Commit 0cd50511 authored by sylvieg's avatar sylvieg

set smarty errortype to 401 if permission denied

parent 60799e15
......@@ -20,6 +20,7 @@ if ($prefs['feature_articles'] != 'y') {
// Now check permissions to access this page
if(($tiki_p_read_article != 'y') && ($tiki_p_articles_read_heading != 'y')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra("Permission denied you cannot view pages"));
$smarty->display("error.tpl");
die;
......
......@@ -33,6 +33,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -35,6 +35,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_broadcast != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -33,6 +33,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -37,6 +37,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -35,6 +35,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -35,6 +35,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -35,6 +35,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -33,6 +33,7 @@ if ($prefs['feature_messages'] != 'y') {
}
if ($tiki_p_messages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -10,6 +10,7 @@ if ($prefs['feature_action_calendar'] != 'y') {
}
if ($tiki_p_view_tiki_calendar != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view the Tiki calendar"));
$smarty->display("error.tpl");
die;
......
......@@ -17,6 +17,7 @@ if ($prefs['feature_banning'] != 'y') {
}
if ($tiki_p_admin_banning != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -17,6 +17,7 @@ if ($prefs['feature_charts'] != 'y') {
}
if ($tiki_p_admin_charts != 'y' and $tiki_p_suggest_chart_item != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -29,6 +29,7 @@ if (isset($_REQUEST['rremove'])) {
$area = 'delstruct';
$structure_info = $structlib->s_get_structure_info($_REQUEST['rremove']);
if (!$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_edit')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......@@ -45,6 +46,7 @@ if (isset($_REQUEST['rremovex'])) {
$area = 'delstructandpages';
$structure_info = $structlib->s_get_structure_info($_REQUEST['rremovex']);
if (!$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_edit')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......@@ -61,6 +63,7 @@ if (isset($_REQUEST['export'])) {
check_ticket('admin-structures');
$structure_info = $structlib->s_get_structure_info($_REQUEST['export']);
if ($prefs['feature_wiki_export'] != 'y' || $tiki_p_admin_wiki != 'y' || !$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_view')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra('Permission denied you cannot view this page'));
$smarty->display("error.tpl");
die;
......@@ -72,6 +75,7 @@ if (isset($_REQUEST['export_tree'])) {
check_ticket('admin-structures');
$structure_info = $structlib->s_get_structure_info($_REQUEST['export_tree']);
if (!$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_view')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra('Permission denied you cannot view this page'));
$smarty->display("error.tpl");
die;
......@@ -88,6 +92,7 @@ if (isset($_REQUEST['remove'])) {
check_ticket('admin-structures');
$structure_info = $structlib->s_get_structure_info($_REQUEST['remove']);
if (!$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_edit')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......
......@@ -120,6 +120,7 @@ function batchImportUsers() {
if (!in_array($err, $errors))
$errors[] = $err;
} elseif ($tiki_p_admin != 'y' && !array_key_exists($grp, $userGroups)) {
$smarty->assign('errortype', 401);
$err = tra("Permission denied").": $grp";
if (!in_array($err, $errors))
$errors[] = $err;
......
......@@ -47,6 +47,7 @@ if (substr($page, 0, strlen($prefs['wikiapproval_prefix'])) != $prefs['wikiappro
// first check perms for category set as the approved category (this could be necessary in some setups even though page perms are checked below)
if ($prefs['wikiapproval_approved_category'] == 0 && $tiki_p_edit != 'y' || $prefs['wikiapproval_approved_category'] > 0 && !$categlib->has_edit_permission($user, $prefs['wikiapproval_approved_category'])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot approve staging pages"));
$smarty->display("error.tpl");
......@@ -78,6 +79,7 @@ if ($info) {
$tikilib->get_perm_object($page, 'wiki page', $info, true);
}
if ($tiki_p_edit != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......
......@@ -15,8 +15,9 @@ if ($prefs['rss_articles'] != 'y') {
}
if ($tiki_p_read_article != 'y') {
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
}
$feed = "articles";
......@@ -40,6 +41,7 @@ if (isset($_REQUEST['lang'])) {
$uniqueid .= '/'.$articleLang;
if ($topic and !$tikilib->user_has_perm_on_object($user,$topic,'topic','tiki_p_topic_read')) {
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
}
......
......@@ -41,6 +41,7 @@ include_once ("tiki-pagesetup.php");
// Now check permissions to access this page
if ($tiki_p_view != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view backlinks for this page"));
$smarty->display("error.tpl");
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_gal_batch'] != 'y') {
// Now check permissions to access this page
if ($tiki_p_batch_upload_image_dir != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot use the batch directory loading"));
$smarty->display("error.tpl");
die;
......
......@@ -19,6 +19,7 @@ if ($prefs['feature_file_galleries_batch'] != 'y') {
// Now check permissions to access this page
if ($tiki_p_batch_upload_file_dir != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot use the batch directory loading"));
$smarty->display("error.tpl");
die;
......
......@@ -27,6 +27,7 @@ if ($prefs['feature_blogs'] != 'y') {
// Now check permissions to access this page
if ((empty($_REQUEST['blogId']) && $tiki_p_blog_post != 'y') || (!empty($_REQUEST["blogId"]) && !$tikilib->user_has_perm_on_object($user, $_REQUEST['blogId'], 'blog', 'tiki_p_blog_post'))) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot post"));
$smarty->display("error.tpl");
......@@ -85,6 +86,7 @@ if (isset($_REQUEST["postId"]) && $_REQUEST["postId"] > 0) {
if ($data["user"] != $user || !$user) {
if ($tiki_p_blog_admin != 'y' && !$tikilib->user_has_perm_on_object($user, $_REQUEST['blogId'], 'blog', 'tiki_p_blog_admin')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this post"));
$smarty->display("error.tpl");
......@@ -230,6 +232,7 @@ if ((isset($_REQUEST["save"]) || isset($_REQUEST['save_exit'])) && !$contributio
}
if ($tiki_p_blog_post != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot post"));
$smarty->display("error.tpl");
die;
......@@ -246,6 +249,7 @@ if ((isset($_REQUEST["save"]) || isset($_REQUEST['save_exit'])) && !$contributio
if ($data["user"] != $user || !$user) {
if ($tiki_p_blog_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this post"));
$smarty->display("error.tpl");
die;
......
......@@ -29,6 +29,7 @@ if ($prefs['feature_blog_rankings'] != 'y') {
}
if ($tiki_p_read_blog != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view this section"));
$smarty->display("error.tpl");
......
......@@ -51,8 +51,9 @@ if ($tiki_p_blog_admin == 'y') {
}
if ($tiki_p_read_blog != 'y') {
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
}
$feed = "blog";
......
......@@ -106,6 +106,7 @@ if (is_array($_REQUEST['parentId'])) {
}
if(!$canView) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra("Permission denied you cannot view this page"));
$smarty->display("error.tpl");
die;
......
......@@ -30,6 +30,7 @@ if (isset($_REQUEST['del'])) {
if ($tiki_p_admin == 'y' || $tiki_p_unassign_freetags == 'y') {
$freetaglib->delete_object_tag($_REQUEST['itemit'],$_REQUEST['typeit'],$_REQUEST['tag']);
} else {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
......
......@@ -28,6 +28,7 @@ if ($prefs['feature_galleries'] != 'y') {
}
if ($_REQUEST["galleryId"] == 0 && $tiki_p_admin_galleries != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot access this gallery"));
$smarty->display("error.tpl");
......@@ -75,6 +76,7 @@ if ($userlib->object_has_one_permission($_REQUEST["galleryId"], 'image gallery')
$is_categorized = FALSE;
}
if ($is_categorized && isset($tiki_p_view_categorized) && $tiki_p_view_categorized != 'y') {
$smarty->assign('errortype', 401);
if (!isset($user)){
$smarty->assign('display_login_box','y');
$smarty->assign('errortitle',tra("Please login"));
......@@ -97,6 +99,7 @@ if ($tiki_p_admin_galleries == 'y') {
}
if ($tiki_p_view_image_gallery != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can not view this section"));
$smarty->display("error.tpl");
......@@ -114,6 +117,7 @@ if ($_REQUEST["galleryId"] != 0) {
//$smarty->assign('use_theme','y');
/*
if($user!='admin' && $user!=$gal_info["user"] && $gal_info["public"]!='y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra("Permission denied you cannot browse this gallery"));
$smarty->display("error.tpl");
die;
......@@ -163,6 +167,7 @@ if (isset($_REQUEST["remove"])) {
check_ticket('browse-gallery');
// To remove an image the user must be the owner or admin
if (($tiki_p_admin_galleries != 'y') && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot remove images from this gallery"));
$smarty->display("error.tpl");
......@@ -182,6 +187,7 @@ if (isset($_REQUEST["rebuild"])) {
check_ticket('browse-gallery');
// To rebuild thumbnails the user must be the owner or admin
if (($tiki_p_admin_galleries != 'y') && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot rebuild thumbnails in this gallery"));
$smarty->display("error.tpl");
......@@ -196,6 +202,7 @@ if (isset($_REQUEST["rotateright"])) {
check_ticket('browse-gallery');
// To rotate an image the user must be the owner or admin
if (($tiki_p_admin_galleries != 'y') && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot rotate images in this gallery"));
$smarty->display("error.tpl");
......@@ -209,6 +216,7 @@ if (isset($_REQUEST["rotateleft"])) {
check_ticket('browse-gallery');
// To rotate an image the user must be the owner or admin
if (($tiki_p_admin_galleries != 'y') && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot rotate images in this gallery"));
$smarty->display("error.tpl");
......
......@@ -77,6 +77,7 @@ if ($userlib->object_has_one_permission($galleryId, 'image gallery')) {
$is_categorized = FALSE;
}
if ($is_categorized && isset($tiki_p_view_categorized) && $tiki_p_view_categorized != 'y') {
$smarty->assign('errortype', 401);
if (!isset($user)){
$smarty->assign('display_login_box','y');
$smarty->assign('errortitle',tra("Please login"));
......@@ -98,6 +99,7 @@ if ($tiki_p_admin_galleries == 'y') {
}
if ($tiki_p_view_image_gallery != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can not view this section"));
$smarty->display("error.tpl");
die;
......@@ -182,6 +184,7 @@ if ($prefs['feature_gal_slideshow'] != 'n') {
if (isset($_REQUEST["move_image"])) {
check_ticket('browse-image');
if ($tiki_p_admin_galleries != 'y' && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot move images from this gallery"));
$smarty->display("error.tpl");
......
......@@ -104,6 +104,7 @@ if ($prefs['feature_categories'] == 'y' and isset($_REQUEST['calIds'])) {
$is_categorized = FALSE;
}
if ($is_categorized && isset($tiki_p_view_categorized) && $tiki_p_view_categorized != 'y') {
$smarty->assign('errortype', 401);
if (!isset($user)){
$smarty->assign('display_login_box','y');
$smarty->assign('errortitle',tra("Please login"));
......@@ -117,6 +118,7 @@ if ($prefs['feature_categories'] == 'y' and isset($_REQUEST['calIds'])) {
}
if ($viewOneCal != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view the calendar"));
$smarty->display("error.tpl");
die;
......
......@@ -126,6 +126,7 @@ if ($prefs['feature_categories'] == 'y') {
$$p = $v;
}
if (isset($tiki_p_view_categorized) && $tiki_p_view_categorized != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra("Permission denied you cannot view this page"));
$smarty->display("error.tpl");
die;
......@@ -262,6 +263,7 @@ if (isset($_REQUEST["delete"]) and ($_REQUEST["delete"]) and isset($_REQUEST["ca
$smarty->assign('edit',true);
$hour_minmax = floor(($calendar['startday']-1)/(60*60)).'-'. ceil(($calendar['endday'])/(60*60));
} else {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can not view this page"));
$smarty->display("error.tpl");
die;
......
......@@ -16,8 +16,9 @@ if (!isset($prefs['rss_calendar']) || $prefs['rss_calendar'] != 'y') {
}
if ($tiki_p_view_calendar != 'y') {
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied you cannot view this section");
require_once ('tiki-rss_error.php');
}
$feed = "calendars";
......
......@@ -34,6 +34,7 @@ if (!isset($_REQUEST['categId'])) {
// Now check permissions to access this page
if ($tiki_p_admin_categories != 'y' && $tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied; you cannot assign permissions for this category'));
$smarty->display("error.tpl");
......
......@@ -10,6 +10,7 @@
require_once ('tiki-setup.php');
if ($prefs['change_password'] != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -29,6 +29,7 @@ if ($prefs['feature_cms_rankings'] != 'y') {
}
if ($tiki_p_read_article != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view this section"));
$smarty->display("error.tpl");
......
......@@ -66,6 +66,7 @@ $struct_info = $structlib->s_get_structure_info($_REQUEST['struct']);
$smarty->assign_by_ref('struct_info',$struct_info);
if (!$tikilib->user_has_perm_on_object($user,$struct_info["pageName"],'wiki page','tiki_p_view')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra('Permission denied you cannot view this page'));
$smarty->display("error.tpl");
die;
......
......@@ -20,8 +20,9 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied");
require_once ('tiki-rss_error.php');
require_once ('tiki-rss_error.php');
}
$feed = "directories";
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_submit_link != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_directory'] != 'y') {
if ($tiki_p_admin_directory
!= 'y' && $tiki_p_admin_directory_sites != 'y' && $tiki_p_admin_directory_cats != 'y' && $tiki_p_validate_links != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -18,6 +18,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_admin_directory_cats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
......
......@@ -19,6 +19,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_admin_directory_cats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -46,6 +46,7 @@ if (isset($parent_info) && $user) {
}
if ($tiki_p_admin_directory_sites != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -19,6 +19,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -21,6 +21,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$errmsg=tra("Permission denied");
require_once ('tiki-rss_error.php');
}
......
......@@ -20,6 +20,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_view_directory != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -19,6 +19,7 @@ if ($prefs['feature_directory'] != 'y') {
}
if ($tiki_p_validate_links != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
......
......@@ -24,6 +24,7 @@ if (isset($info['user']) && $info['user'] == $user) {
|| (isset($itemInfo['status']) and $itemInfo['status'] == 'c' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_view_trackers_closed'))
|| ($tiki_p_admin_trackers != 'y' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_view_trackers')
) ) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
......
......@@ -83,6 +83,7 @@ $smarty->assign('emails', '');
if (isset($_REQUEST["articleId"]) and $_REQUEST["articleId"] > 0) {
$article_data = $tikilib->get_article($_REQUEST["articleId"]);
if ($article_data === false) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
......@@ -146,6 +147,7 @@ if (isset($_REQUEST["articleId"]) and $_REQUEST["articleId"] > 0) {
// Now check permissions to access this page
// echo $tiki_p_edit_article.$article_data["author"].$article_data["creator_edit"];
if ($tiki_p_admin_cms != 'y' && !$tikilib->user_has_perm_on_object($user, $articleId, 'article', 'tiki_p_edit_article') and ($article_data["author"] != $user or $article_data["creator_edit"] != 'y')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this article"));
$smarty->display("error.tpl");
......
......@@ -23,6 +23,7 @@ if ($prefs['feature_blogs'] != 'y') {
// Now check permissions to access this page
if ($tiki_p_create_blogs != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot create or edit blogs"));
$smarty->display("error.tpl");
......@@ -104,6 +105,7 @@ if (isset($_REQUEST["blogId"]) && $_REQUEST["blogId"] > 0) {
if ($data["user"] != $user || !$user) {
if ($tiki_p_blog_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this blog"));
$smarty->display("error.tpl");
......
......@@ -35,6 +35,7 @@ if (!$_REQUEST['edit'] or !$_REQUEST['galleryId']) {
// Now check permissions to access this page
if ($tiki_p_upload_images != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit images"));
$smarty->display("error.tpl");
......@@ -92,6 +93,7 @@ if (isset($_REQUEST["editimage"]) || isset($_REQUEST["editimage_andgonext"])) {
$is_categorized = FALSE;
}
if ($is_categorized && isset($tiki_p_view_categorized) && $tiki_p_view_categorized != 'y') {
$smarty->assign('errortype', 401);
if (!isset($user)){
$smarty->assign('display_login_box','y');
$smarty->assign('errortitle',tra("Please login"));
......@@ -111,6 +113,7 @@ if (isset($_REQUEST["editimage"]) || isset($_REQUEST["editimage_andgonext"])) {
}
if ($tiki_p_upload_images != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit images"));
$smarty->display("error.tpl");
......@@ -125,6 +128,7 @@ if (isset($_REQUEST["editimage"]) || isset($_REQUEST["editimage_andgonext"])) {
// Check the user to be admin or owner or the gallery is public
if ($tiki_p_admin_galleries != 'y' && (!$user || $user != $gal_info["user"]) && $gal_info["public"] != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you can edit images but not in this gallery"));
$smarty->display("error.tpl");
......
......@@ -16,6 +16,7 @@ if ($prefs['lang_use_db'] != 'y') {
}
if ($tiki_p_edit_languages != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
......
......@@ -46,6 +46,7 @@ else
$smarty->assign('editable', $editable);
if (!$tikilib->user_has_perm_on_object($user,$structure_info["pageName"],'wiki page','tiki_p_view')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg',tra('Permission denied you cannot view this page'));
$smarty->display("error.tpl");
die;
......
......@@ -25,6 +25,7 @@ if ($prefs['feature_submissions'] != 'y') {
// Now check permissions to access this page
if ($tiki_p_submit_article != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot send submissions"));
$smarty->display("error.tpl");
......@@ -145,6 +146,7 @@ if (isset($_REQUEST["subId"])) {
if (isset($_REQUEST["subId"])) {
if ($_REQUEST["subId"] > 0) {
if (($tiki_p_edit_submission != 'y' and $article_data["author"] != $user) or $user == "") {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit submissions"));
$smarty->display("error.tpl");
die;
......
......@@ -114,6 +114,7 @@ if ($type == "wiki page") {
$smarty->assign('allowed_for_staging_only', 'y');
}
if ((!isset($allowed_for_staging_only) || $allowed_for_staging_only != 'y') && !($tiki_p_admin_wiki== 'y' || $tiki_p_edit == 'y' || ($prefs['wiki_creator_admin'] == 'y' && $user && $info['creator'] == $user) )) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
die;
......@@ -240,6 +241,7 @@ if ($type == "wiki page") {
}
else if ($type == "article") {
if ($tiki_p_admin_cms != 'y' && !$tikilib->user_has_perm_on_object($user, $id, 'article', 'tiki_p_edit_article') and ($info['author'] != $user or $info['creator_edit'] != 'y')) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot edit this article"));
$smarty->display("error.tpl");
die;
......
......@@ -28,6 +28,7 @@ if (!isset($_REQUEST['type']) || $_REQUEST['type'] == 'wiki page')