From 0beb325a748bb32dbf312c55e0afea57e7380972 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Thu, 25 Jun 2009 09:30:34 +0000 Subject: [PATCH] Suppressed menu in view popups. --- CHANGELOG.txt | 2 +- includes/main.inc | 24 +----------------------- includes/session.inc | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 77279344..a79410c3 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -25,7 +25,7 @@ $ -> Affected files $ config.php /sql/en_US-new.sql /sql/en_US-demo.sql -! Moved check page security from session.inc to main.inc. There should be no menus on popup windows. +! Suppressed menu on access denied in view popup windows. $ /includes/session.inc /includes/main.inc diff --git a/includes/main.inc b/includes/main.inc index c20ae749..5d4371ba 100644 --- a/includes/main.inc +++ b/includes/main.inc @@ -28,34 +28,12 @@ include_once($path_to_root . "/installed_extensions.php"); function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false) { - global $path_to_root, $page_security; + global $path_to_root; $hide_menu = $no_menu; include($path_to_root . "/includes/page/header.inc"); - if (!$_SESSION["wa_current_user"]->check_user_access()) - { - echo "


"; - echo "" . _("Security settings have not been defined for your user account."); - echo "
" . _("Please contact your system administrator.") . "
"; - - kill_login(); - exit; - } - - if (!$_SESSION["wa_current_user"]->can_access_page($page_security)) - { - page_header(_("Access denied"), $no_menu); - echo "



"; - echo _("The security settings on your account do not permit you to access this function"); - echo ""; - echo "



"; - end_page(); - //kill_login(); - exit; - } - page_header($title, $no_menu, $is_index, $onload, $js); error_box(); if($script_only) { diff --git a/includes/session.inc b/includes/session.inc index e8a83a6d..b641fbcc 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -45,6 +45,37 @@ function login_fail() die(); } +//---------------------------------------------------------------------------------------- + +function check_page_security($page_security) +{ + if (!$_SESSION["wa_current_user"]->check_user_access()) + { + echo "


"; + echo "" . _("Security settings have not been defined for your user account."); + echo "
" . _("Please contact your system administrator.") . "
"; + + kill_login(); + exit; + } + + if (!$_SESSION["wa_current_user"]->can_access_page($page_security)) + { + // no_menu parameter guess here is ugly hack, but works for now. + // Better solution is to use global switch for menu, set before + // session.inc inclusion. + page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/')); + + echo "



"; + echo _("The security settings on your account do not permit you to access this function"); + echo ""; + echo "



"; + end_page(); + //kill_login(); + exit; + } +} + //----------------------------------------------------------------------------- // Removing magic quotes from nested arrays/variables // @@ -152,6 +183,8 @@ if (!isset($_SESSION["App"])) { //---------------------------------------------------------------------------------------- +check_page_security($page_security); + // POST vars cleanup needed for direct reuse. // We quote all values later with db_escape() before db update. $_POST = strip_quotes($_POST); -- 2.30.2