Commit dca15af9 authored by changi67's avatar changi67

[MOD] access check: deploy some accesslib check functions

parent e37caa58
......@@ -5,12 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
include_once ('tiki-setup.php');
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You don't have permission to use this feature"));
$smarty->display('error.tpl');
die;
}
$access->check_permission('tiki_p_admin');
function list_perms($objectId, $objectType, $objectName) {
global $userlib, $tikilib, $prefs;
$ret = array();
......
......@@ -6,11 +6,8 @@
// $Id: /cvsroot/tikiwiki/tiki/tiki-list_posts.php,v 1.17 2007-10-12 07:55:28 nyloth Exp $
require_once ('tiki-setup.php');
include_once ('lib/blogs/bloglib.php');
if ($prefs['feature_blogs'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_blogs");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_blogs');
$access->check_permission('tiki_p_blog_admin');
/*
if($prefs['feature_listPages'] != 'y') {
$smarty->assign('msg',tra("This feature is disabled"));
......@@ -27,12 +24,6 @@ $smarty->display("error.tpl");
die;
}
*/
if ($tiki_p_blog_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You cannot admin blogs"));
$smarty->display("error.tpl");
die;
}
if (isset($_REQUEST["remove"])) {
$area = 'delblogpost';
if ($prefs['feature_ticketlib2'] != 'y' or (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"]))) {
......
......@@ -8,17 +8,8 @@ $section = 'quizzes';
require_once ('tiki-setup.php');
include_once ('lib/quizzes/quizlib.php');
$auto_query_args = array('sort_mode', 'offset', 'find');
if ($prefs['feature_quizzes'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_quizzes");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_take_quiz != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You don't have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_quizzes');
$access->check_permission('tiki_p_take_quiz');
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'created_desc';
} else {
......
......@@ -7,18 +7,9 @@
$section = 'cms';
require_once ('tiki-setup.php');
include_once ('lib/articles/artlib.php');
if ($prefs['feature_submissions'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_submissions");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_submissions');
if (isset($_REQUEST["remove"])) {
if ($tiki_p_remove_submission != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot remove submissions"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_remove_submission'),
$area = 'delsubmission';
if ($prefs['feature_ticketlib2'] != 'y' or (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"]))) {
key_check($area);
......@@ -29,12 +20,7 @@ if (isset($_REQUEST["remove"])) {
}
if (isset($_REQUEST["approve"])) {
check_ticket('list-submissions');
if ($tiki_p_approve_submission != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot approve submissions"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_approve_submission');
$artlib->approve_submission($_REQUEST["approve"]);
}
// This script can receive the thresold
......
......@@ -7,17 +7,9 @@
$section = 'surveys';
require_once ('tiki-setup.php');
include_once ('lib/surveys/surveylib.php');
if ($prefs['feature_surveys'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_surveys");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_take_survey != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You don't have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_surveys');
$access->check_permission('tiki_p_take_survey');
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'created_desc';
} else {
......
......@@ -8,17 +8,8 @@ $section = 'trackers';
require_once ('tiki-setup.php');
include_once ('lib/trackers/trackerlib.php');
$auto_query_args = array('sort_mode', 'offset', 'find');
if ($prefs['feature_trackers'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_trackers");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_admin_trackers != 'y' && $tiki_p_list_trackers != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_trackers');
$access->check_permission(array('tiki_p_admin_trackers','tiki_p_list_trackers'));
if (!isset($_REQUEST["trackerId"])) {
$_REQUEST["trackerId"] = 0;
}
......
......@@ -12,11 +12,7 @@ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modifie
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
if ($prefs['feature_live_support'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_live_support");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_live_support');
// This is a generic chat window used by users, operators and observers
// should receive the following parameters
// reqId: the requestId
......
......@@ -11,11 +11,7 @@ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modifie
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
if ($prefs['feature_live_support'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_live_support");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_live_support');
if (!$lslib->operators_online()) {
header("location: tiki-live_support_message.php");
die;
......
......@@ -11,11 +11,7 @@ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modifie
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
if ($prefs['feature_live_support'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_live_support");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_live_support');
if ($tiki_p_live_support_admin != 'y' && !$lsadminlib->is_operator($user)) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
......
......@@ -6,11 +6,7 @@
require_once ('tiki-setup.php');
include_once ('lib/live_support/lsadminlib.php');
if ($prefs['feature_live_support'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_live_support");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_live_support');
$smarty->assign('sent', 'n');
$smarty->assign('nomsg', 'y');
if (isset($_REQUEST['save'])) {
......
......@@ -7,11 +7,7 @@
require_once ('tiki-setup.php');
include_once ('lib/live_support/lsadminlib.php');
include_once ('lib/live_support/lslib.php');
if ($prefs['feature_live_support'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_live_support");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_live_support');
if ($tiki_p_live_support_admin != 'y' && !$lsadminlib->user_is_operator($user)) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
......
......@@ -5,11 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-login_validate.php,v 1.25.2.3 2008-03-22 12:21:03 sylvieg Exp $
require_once ('tiki-setup.php');
if ($prefs['validateUsers'] != 'y' && $prefs['validateRegistration'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": validateUsers");
$smarty->display("error.tpl");
die;
}
$access->check_feature(array('validateUsers','validateRegistration'));
$isvalid = false;
if (isset($_REQUEST["user"])) {
if (isset($_REQUEST["pass"])) {
......
......@@ -5,12 +5,7 @@
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-mailin.php,v 1.10 2007-10-12 07:55:29 nyloth Exp $
require_once ('tiki-setup.php');
//check if feature is on
if ($prefs['feature_mailin'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_mailin");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_mailin');
include_once ('tiki-mailin-code.php');
$smarty->assign('content', $content);
$smarty->assign('mid', 'tiki-mailin.tpl');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment