function CheckPermissions($table, $permis) { foreach ($this->getPermissionType($permis) as $val) { if (CheckTablePermissions($table, $val)) { return true; } } return false; }
static function checkUserPermissions($table, $permission) { // user is logged in if (!isLogged() || isLoggedAsGuest()) { Security::tryRelogin(); } // admin area security if ($table == ADMIN_USERS) { return IsAdmin(); } return CheckTablePermissions($table, $permission); }
include('classes/viewpage.php'); include("classes/searchclause.php"); add_nocache_headers(); RunnerPage::reloginAndLogoutProcess("S"); if(!isLogged()) { redirectToLogin(); } if( !postvalue("onFly") ) $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"]; // check user permissions if(!CheckTablePermissions($strTableName, "S")) { HeaderRedirect("menu"); } $layout = new TLayout("view2", "BoldOrange", "MobileOrange"); $layout->version = 2; $layout->blocks["top"] = array(); $layout->containers["all"] = array(); $layout->containers["all"][] = array("name"=>"wrapper", "block"=>"", "substyle"=>1 , "container"=>"main" ); $layout->containers["main"] = array(); $layout->containers["main"][] = array("name"=>"wrapper",
@ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); require_once "include/dbcommon.php"; add_nocache_headers(); require_once "include/CompanyMaster_variables.php"; require_once "classes/searchcontrol.php"; require_once "classes/advancedsearchcontrol.php"; require_once "classes/panelsearchcontrol.php"; require_once "classes/searchclause.php"; if (!isLogged()) { Security::saveRedirectURL(); redirectToLogin(); } $cname = postvalue("cname"); $rname = postvalue("rname"); $accessGranted = CheckTablePermissions($strTableName, "S"); if (!$accessGranted) { HeaderRedirect("menu"); } $layout = new TLayout("search5", "CityBlueWave", "MobileBlueWave"); $layout->version = 2; $layout->blocks["top"] = array(); $layout->containers["fields"] = array(); $layout->container_properties["fields"] = array(); $layout->containers["fields"][] = array("name" => "srchheader", "block" => "searchheader", "substyle" => 2); $layout->containers["fields"][] = array("name" => "srchconditions", "block" => "conditions_block", "substyle" => 1); $layout->containers["fields"][] = array("name" => "srchfields", "block" => "", "substyle" => 1); $layout->containers["fields"][] = array("name" => "srchbuttons", "block" => "searchbuttons", "substyle" => 2); $layout->skins["fields"] = "fields"; $layout->blocks["top"][] = "fields"; $page_layouts["CompanyMaster_search"] = $layout;
/** * Prepare the detail preview data, fille coresssponding controls maps and * assign all required xt variables * @param String dpType * @param String dpTableName * @param Number dpId * @param &Array data */ public function setDetailPreview($dpType, $dpTableName, $dpId, &$data) { if ($this->pageType != PAGE_EDIT && $this->pageType != PAGE_VIEW && $this->pageType != PAGE_ADD || !CheckTablePermissions($dpTableName, "S")) { return; } if ($dpType == PAGE_CHART) { $this->setDetailChartOnEditView($dpTableName, $dpId, $data); } elseif ($dpType == PAGE_REPORT) { $this->setDetailReportOnEditView($dpTableName, $dpId, $data); } else { // $dpType == PAGE_LIST $this->setDetailList($dpTableName, $dpId, $data); } }
/** * Check if to add session owner id value * @param String ownerField * @param String currentValue * @return Boolean */ public function checkIfToAddOwnerIdValue($ownerField, $currentValue) { return $this->pSet->getOriginalTableName() == $this->pSet->getOwnerTable($ownerField) && !$this->isAutoincPrimaryKey($ownerField) && (!CheckTablePermissions($this->tName, 'M') || !strlen($currentValue)); }
{ $changedValues[$fieldName] = $value; } } //check if some values are duplicated for the fields not allowing duplicates $retval = !$pageObject->hasDeniedDuplicateValues($changedValues, $usermessage); } // if get save data and user is logged and not check permission if ($evalues && !CheckTablePermissions($strTableName, "E") && isLogged()) { $retval = false; $usermessage = 'You have no permissions to complete this action.'; } // if get save data and user is not logged or guest if ($evalues && ((!CheckTablePermissions($strTableName, "E") && isLoggedAsGuest()) || !isLogged())) { $retval = false; $usermessage = "Your session has expired." . "<a href='#' id='loginButtonContinue" . $pageObject->id . "'>" . "Login" . "</a>" . " to save data."; } if($retval && $pageObject->isCaptchaOk) { if($inlineedit!=EDIT_INLINE) $_SESSION[$strTableName."_count_captcha"] = $_SESSION[$strTableName."_count_captcha"]+1; //set updated lat-lng values for all map fileds with 'UpdateLatLng' ticked if( $pageObject->isTableGeoUpdatable() ) $pageObject->setUpdatedLatLng( $evalues, $dataold ); $customEditResult = true; if($eventObj->exists("CustomEdit"))
protected function recheckUserPermissions() { if (CheckTablePermissions($this->tName, "E")) { return true; } if (isLoggedAsGuest() || !isLogged()) { $this->setMessage("Your session has expired." . "<a href='#' id='loginButtonContinue" . $this->id . "'>" . "Login" . "</a>" . " to save data."); } else { $this->setMessage('You have no permissions to complete this action.'); } return false; }
protected static function checkLookupPermissions($table) { $lookupMainSettings = ListPage::readMainTableSettingsFromRequest($table); if (!$lookupMainSettings) { return false; } $mainTable = $lookupMainSettings->getTableName(); // page called for List page with search lookup and the user has permissions on the main table if (CheckTablePermissions($mainTable, "S") || CheckTablePermissions($mainTable, "E") || CheckTablePermissions($mainTable, "A")) { return true; } // otherwise check if the page is called from the register page return false; }
static function reloginAndLogoutProcess($permission) { global $strTableName; include_once(getabspath('classes/loginpage.php')); $loginXt = new Xtempl(); $loginParams = array("pageType" => PAGE_LOGIN); $loginParams['xt'] = &$loginXt; $loginParams["tName"]= NOT_TABLE_BASED_TNAME; $loginParams['needSearchClauseObj'] = false; $loginPageObject = new LoginPage($loginParams); $loginPageObject->init(); // login automatically, if username and password are in cookies. if( !isLogged() || isLoggedAsGuest() ) { $username = $_COOKIE["username"]; $password = $_COOKIE["password"]; if( $username != "" && $password != "" ) { $loginPageObject->LogIn($username, $password); } } $url = $_SERVER["SCRIPT_NAME"].(!empty($_SERVER["QUERY_STRING"]) ? "?".$_SERVER["QUERY_STRING"] : ''); if (!postvalue("onFly")) { $_SESSION["MyURL"] = $url; } if (postvalue("a")=="logout") { $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"]; if (!CheckTablePermissions($strTableName, $permission) || !isLogged()) { HeaderRedirect("login", "", ""); exit(); } if (isLogged() && !isLoggedAsGuest()) { $loginPageObject->LogoutAndRedirect($url); } } }
} // check user permissions $permissionGranted = false; if($lookupInRegisterPage) { $permissionGranted = true; } if(!$permissionGranted) { $permissionGranted = CheckTablePermissions($strTableName, "S"); } if(!$permissionGranted && $lookupInPage) { $mainTable = $lookupMainSettings->getTableName(); $permissionGranted = CheckTablePermissions($mainTable, "S") || CheckTablePermissions($mainTable, "E") || CheckTablePermissions($mainTable, "A"); } if(!$permissionGranted) { if(IsAdmin()) { echo "<p>"."You don't have permissions to access this table"."<br><a href=\"".GetTableLink("admin_rights", "list")."\">"."Proceed to Admin Area"."</a> "."to set up user permissions"."</p>"; } else HeaderRedirect("menu"); exit(); }