pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files

Browse Source 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
This commit is contained in:
“VeLiTi”
2026-01-20 15:00:00 +01:00
parent 24481279d5
commit 18469fe958
90 changed files with 368 additions and 384 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
product.php
View File

@@ -17,7 +17,7 @@ $page = 'product';
$back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">←</a>':'';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
@@ -27,12 +27,12 @@ $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
//PAGE Security
$page_manage = 'product_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
$media_update = isAllowed('products_media' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$software_update = isAllowed('products_software_assignment' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
$media_update = isAllowed('products_media' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$software_update = isAllowed('products_software_assignment' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';