Suppressed menu in view popups.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index e8a83a6dad9f6d67d6b313e4aa40a23194336482..b641fbcc66b8925cae563635fba1740df630a9ec 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -45,6 +45,37 @@ function login_fail()
        die();
 }
 
+//----------------------------------------------------------------------------------------
+
+function check_page_security($page_security)
+{
+       if (!$_SESSION["wa_current_user"]->check_user_access())
+       {
+               echo "<br><br><br><center>";
+               echo "<b>" . _("Security settings have not been defined for your user account.");
+               echo "<br>" . _("Please contact your system administrator.") . "</b>";
+
+               kill_login();
+               exit;
+       }
+
+       if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
+       {
+               // no_menu parameter guess here is ugly hack, but works for now.
+               // Better solution is to use global switch for menu, set before 
+               // session.inc inclusion.
+               page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
+
+               echo "<center><br><br><br><b>";
+               echo _("The security settings on your account do not permit you to access this function");
+               echo "</b>";
+               echo "<br><br><br><br></center>";
+               end_page();
+               //kill_login();
+               exit;
+       }
+}
+
 //-----------------------------------------------------------------------------
 //     Removing magic quotes from nested arrays/variables
 //
@@ -152,6 +183,8 @@ if (!isset($_SESSION["App"])) {
 
 //----------------------------------------------------------------------------------------
 
+check_page_security($page_security);
+
 // POST vars cleanup needed for direct reuse.
 // We quote all values later with db_escape() before db update.
        $_POST = strip_quotes($_POST);