From 0beb325a748bb32dbf312c55e0afea57e7380972 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 25 Jun 2009 09:30:34 +0000
Subject: [PATCH] Suppressed menu in view popups.

---
 CHANGELOG.txt        |  2 +-
 includes/main.inc    | 24 +-----------------------
 includes/session.inc | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 77279344..a79410c3 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -25,7 +25,7 @@ $ -> Affected files
 $ config.php
   /sql/en_US-new.sql
   /sql/en_US-demo.sql
-! Moved check page security from session.inc to main.inc. There should be no menus on popup windows.
+! Suppressed menu on access denied in view popup windows.
 $ /includes/session.inc
   /includes/main.inc
 
diff --git a/includes/main.inc b/includes/main.inc
index c20ae749..5d4371ba 100644
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -28,34 +28,12 @@ include_once($path_to_root . "/installed_extensions.php");
 function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false)
 {
 
-   	global $path_to_root, $page_security;
+   	global $path_to_root;
 
    	$hide_menu = $no_menu;
 
    	include($path_to_root . "/includes/page/header.inc");
 
-	if (!$_SESSION["wa_current_user"]->check_user_access())
-	{
-		echo "<br><br><br><center>";
-		echo "<b>" . _("Security settings have not been defined for your user account.");
-		echo "<br>" . _("Please contact your system administrator.") . "</b>";
-
-		kill_login();
-		exit;
-	}
-
-	if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
-	{
-		page_header(_("Access denied"), $no_menu);
-		echo "<center><br><br><br><b>";
-		echo _("The security settings on your account do not permit you to access this function");
-		echo "</b>";
-		echo "<br><br><br><br></center>";
-		end_page();
-		//kill_login();
-		exit;
-	}
-
    	page_header($title, $no_menu, $is_index, $onload, $js);
 	error_box();
 	if($script_only) {		
diff --git a/includes/session.inc b/includes/session.inc
index e8a83a6d..b641fbcc 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -45,6 +45,37 @@ function login_fail()
 	die();
 }
 
+//----------------------------------------------------------------------------------------
+
+function check_page_security($page_security)
+{
+	if (!$_SESSION["wa_current_user"]->check_user_access())
+	{
+		echo "<br><br><br><center>";
+		echo "<b>" . _("Security settings have not been defined for your user account.");
+		echo "<br>" . _("Please contact your system administrator.") . "</b>";
+
+		kill_login();
+		exit;
+	}
+
+	if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
+	{
+		// no_menu parameter guess here is ugly hack, but works for now.
+		// Better solution is to use global switch for menu, set before 
+		// session.inc inclusion.
+		page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
+
+		echo "<center><br><br><br><b>";
+		echo _("The security settings on your account do not permit you to access this function");
+		echo "</b>";
+		echo "<br><br><br><br></center>";
+		end_page();
+		//kill_login();
+		exit;
+	}
+}
+
 //-----------------------------------------------------------------------------
 //	Removing magic quotes from nested arrays/variables
 //
@@ -152,6 +183,8 @@ if (!isset($_SESSION["App"])) {
 
 //----------------------------------------------------------------------------------------
 
+check_page_security($page_security);
+
 // POST vars cleanup needed for direct reuse.
 // We quote all values later with db_escape() before db update.
 	$_POST = strip_quotes($_POST);
-- 
2.30.2