Skip to content

Commit

Permalink
Merge pull request #1126 from itflow-org/roles-perms
Browse files Browse the repository at this point in the history 
Move more things to new role perms system
  • Loading branch information
@johnnyq
johnnyq authored Dec 20, 2024
2 parents dacbc51 + bd7a156 commit 3e0e30a
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
11 changes: 7 additions & 4 deletions check_login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@
$session_user_role_display = sanitizeInput($row['user_role_name']);
if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
$session_is_admin = true;
} else {
$session_is_admin = false;
}
$session_user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_config_records_per_page = intval($row['user_config_records_per_page']);
Expand Down Expand Up @@ -88,12 +90,13 @@

$client_access_string = implode(',', $client_access_array);

// Role / Client Access Permission Check
if ($session_user_role < 3 && !empty($client_access_string)) {
// Client access permission check
// Default allow, if a list of allowed clients is set & the user isn't an admin, restrict them
$access_permission_query = "";
if ($client_access_string && !$session_is_admin) {
$access_permission_query = "AND clients.client_id IN ($client_access_string)";
} else {
$access_permission_query = "";
}

} catch (Exception $e) {
// Handle exception
error_log('MySQL error: ' . $e->getMessage());
Expand Down
8 changes: 4 additions & 4 deletions inc_all_client.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,16 @@
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);

// Check to see if the logged in user has permission to access this client (Admins have access to all no matter what perms are set)
if(!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND $session_user_role < 3) {
// Client Access Check
// Ensure the user has permission to access this client (admins ignored)
if (!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND !$session_is_admin) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denied permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");

$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Access Denied - You do not have permission to access that client!";

echo "<script>window.history.back();</script>";

exit();
}

Expand Down Expand Up @@ -310,4 +310,4 @@
?>

<!-- Set the browser window title to the clients name -->
<script>document.title = "<?php echo $client_name_title; ?>"</script>
<script>document.title = "<?php echo $client_name_title; ?>"</script>

0 comments on commit 3e0e30a

Please sign in to comment.