AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-06-26 19:50:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

USe enforceClientAccess and enforceUserPermissions on Client related edit / view modals as we do with credential edit modal

Browse Source
This commit is contained in:
johnnyq
2026-06-26 12:05:11 -04:00
parent c16a1753a5
commit f14fa22222
11 changed files with 58 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
agent/modals/asset/asset_copy.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['id']); $asset_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets $sql = mysqli_query($mysqli, "SELECT * FROM assets
@@ -41,8 +43,10 @@ $asset_contact_id = intval($row['asset_contact_id']);
$asset_network_id = intval($row['interface_network_id']); $asset_network_id = intval($row['interface_network_id']);
$device_icon = getAssetIcon($asset_type); $device_icon = getAssetIcon($asset_type);
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

7
agent/modals/asset/asset_details.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support');
$asset_id = intval($_GET['id']); $asset_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets $sql = mysqli_query($mysqli, "SELECT * FROM assets
@@ -218,9 +220,12 @@ if (isset($_GET['client_id'])) {
$client_url = ''; $client_url = '';
} }
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fa fa-fw fa-<?= $device_icon ?> mr-2"></i><strong><?= $asset_name ?></strong> <h5 class="modal-title"><i class="fa fa-fw fa-<?= $device_icon ?> mr-2"></i><strong><?= $asset_name ?></strong>
<?php if ($asset_favorite) { ?><i class="fas fa-fw text-warning fa-star" title="Favorite"></i><?php } ?> <?php if ($asset_favorite) { ?><i class="fas fa-fw text-warning fa-star" title="Favorite"></i><?php } ?>

5
agent/modals/asset/asset_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['id']); $asset_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets $sql = mysqli_query($mysqli, "SELECT * FROM assets
@@ -59,7 +61,10 @@ while ($row = mysqli_fetch_assoc($sql_asset_tags)) {
$asset_tag_id_array[] = $asset_tag_tag_id; $asset_tag_id_array[] = $asset_tag_tag_id;
} }
enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

6
agent/modals/certificate/certificate_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$certificate_id = intval($_GET['id']); $certificate_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id LIMIT 1");
@@ -20,8 +22,10 @@ $client_id = intval($row['certificate_client_id']);
$history_sql = mysqli_query($mysqli, "SELECT * FROM certificate_history WHERE certificate_history_certificate_id = $certificate_id"); $history_sql = mysqli_query($mysqli, "SELECT * FROM certificate_history WHERE certificate_history_certificate_id = $certificate_id");
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

7
agent/modals/contact/contact_details.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_client');
$contact_id = intval($_GET['id']); $contact_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts $sql = mysqli_query($mysqli, "SELECT * FROM contacts
@@ -184,9 +186,12 @@ elseif ($document_count) { $first_tab = "documents"; }
elseif ($file_count) { $first_tab = "files"; } elseif ($file_count) { $first_tab = "files"; }
elseif ($note_count) { $first_tab = "notes"; } elseif ($note_count) { $first_tab = "notes"; }
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">
<h5 class="modal-title"> <h5 class="modal-title">
<div class="media"> <div class="media">

7
agent/modals/contact/contact_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_client', 2);
$contact_id = intval($_GET['id']); $contact_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts $sql = mysqli_query($mysqli, "SELECT * FROM contacts
@@ -43,9 +45,12 @@ while ($row = mysqli_fetch_assoc($sql_contact_tags)) {
$contact_tag_id_array[] = $contact_tag_id; $contact_tag_id_array[] = $contact_tag_id;
} }
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">
<h5 class="modal-title"><i class='fas fa-user-edit mr-2'></i>Editing Contact: <strong><?php echo $contact_name; ?></strong></h5> <h5 class="modal-title"><i class='fas fa-user-edit mr-2'></i>Editing Contact: <strong><?php echo $contact_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">

6
agent/modals/document/document_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$document_id = intval($_GET['id']); $document_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id LIMIT 1");
@@ -14,8 +16,10 @@ $document_folder_id = intval($row['document_folder_id']);
$document_client_visible = intval($row['document_client_visible']); $document_client_visible = intval($row['document_client_visible']);
$client_id = intval($row['document_client_id']); $client_id = intval($row['document_client_id']);
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

6
agent/modals/domain/domain_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$domain_id = intval($_GET['id']); $domain_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id LIMIT 1");
@@ -26,8 +28,10 @@ $client_id = intval($row['domain_client_id']);
$history_sql = mysqli_query($mysqli, "SELECT * FROM domain_history WHERE domain_history_domain_id = $domain_id"); $history_sql = mysqli_query($mysqli, "SELECT * FROM domain_history WHERE domain_history_domain_id = $domain_id");
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

5
agent/modals/network/network_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$network_id = intval($_GET['id']); $network_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id LIMIT 1");
@@ -19,7 +21,10 @@ $network_notes = nullable_htmlentities($row['network_notes']);
$network_location_id = intval($row['network_location_id']); $network_location_id = intval($row['network_location_id']);
$client_id = intval($row['network_client_id']); $client_id = intval($row['network_client_id']);
enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">

7
agent/modals/rack/rack_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$rack_id = intval($_GET['id']); $rack_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM racks WHERE rack_id = $rack_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM racks WHERE rack_id = $rack_id LIMIT 1");
@@ -20,9 +22,12 @@ $rack_location_id = nullable_htmlentities($row['rack_location_id']);
$rack_created_at = nullable_htmlentities($row['rack_created_at']); $rack_created_at = nullable_htmlentities($row['rack_created_at']);
$client_id = intval($row['rack_client_id']); $client_id = intval($row['rack_client_id']);
// Generate the HTML form content using output buffering. enforceClientAccess();
ob_start(); ob_start();
?> ?>
<div class="modal-header bg-dark"> <div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fa fa-fw fa-server mr-2"></i>Editing rack: <strong><?php echo $rack_name; ?></strong></h5> <h5 class="modal-title"><i class="fa fa-fw fa-server mr-2"></i>Editing rack: <strong><?php echo $rack_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">

4
agent/modals/software/software_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_support', 2);
$software_id = intval($_GET['id']); $software_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = $software_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = $software_id LIMIT 1");
@@ -51,6 +53,8 @@ $license_types_array = array (
'Usage-based' 'Usage-based'
); );
enforceClientAccess();
ob_start(); ob_start();
?> ?>