X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fsecurity_roles.php;h=5617eb79a9ede3b45bfe730bfa74e561f0c0bd9f;hb=cc36638b65572da4867b7622723d6ed0135525b8;hp=c4667fa09d9dff885a9f6dc8bbfde3934a626b3b;hpb=9381638e04621e55e75822417f6c530dc8b8334c;p=fa-stable.git

diff --git a/admin/security_roles.php b/admin/security_roles.php
index c4667fa0..5617eb79 100644
--- a/admin/security_roles.php
+++ b/admin/security_roles.php
@@ -13,6 +13,8 @@ $page_security = 'SA_SECROLES';
 $path_to_root = "..";
 include_once($path_to_root . "/includes/session.inc");
 
+add_access_extensions();
+
 page(_("Access setup"));
 
 include_once($path_to_root . "/includes/ui.inc");
@@ -46,7 +48,17 @@ if (get_post('addupdate'))
       	display_error( _("Role name cannot be empty."));
 		set_focus('name');
    	}
-	
+		// prevent accidental editor lockup by removing SA_SECROLES
+	if (get_post('role') == $_SESSION['wa_current_user']->access) {
+		if (!isset($_POST['Area'.$security_areas['SA_SECROLES'][0]])
+			|| !isset($_POST['Section'.SS_SETUP])) {
+			display_error(_("Access level edition in Company setup section have to be enabled for your account."));
+	      	$input_error = 1;
+	      	set_focus(!isset($_POST['Section'.SS_SETUP]) 
+	      		? 'Section'.SS_SETUP : 'Area'.$security_areas['SA_SECROLES'][0]);
+		}
+	}
+
 	if ($input_error == 0)
 	{
 		$sections = array();
@@ -54,9 +66,10 @@ if (get_post('addupdate'))
 		foreach($_POST as $p =>$val) {
 			if (substr($p,0,4) == 'Area')
 				$areas[] = substr($p, 4);
-			if (substr($p,0,6) == 'Section')
-				$sections[] = substr($p, 6);
+			if (substr($p,0,7) == 'Section')
+				$sections[] = substr($p, 7);
 		}
+		
 		sort($areas);
 		sort($sections);
      	if ($new_role) 
@@ -164,6 +177,10 @@ end_table(1);
 	$m = 0;
 	asort($security_areas); // in the case installed external modules has added some lines
 	foreach($security_areas as $area =>$parms ) {
+		// system setup areas are accessable only for site admins i.e. 
+		// admins of first registered company
+		if (user_company() && (($parms[0]&~0xff) == SS_SADMIN)) continue;
+
 		if (($parms[0]&~0xff) != $m)
 		{ // features set selection
 			$m = $parms[0] & ~0xff;