Merge pull request #505 from wrongecho/quick-fix-tech-financials

Role enforcement

clients.php

@@ -320,7 +320,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             <?php } ?>
 
             <!-- Show actions for Admin role only -->
-            <?php //if($session_user_role == 3) { ?>
+            <?php if ($session_user_role == 3) { ?>
               <td>
                 <div class="dropdown dropleft text-center">
                   <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
@@ -335,7 +335,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                   </div>
                 </div>
               </td>
-            <?php //} ?>
+            <?php } ?>
           </tr>
 
           <?php

dashboard_financial.php

@@ -1,6 +1,17 @@
 <?php include("inc_all.php"); ?>
 
-<?php 
+<?php
+
+// Quick fix to prevent non-admins (i.e. techs) seeing financials - redirect to client list
+//  To be removed when we have a proper technical dashboard for techs
+if ($_SESSION['user_role'] != 3) { ?>
+  <script type="text/javascript">
+      window.location.href = 'clients.php';
+  </script>
+<?php
+  exit();
+}
+
 
 function roundUpToNearestMultiple($n, $increment = 1000)
 {