AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-02 20:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move role validation to functions.php

Browse Source
This commit is contained in:
Marcus Hill
2022-05-07 17:25:30 +01:00
parent d900a7d341
commit 5cbd0fad0d
4 changed files with 124 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
ajax.php
View File

@@ -59,12 +59,7 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
* Looks up info for a given certificate ID from the database, used to dynamically populate modal fields * Looks up info for a given certificate ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['certificate_get_json_details'])){ if(isset($_GET['certificate_get_json_details'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$certificate_id = intval($_GET['certificate_id']); $certificate_id = intval($_GET['certificate_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
@@ -88,12 +83,7 @@ if(isset($_GET['certificate_get_json_details'])){
* Looks up info for a given domain ID from the database, used to dynamically populate modal fields * Looks up info for a given domain ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['domain_get_json_details'])){ if(isset($_GET['domain_get_json_details'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$domain_id = intval($_GET['domain_id']); $domain_id = intval($_GET['domain_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
@@ -117,12 +107,7 @@ if(isset($_GET['domain_get_json_details'])){
* Looks up info on the ticket number provided, used to populate the ticket merge modal * Looks up info on the ticket number provided, used to populate the ticket merge modal
*/ */
if(isset($_GET['merge_ticket_get_json_details'])){ if(isset($_GET['merge_ticket_get_json_details'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$merge_into_ticket_number = intval($_GET['merge_into_ticket_number']); $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
@@ -145,12 +130,7 @@ if(isset($_GET['merge_ticket_get_json_details'])){
* Looks up info for a given network ID from the database, used to dynamically populate modal fields * Looks up info for a given network ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['network_get_json_details'])){ if(isset($_GET['network_get_json_details'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$network_id = intval($_GET['network_id']); $network_id = intval($_GET['network_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
@@ -229,12 +209,7 @@ if(isset($_GET['ticket_query_views'])){
* Generates public/guest links for sharing logins/docs * Generates public/guest links for sharing logins/docs
*/ */
if(isset($_GET['share_generate_link'])){ if(isset($_GET['share_generate_link'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$item_encrypted_credential = ''; // Default empty $item_encrypted_credential = ''; // Default empty
@@ -293,12 +268,7 @@ if(isset($_GET['share_generate_link'])){
* Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields * Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields
*/ */
if(isset($_GET['scheduled_ticket_get_json_details'])){ if(isset($_GET['scheduled_ticket_get_json_details'])){
if($session_user_role == 1){ validateTechRole();
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$ticket_id = intval($_GET['ticket_id']); $ticket_id = intval($_GET['ticket_id']);

3
check_login.php
View File

@@ -89,7 +89,4 @@ $num_notifications = $row['num'];
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Role check failed wording
DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
?> ?>

37
functions.php
View File

@@ -1,5 +1,8 @@
<?php <?php
// Role check failed wording
DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
function keygen() function keygen()
{ {
$chars = "abcdefghijklmnopqrstuvwxyz"; $chars = "abcdefghijklmnopqrstuvwxyz";
@@ -432,4 +435,38 @@ function validateCSRFToken($token){
} }
} }
/*
* Role validation
* Admin - 3
* Tech - 2
* Accountant - 1
*/
function validateAdminRole(){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
}
function validateTechRole(){
if($session_user_role == 1){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
}
function validateAccountantRole(){
if($session_user_role == 2){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
}
?> ?>

567
post.php
View File

File diff suppressed because it is too large Load Diff