Suppressed menu in view popups.

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 772793447eba5b599bfe39710d56760fe6b3feb0..a79410c3977f38cc8b596fa6b16a3d64518d6b9c 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -25,7 +25,7 @@ $ -> Affected files
 $ config.php
   /sql/en_US-new.sql
   /sql/en_US-demo.sql
-! Moved check page security from session.inc to main.inc. There should be no menus on popup windows.
+! Suppressed menu on access denied in view popup windows.
 $ /includes/session.inc
   /includes/main.inc
 

diff --git a/includes/main.inc b/includes/main.inc
index c20ae74909cc3aa04a06627413c0851327e9db04..5d4371ba68d6c0efbfa1e2fdb52e7271db0f84be 100644 (file)
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -28,34 +28,12 @@ include_once($path_to_root . "/installed_extensions.php");
 function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false)
 {
 
-       global $path_to_root, $page_security;
+       global $path_to_root;
 
        $hide_menu = $no_menu;
 
        include($path_to_root . "/includes/page/header.inc");
 
-       if (!$_SESSION["wa_current_user"]->check_user_access())
-       {
-               echo "<br><br><br><center>";
-               echo "<b>" . _("Security settings have not been defined for your user account.");
-               echo "<br>" . _("Please contact your system administrator.") . "</b>";
-
-               kill_login();
-               exit;
-       }
-
-       if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
-       {
-               page_header(_("Access denied"), $no_menu);
-               echo "<center><br><br><br><b>";
-               echo _("The security settings on your account do not permit you to access this function");
-               echo "</b>";
-               echo "<br><br><br><br></center>";
-               end_page();
-               //kill_login();
-               exit;
-       }
-
        page_header($title, $no_menu, $is_index, $onload, $js);
        error_box();
        if($script_only) {              

diff --git a/includes/session.inc b/includes/session.inc
index e8a83a6dad9f6d67d6b313e4aa40a23194336482..b641fbcc66b8925cae563635fba1740df630a9ec 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -45,6 +45,37 @@ function login_fail()
        die();
 }
 
+//----------------------------------------------------------------------------------------
+
+function check_page_security($page_security)
+{
+       if (!$_SESSION["wa_current_user"]->check_user_access())
+       {
+               echo "<br><br><br><center>";
+               echo "<b>" . _("Security settings have not been defined for your user account.");
+               echo "<br>" . _("Please contact your system administrator.") . "</b>";
+
+               kill_login();
+               exit;
+       }
+
+       if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
+       {
+               // no_menu parameter guess here is ugly hack, but works for now.
+               // Better solution is to use global switch for menu, set before 
+               // session.inc inclusion.
+               page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
+
+               echo "<center><br><br><br><b>";
+               echo _("The security settings on your account do not permit you to access this function");
+               echo "</b>";
+               echo "<br><br><br><br></center>";
+               end_page();
+               //kill_login();
+               exit;
+       }
+}
+
 //-----------------------------------------------------------------------------
 //     Removing magic quotes from nested arrays/variables
 //
@@ -152,6 +183,8 @@ if (!isset($_SESSION["App"])) {
 
 //----------------------------------------------------------------------------------------
 
+check_page_security($page_security);
+
 // POST vars cleanup needed for direct reuse.
 // We quote all values later with db_escape() before db update.
        $_POST = strip_quotes($_POST);