if (!empty($responses->geolocation) || $responses->geolocation != ''){
}
//Get all related service events
if (isAllowed('servicereports',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 1){
if (isAllowed('servicereports',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
$service_events = serviceEvents($history,$page);
$view .= '<div class="content-block">
@@ -382,7 +382,7 @@ $view .= '<div class="content-block">
}
//Show equipment_data when available and allowed
if (isAllowed('equipment_data',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 1 && !empty($equipment_data)){
if (isAllowed('equipment_data',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1 && !empty($equipment_data)){
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.($view_asset_data_text ?? '').'