Commit 075d8968 authored by changi67's avatar changi67

[MOD] access check: deploy some accesslib check functions

parent da497708
......@@ -10,22 +10,9 @@ require_once ('tiki-setup.php');
include_once ('lib/wiki/histlib.php');
$auto_query_args = array('sort_mode', 'offset', 'find', 'days');
$smarty->assign('headtitle', tra('Last Changes'));
if ($prefs['feature_wiki'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki");
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_lastChanges'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_lastChanges");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_wiki');
$access->check_feature('feature_lastChanges');
$access->check_permission('tiki_p_view');
if (!isset($_REQUEST["find"])) {
$findwhat = '';
} else {
......
......@@ -8,16 +8,8 @@ $section = 'wiki page';
$section_class = "tiki_wiki_page manage"; // This will be body class instead of $section
require_once ('tiki-setup.php');
include_once ('lib/wiki/wikilib.php');
if ($prefs['feature_wiki'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki");
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_likePages'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_likePages");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_wiki');
$access->check_feature('feature_likePages');
// Get the page from the request var or default it to HomePage
if (!isset($_REQUEST["page"])) {
$smarty->assign('msg', tra("No page indicated"));
......@@ -32,14 +24,8 @@ if (!($info = $tikilib->get_page_info($page))) {
$smarty->display('error.tpl');
die;
}
// Now check permissions to access this page
$tikilib->get_perm_object($page, 'wiki page', $info);
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view pages like this page"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view');
$likepages = $wikilib->get_like_pages($page);
// If the page doesn't exist then display an error
if (!$tikilib->page_exists($page)) {
......
......@@ -8,18 +8,8 @@ $section = 'cms';
require_once ('tiki-setup.php');
include_once ('lib/articles/artlib.php');
$smarty->assign('headtitle', tra('List Articles'));
if ($prefs['feature_articles'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_articles");
$smarty->display("error.tpl");
die;
}
// Now check permissions to access this page
if ($tiki_p_read_article != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view pages"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_articles');
$access->check_permission('tiki_p_read_article');
if (isset($_REQUEST["remove"])) {
$artperms = Perms::get( array( 'type' => 'article', 'object' => $_REQUEST['remove'] ) );
......
......@@ -9,12 +9,7 @@ include_once ('lib/banners/bannerlib.php');
if (!isset($bannerlib)) {
$bannerlib = new BannerLib;
}
// CHECK FEATURE BANNERS HERE
if ($prefs['feature_banners'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_banners");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_banners');
if (isset($_REQUEST["remove"])) {
if ($tiki_p_admin_banners != 'y') {
......
......@@ -11,17 +11,8 @@ $smarty->assign('headtitle', tra('Blogs'));
if ($prefs['feature_categories'] == 'y') {
include_once ('lib/categories/categlib.php');
}
if ($prefs['feature_blogs'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_blogs");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_read_blog != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can not view this section"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_blogs');
$access->check_permission('tiki_p_read_blog');
if (isset($_REQUEST["remove"])) {
// Check if it is the owner
$data = $tikilib->get_blog($_REQUEST["remove"]);
......
......@@ -5,12 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-list_cache.php,v 1.14 2007-10-12 07:55:28 nyloth Exp $
require_once ('tiki-setup.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
if (isset($_REQUEST["remove"])) {
$area = 'delcache';
if ($prefs['feature_ticketlib2'] != 'y' or (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"]))) {
......
......@@ -8,12 +8,7 @@ require_once ('tiki-setup.php');
include_once ('lib/commentslib.php');
$auto_query_args = array('types_section', 'types', 'show_types', 'sort_mode', 'offset', 'find', 'findfilter_approved');
$commentslib = new Comments($dbTiki);
if ($tiki_p_admin_comments != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin_comments');
$title = tra('Comments');
$sections_keys = array('objectType' => 'commentsFeature', 'itemObjectType' => 'itemCommentsFeature');
// types_section is used to limit the user to only one section (e.g. 'blogs')
......
......@@ -10,17 +10,8 @@ $auto_query_args = array('sort_mode', 'offset', 'find');
if (!isset($dcslib)) {
$dcslib = new DCSLib;
}
if ($prefs['feature_dynamic_content'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_dynamic_content");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_admin_dynamic != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_dynamic_content');
$access->check_permission('tiki_p_admin_dynamic');
if (isset($_REQUEST["remove"])) {
$area = 'delcontents';
if ($prefs['feature_ticketlib2'] != 'y' or (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"]))) {
......
......@@ -8,17 +8,8 @@ $section = 'faqs';
require_once ('tiki-setup.php');
include_once ('lib/faqs/faqlib.php');
$auto_query_args = array('offset', 'find', 'sort_mode', 'faqId');
if ($prefs['feature_faqs'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_faqs");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_faqs != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_faqs');
$access->check_permission('tiki_p_view_faqs');
$smarty->assign('headtitle', tra('FAQs'));
if (!isset($_REQUEST["faqId"])) {
$_REQUEST["faqId"] = 0;
......
......@@ -6,11 +6,7 @@
// $Id: /cvsroot/tikiwiki/tiki/tiki-list_file_gallery.php,v 1.50.2.14 2008-03-16 00:06:53 nyloth Exp $
$section = 'file_galleries';
require_once ('tiki-setup.php');
if ($prefs['feature_file_galleries'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_file_galleries');
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_file_galleries');
include_once ('lib/filegals/filegallib.php');
include_once ('lib/stats/statslib.php');
if ($prefs['feature_categories'] == 'y') {
......
......@@ -8,11 +8,7 @@ $section = 'galleries';
require_once ('tiki-setup.php');
include_once ('lib/categories/categlib.php');
include_once ("lib/imagegals/imagegallib.php");
if ($prefs['feature_galleries'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_galleries");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_galleries');
if (empty($_REQUEST["galleryId"]) && $_REQUEST["galleryId"] != '0') {
$smarty->assign('msg', tra("No gallery indicated"));
$smarty->display("error.tpl");
......@@ -25,13 +21,7 @@ if ($_REQUEST["galleryId"] != '0' && $imagegallib->get_gallery($_REQUEST["galler
}
$tikilib->get_perm_object( $_REQUEST['galleryId'], 'image gallery' );
if ($tiki_p_view_image_gallery != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot access this gallery"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view_image_gallery');
/*
if($tiki_p_upload_images != 'y') {
$smarty->assign('errortype', 401);
......
......@@ -6,18 +6,8 @@
//$Id: /cvsroot/tikiwiki/tiki/tiki-list_integrator_repositories.php,v 1.14 2007-10-12 07:55:28 nyloth Exp $
require_once ('tiki-setup.php');
require_once ('lib/integrator/integrator.php');
// If Integrator is ON, check permissions...
if ($prefs['feature_integrator'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_integrator");
$smarty->display("error.tpl");
die;
}
if (($tiki_p_view_integrator != 'y') && ($tiki_p_admin_integrator != 'y') && ($tiki_p_admin != 'y')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_integrator');
$access->check_permission(array('tiki_p_view_integrator','tiki_p_admin_integrator','tiki_p_admin'));
// Create instance of integrator
$integrator = new TikiIntegrator($dbTiki);
// Fill list of repositories
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment