Commit 11d15f7e authored by changi67's avatar changi67

[MOD] access check: deploy some accesslib check functions

parent ea092d90
......@@ -10,22 +10,9 @@ if ($prefs['feature_ajax'] == "y") {
require_once ('lib/ajax/ajaxlib.php');
}
include_once ('lib/minical/minicallib.php');
if ($prefs['feature_minical'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_minical");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_minical != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_minical');
$access->check_user($user);
$access->check_permission('tiki_p_minical');
if (!isset($_REQUEST["eventId"])) $_REQUEST["eventId"] = 0;
if (isset($_REQUEST['remove'])) {
$area = 'delminicalevent';
......
......@@ -6,16 +6,8 @@
// $Id$
require_once ('tiki-setup.php');
include_once ('lib/minical/minicallib.php');
if ($prefs['feature_minical'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_minical");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_minical');
$access->check_user($user);
//if($tiki_p_minical != 'y') {
// $smarty->assign('msg',tra("Permission denied to use this feature"));
// $smarty->display("error.tpl");
......
......@@ -7,11 +7,7 @@
include_once ("lib/init/initlib.php");
include_once ('tiki-setup_base.php');
include_once ('lib/minical/minicallib.php');
if ($prefs['feature_minical'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_minical");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_minical');
if (!$prefs['minical_reminders']) die;
//$refresh=$_REQUEST['refresh']*1000;
$refresh = 1000 * 60 * 1;
......
......@@ -5,11 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
require_once ('tiki-setup.php');
if ($prefs['feature_minichat'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_minichat');
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_minichat');
header("Pragma: public");
header("Pragma: no-cache");
header("Cache-Control: no-cache, must-revalidate, no-store, post-check=0, pre-check=0, max-age=0");
......@@ -126,4 +122,4 @@ if (substr($msg, 0, 1) == '/') {
}
echo "minichatlasttimeout = $lasttimeout;\n";
if (!isset($_REQUEST['msg'])) echo "setTimeout('minichat_update()', $lasttimeout);\n";
\ No newline at end of file
......@@ -6,11 +6,7 @@
// $Id$
require_once ('tiki-setup.php');
include_once ("lib/hawhaw/hawtikilib.php");
if ($prefs['feature_mobile'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_mobile");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_mobile');
$TikiPage = new HAW_deck(HAWIKI_TITLE, HAW_ALIGN_CENTER);
HAWTIKI_deck_init($TikiPage);
if (isset($_REQUEST['content']) && $_REQUEST['content'] == "about") {
......
......@@ -6,12 +6,7 @@
// $Id$
require_once ('tiki-setup.php');
include_once ('lib/mods/modslib.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
if (!is_dir($prefs['mods_dir'])) {
@mkdir($prefs['mods_dir'], 02777);
}
......
......@@ -11,12 +11,7 @@ if ($prefs['feature_ajax'] == "y") {
}
include_once ('lib/wiki/wikilib.php');
include_once ('lib/tasks/tasklib.php');
if (!$user) {
$smarty->assign('msg', tra("You are not logged in"));
$smarty->assign('errortype', '402');
$smarty->display("error.tpl");
die;
}
$access->check_user($user);
$userwatch = $user;
if (isset($_REQUEST["view_user"])) {
if ($_REQUEST["view_user"] <> $user) {
......
......@@ -6,11 +6,7 @@
// $Id$
require_once ('tiki-setup.php');
include_once ('lib/newsletters/nllib.php');
if ($prefs['feature_newsletters'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_newsletters");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_newsletters');
if (!empty($_REQUEST['nlId'])) {
$smarty->assign('nlId', $_REQUEST["nlId"]);
$nl_info = $nllib->get_newsletter($_REQUEST["nlId"]);
......
......@@ -7,17 +7,8 @@
$section = 'newsletters';
require_once ('tiki-setup.php');
global $nllib; include_once ('lib/newsletters/nllib.php');
if ($prefs['feature_newsletters'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_newsletters");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_list_newsletters != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_newsletters');
$access->check_permission('tiki_p_list_newsletters');
$auto_query_args = array('nlId', 'offset', 'sort_mode', 'find');
$smarty->assign('confirm', 'n');
......
......@@ -6,22 +6,9 @@
// $Id$
require_once ('tiki-setup.php');
include_once ('lib/notepad/notepadlib.php');
if ($prefs['feature_notepad'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_notepad");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_notepad != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_notepad');
$access->check_user($user);
$access->check_permission('tiki_p_notepad');
if (!isset($_REQUEST["noteId"])) {
$smarty->assign('msg', tra("No note indicated"));
$smarty->display("error.tpl");
......
......@@ -11,23 +11,9 @@ if ($prefs['feature_ajax'] == "y") {
}
include_once ('lib/notepad/notepadlib.php');
include_once ('lib/userfiles/userfileslib.php');
if ($prefs['feature_notepad'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_notepad");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->assign('errortype', '402');
$smarty->display("error.tpl");
die;
}
if ($tiki_p_notepad != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_notepad');
$access->check_user($user);
$access->check_permission('tiki_p_notepad');
// Process upload here
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
check_ticket('notepad-list');
......
......@@ -7,22 +7,9 @@
$section = 'mytiki';
require_once ('tiki-setup.php');
include_once ('lib/notepad/notepadlib.php');
if ($prefs['feature_notepad'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_notepad");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_notepad != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_notepad');
$access->check_user($user);
$access->check_permission('tiki_p_notepad');
if (!isset($_REQUEST["noteId"])) {
$smarty->assign('msg', tra("No note indicated"));
$smarty->display("error.tpl");
......
......@@ -7,21 +7,9 @@
$section = 'mytiki';
require_once ('tiki-setup.php');
include_once ('lib/notepad/notepadlib.php');
if ($prefs['feature_notepad'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_notepad");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_notepad != 'y') {
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_notepad');
$access->check_user($user);
$access->check_permission('tiki_p_notepad');
if (isset($_REQUEST["remove"])) {
check_ticket('notepad-write');
$notepadlib->remove_note($user, $_REQUEST['remove']);
......
......@@ -7,17 +7,8 @@
include_once ('tiki-setup.php');
global $categlib;
include_once ('lib/categories/categlib.php');
if ($prefs['feature_group_watches'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_group_watches');
$smarty->display('error.tpl');
die;
}
if ($tiki_p_admin != 'y' && $tiki_p_admin_users != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_group_watches');
$access->check_permission(array('tiki_p_admin','tiki_p_admin_users'));
if (!isset($_REQUEST['objectId']) || empty($_REQUEST['objectType']) || !isset($_REQUEST['objectName'])
|| !isset($_REQUEST['watch_event']) || !isset($_REQUEST['objectHref'])
) {
......
......@@ -39,12 +39,7 @@ if ($_REQUEST['objectType'] == 'wiki page') {
$tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType'], $info);
}
} else if ($_REQUEST['objectType'] == 'global') {
if ($tiki_p_admin != 'y') { // is there a better perm for this?
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot assign permissions for this object"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
} else {
$tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType']);
if ($_REQUEST['objectType'] == 'tracker') {
......
......@@ -9,18 +9,8 @@ include_once ('lib/polls/polllib.php');
if (!isset($polllib)) {
$polllib = new PollLib;
}
if ($prefs['feature_polls'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_polls");
$smarty->display("error.tpl");
die;
}
// Now check permissions to access this page
if ($tiki_p_view_poll_results != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_polls');
$access->check_permission('tiki_p_view_poll_results');
// This script can receive the thresold
// for the information as the number of
// days to get in the log 1,3,4,etc
......
......@@ -7,16 +7,8 @@
require_once ('tiki-setup.php');
include_once ('lib/htmlpages/htmlpageslib.php');
include_once ('lib/stats/statslib.php');
if ($prefs['feature_html_pages'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_html_pages");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_html_pages != 'y') {
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_html_pages');
$access->check_permission('tiki_p_view_html_pages');
if (!isset($_REQUEST["pageName"])) {
$smarty->assign('msg', tra("No page indicated"));
$smarty->display("error.tpl");
......
......@@ -5,11 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
include_once ('tiki-setup.php');
if ($prefs['feature_html_pages'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_html_pages");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_html_pages');
include_once ('lib/htmlpages/htmlpageslib.php');
$refresh = 1000 * $_REQUEST["refresh"];
?>
......
......@@ -12,17 +12,9 @@ include_once ('lib/wiki/histlib.php');
$access->check_feature('feature_wiki');
if (!isset($_REQUEST["source"])) {
if ($prefs['feature_history'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_history');
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_history');
} else {
if ($prefs['feature_source'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_source');
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_source');
}
// Get the page from the request var or default it to HomePage
if (!isset($_REQUEST["page"])) {
......@@ -40,19 +32,9 @@ $tikilib->get_perm_object( $_REQUEST['page'], 'wiki page' );
// Now check permissions to access this page
if (!isset($_REQUEST["source"])) {
if ($tiki_p_wiki_view_history != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot browse this page history"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_wiki_view_history');
} else {
if ($tiki_p_wiki_view_source != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot view the source of this page"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_wiki_view_source');
}
$info = $tikilib->get_page_info($page);
$smarty->assign_by_ref('info', $info);
......
......@@ -5,12 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
require_once ('tiki-setup.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_admin');
// Display the template
//$smarty->assign('mid','tiki-phpinfo.tpl');
//$smarty->display("tiki.tpl");
......
......@@ -8,17 +8,8 @@ $section = 'mytiki';
require_once ('tiki-setup.php');
include_once ('lib/userprefs/userprefslib.php');
include_once ('lib/imagegals/imagegallib.php');
// User preferences screen
if ($prefs['feature_userPreferences'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_userPreferences");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("You are not logged in"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_userPreferences');
$access->check_user($user);
if (!isset($_REQUEST["showall"])) $_REQUEST["showall"] = 'n';
$smarty->assign('showall', $_REQUEST["showall"]);
$userwatch = $user;
......
......@@ -11,18 +11,8 @@ include_once ('lib/polls/polllib.php');
if (!isset($polllib)) {
$polllib = new PollLib;
}
if ($prefs['feature_polls'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_polls");
$smarty->display("error.tpl");
die;
}
// Now check permissions to access this page
if ($tiki_p_vote_poll != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this page."));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_polls');
$access->check_permission('tiki_p_vote_poll');
if (!isset($_REQUEST["pollId"])) {
$smarty->assign('msg', tra("No poll indicated"));
$smarty->display("error.tpl");
......
......@@ -6,18 +6,8 @@
// $Id$
$section = 'poll';
require_once ('tiki-setup.php');
if ($prefs['feature_polls'] != 'y') {
$smarty->assign('msg', tra('This feature is disabled') . ': feature_polls');
$smarty->display('error.tpl');
die;
}
// Now check permissions to access this page
if ($tiki_p_view_poll_results != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied. You cannot view this page.'));
$smarty->display('error.tpl');
die;
}
$access->check_feature('feature_polls');
$access->check_permission('tiki_p_view_poll_results');
global $pollib;
include_once ('lib/polls/polllib.php');
$auto_query_args = array('offset', 'pollId', 'maxRecords', 'scoresort_desc', 'scoresort_asc', 'sort_mode', 'list', 'vote_from_date', 'vote_to_date', 'which_date', 'from_Day', 'from_Month', 'from_Year', 'to_Day', 'to_Month', 'to_Year');
......
......@@ -7,11 +7,7 @@
$section = 'cms';
require_once ('tiki-setup.php');
include_once ('lib/articles/artlib.php');
if ($prefs['feature_cms_print'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_cms_print");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_cms_print');
if (!isset($_REQUEST["articleId"])) {
$smarty->assign('msg', tra("No article indicated"));
$smarty->display("error.tpl");
......
......@@ -3,11 +3,10 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id
$section = 'blogs';
require_once ('tiki-setup.php');
include_once ('lib/blogs/bloglib.php');
$access->check_feature('feature_blogs');
if (!isset($_REQUEST["postId"])) {
......
......@@ -4,20 +4,9 @@
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
//Include the code
require_once ('tiki-setup.php');
if ($prefs['feature_stats'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_stats");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_view_stats != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied. You cannot view this section"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_stats');
$access->check_permission('tiki_p_view_stats');
require_once ("lib/graph-engine/gd.php");
require_once ("lib/graph-engine/graph.multiline.php");
......
......@@ -7,11 +7,7 @@
$section = 'quizzes';
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
if (!isset($_REQUEST["quizId"])) {
$smarty->assign('msg', tra("No quiz indicated"));
$smarty->display("error.tpl");
......@@ -20,13 +16,7 @@ if (!isset($_REQUEST["quizId"])) {
$smarty->assign('individual', 'n');
$tikilib->get_perm_object($_REQUEST["quizId"], 'quiz');
if ($tiki_p_view_user_results != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_view_user_results');
$smarty->assign('quizId', $_REQUEST["quizId"]);
$quiz_info = $quizlib->get_quiz($_REQUEST["quizId"]);
$smarty->assign('quiz_info', $quiz_info);
......
......@@ -13,12 +13,7 @@ if ($prefs['allowRegister'] != 'y' || ($prefs['feature_intertiki'] == 'y' && !em
header("location: index.php");
die;
}
if (!empty($user)) {
$smarty->assign('msg', tra('You are already logged in'));
$smarty->display('error.tpl');
die;
}
$access->check_user($user);
$smarty->assign('showmsg', 'n');
// novalidation is set to yes if a user confirms his email is correct after tiki fails to validate it
if (!isset($_REQUEST['novalidation'])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment