mirror of
https://github.com/itflow-org/itflow
synced 2026-06-26 19:50:40 +00:00
USe enforceClientAccess and enforceUserPermissions on Client related edit / view modals as we do with credential edit modal
This commit is contained in:
johnnyq
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$asset_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets
|
||||
@@ -41,8 +43,10 @@ $asset_contact_id = intval($row['asset_contact_id']);
|
||||
$asset_network_id = intval($row['interface_network_id']);
|
||||
$device_icon = getAssetIcon($asset_type);
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support');
|
||||
|
||||
$asset_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets
|
||||
@@ -218,9 +220,12 @@ if (isset($_GET['client_id'])) {
|
||||
$client_url = '';
|
||||
}
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-<?= $device_icon ?> mr-2"></i><strong><?= $asset_name ?></strong>
|
||||
<?php if ($asset_favorite) { ?><i class="fas fa-fw text-warning fa-star" title="Favorite"></i><?php } ?>
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$asset_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets
|
||||
@@ -59,7 +61,10 @@ while ($row = mysqli_fetch_assoc($sql_asset_tags)) {
|
||||
$asset_tag_id_array[] = $asset_tag_tag_id;
|
||||
}
|
||||
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$certificate_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id LIMIT 1");
|
||||
@@ -20,8 +22,10 @@ $client_id = intval($row['certificate_client_id']);
|
||||
|
||||
$history_sql = mysqli_query($mysqli, "SELECT * FROM certificate_history WHERE certificate_history_certificate_id = $certificate_id");
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_client');
|
||||
|
||||
$contact_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts
|
||||
@@ -184,9 +186,12 @@ elseif ($document_count) { $first_tab = "documents"; }
|
||||
elseif ($file_count) { $first_tab = "files"; }
|
||||
elseif ($note_count) { $first_tab = "notes"; }
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
<h5 class="modal-title">
|
||||
<div class="media">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_client', 2);
|
||||
|
||||
$contact_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts
|
||||
@@ -43,9 +45,12 @@ while ($row = mysqli_fetch_assoc($sql_contact_tags)) {
|
||||
$contact_tag_id_array[] = $contact_tag_id;
|
||||
}
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
<h5 class="modal-title"><i class='fas fa-user-edit mr-2'></i>Editing Contact: <strong><?php echo $contact_name; ?></strong></h5>
|
||||
<button type="button" class="close text-white" data-dismiss="modal">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$document_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id LIMIT 1");
|
||||
@@ -14,8 +16,10 @@ $document_folder_id = intval($row['document_folder_id']);
|
||||
$document_client_visible = intval($row['document_client_visible']);
|
||||
$client_id = intval($row['document_client_id']);
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$domain_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id LIMIT 1");
|
||||
@@ -26,8 +28,10 @@ $client_id = intval($row['domain_client_id']);
|
||||
|
||||
$history_sql = mysqli_query($mysqli, "SELECT * FROM domain_history WHERE domain_history_domain_id = $domain_id");
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$network_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id LIMIT 1");
|
||||
@@ -19,7 +21,10 @@ $network_notes = nullable_htmlentities($row['network_notes']);
|
||||
$network_location_id = intval($row['network_location_id']);
|
||||
$client_id = intval($row['network_client_id']);
|
||||
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$rack_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM racks WHERE rack_id = $rack_id LIMIT 1");
|
||||
@@ -20,9 +22,12 @@ $rack_location_id = nullable_htmlentities($row['rack_location_id']);
|
||||
$rack_created_at = nullable_htmlentities($row['rack_created_at']);
|
||||
$client_id = intval($row['rack_client_id']);
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-server mr-2"></i>Editing rack: <strong><?php echo $rack_name; ?></strong></h5>
|
||||
<button type="button" class="close text-white" data-dismiss="modal">
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$software_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = $software_id LIMIT 1");
|
||||
@@ -51,6 +53,8 @@ $license_types_array = array (
|
||||
'Usage-based'
|
||||
);
|
||||
|
||||
enforceClientAccess();
|
||||
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user