AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix: Client Access Permissions

Browse Source 
Fix bug that allows users to view recurring tickets and projects they shouldn't have access to
This commit is contained in:
wrongecho
2024-08-28 20:17:41 +01:00
parent a4a110f1e7
commit 26d6737468
6 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
projects.php
View File

@@ -20,6 +20,11 @@ if($status == 1) {
$status_query = "IS NULL";
}
// Ticket client access snippet
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string)";
}
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);
@@ -33,6 +38,7 @@ $sql_projects = mysqli_query(
AND (project_name LIKE '%$q%' OR project_description LIKE '%$q%' OR user_name LIKE '%$q%')
AND project_archived_at IS NULL
AND project_completed_at $status_query
$project_permission_snippet
ORDER BY $sort $order LIMIT $record_from, $record_to"
);