From ff03b710604d3036afadcd61ce5b3ddd1e0ec7ce Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Wed, 15 Dec 2021 08:05:08 +0100 Subject: [PATCH] Replaced resource names with constants for "cannot" checks --- application/controllers/About.php | 2 +- application/controllers/Admins.php | 12 ++++++------ application/controllers/Appointments.php | 10 +++++----- application/controllers/Backend_api.php | 2 +- application/controllers/Categories.php | 2 +- application/controllers/Customers.php | 12 ++++++------ application/controllers/Providers.php | 12 ++++++------ application/controllers/Secretaries.php | 12 ++++++------ application/controllers/Services.php | 10 +++++----- application/controllers/Unavailabilities.php | 10 +++++----- 10 files changed, 42 insertions(+), 42 deletions(-) diff --git a/application/controllers/About.php b/application/controllers/About.php index 3e60a6b3..84adf898 100644 --- a/application/controllers/About.php +++ b/application/controllers/About.php @@ -59,7 +59,7 @@ class About extends EA_Controller { { session(['dest_url' => site_url('about')]); - if (cannot('view', 'user_settings')) + if (cannot('view', PRIV_USER_SETTINGS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Admins.php b/application/controllers/Admins.php index 0c79a0ea..710ce4e5 100644 --- a/application/controllers/Admins.php +++ b/application/controllers/Admins.php @@ -43,7 +43,7 @@ class Admins extends EA_Controller { { session(['dest_url' => site_url('admins')]); - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -68,7 +68,7 @@ class Admins extends EA_Controller { { try { - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -100,7 +100,7 @@ class Admins extends EA_Controller { { $admin = json_decode(request('admin'), TRUE); - if (cannot('add', 'users')) + if (cannot('add', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -127,7 +127,7 @@ class Admins extends EA_Controller { { $admin = json_decode(request('admin'), TRUE); - if (cannot('edit', 'users')) + if (cannot('edit', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -152,7 +152,7 @@ class Admins extends EA_Controller { { try { - if (cannot('delete', 'users')) + if (cannot('delete', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -178,7 +178,7 @@ class Admins extends EA_Controller { { try { - if (cannot('delete', PRIV_USERS)) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Appointments.php b/application/controllers/Appointments.php index c348d4dd..7292fe6a 100644 --- a/application/controllers/Appointments.php +++ b/application/controllers/Appointments.php @@ -55,7 +55,7 @@ class Appointments extends EA_Controller { { try { - if (cannot('view', 'appointments')) + if (cannot('view', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -87,7 +87,7 @@ class Appointments extends EA_Controller { { $appointment = json_decode(request('appointment'), TRUE); - if (cannot('add', 'appointments')) + if (cannot('add', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -114,7 +114,7 @@ class Appointments extends EA_Controller { { $appointment = json_decode(request('appointment'), TRUE); - if (cannot('edit', 'appointments')) + if (cannot('edit', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -139,7 +139,7 @@ class Appointments extends EA_Controller { { try { - if (cannot('delete', 'appointments')) + if (cannot('delete', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -165,7 +165,7 @@ class Appointments extends EA_Controller { { try { - if (cannot('delete', PRIV_APPOINTMENTS)) + if (cannot('view', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Backend_api.php b/application/controllers/Backend_api.php index 2db11582..8eec3d4b 100755 --- a/application/controllers/Backend_api.php +++ b/application/controllers/Backend_api.php @@ -329,7 +329,7 @@ class Backend_api extends EA_Controller { { try { - if (cannot('delete', 'appointments')) + if (cannot('delete', PRIV_APPOINTMENTS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Categories.php b/application/controllers/Categories.php index 1d7d0ef0..def4ce7d 100644 --- a/application/controllers/Categories.php +++ b/application/controllers/Categories.php @@ -178,7 +178,7 @@ class Categories extends EA_Controller { { try { - if (cannot('delete', PRIV_SERVICES)) + if (cannot('view', PRIV_SERVICES)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 113cded4..4dd15194 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -44,7 +44,7 @@ class Customers extends EA_Controller { { session(['dest_url' => site_url('customers')]); - if (cannot('view', 'customers')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -69,7 +69,7 @@ class Customers extends EA_Controller { { try { - if (cannot('view', 'customers')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -116,7 +116,7 @@ class Customers extends EA_Controller { { $customer = json_decode(request('customer'), TRUE); - if (cannot('add', 'customers')) + if (cannot('add', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -143,7 +143,7 @@ class Customers extends EA_Controller { { $customer = json_decode(request('customer'), TRUE); - if (cannot('edit', 'customers')) + if (cannot('edit', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -168,7 +168,7 @@ class Customers extends EA_Controller { { try { - if (cannot('delete', 'customers')) + if (cannot('delete', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -194,7 +194,7 @@ class Customers extends EA_Controller { { try { - if (cannot('delete', PRIV_USERS)) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Providers.php b/application/controllers/Providers.php index ff23db25..6286e0b7 100644 --- a/application/controllers/Providers.php +++ b/application/controllers/Providers.php @@ -44,7 +44,7 @@ class Providers extends EA_Controller { { session(['dest_url' => site_url('providers')]); - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -70,7 +70,7 @@ class Providers extends EA_Controller { { try { - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -102,7 +102,7 @@ class Providers extends EA_Controller { { $provider = json_decode(request('provider'), TRUE); - if (cannot('add', 'users')) + if (cannot('add', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -129,7 +129,7 @@ class Providers extends EA_Controller { { $provider = json_decode(request('provider'), TRUE); - if (cannot('edit', 'users')) + if (cannot('edit', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -154,7 +154,7 @@ class Providers extends EA_Controller { { try { - if (cannot('delete', 'users')) + if (cannot('delete', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -180,7 +180,7 @@ class Providers extends EA_Controller { { try { - if (cannot('delete', PRIV_USERS)) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Secretaries.php b/application/controllers/Secretaries.php index 8221da4d..f216d782 100644 --- a/application/controllers/Secretaries.php +++ b/application/controllers/Secretaries.php @@ -44,7 +44,7 @@ class Secretaries extends EA_Controller { { session(['dest_url' => site_url('secretaries')]); - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -70,7 +70,7 @@ class Secretaries extends EA_Controller { { try { - if (cannot('view', 'users')) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -102,7 +102,7 @@ class Secretaries extends EA_Controller { { $secretary = json_decode(request('secretary'), TRUE); - if (cannot('add', 'users')) + if (cannot('add', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -129,7 +129,7 @@ class Secretaries extends EA_Controller { { $secretary = json_decode(request('secretary'), TRUE); - if (cannot('edit', 'users')) + if (cannot('edit', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -154,7 +154,7 @@ class Secretaries extends EA_Controller { { try { - if (cannot('delete', 'users')) + if (cannot('delete', PRIV_USERS)) { show_error('Forbidden', 403); } @@ -180,7 +180,7 @@ class Secretaries extends EA_Controller { { try { - if (cannot('delete', PRIV_USERS)) + if (cannot('view', PRIV_USERS)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Services.php b/application/controllers/Services.php index 1945d8a2..2912f04e 100644 --- a/application/controllers/Services.php +++ b/application/controllers/Services.php @@ -43,7 +43,7 @@ class Services extends EA_Controller { { session(['dest_url' => site_url('services')]); - if (cannot('view', 'services')) + if (cannot('view', PRIV_SERVICES)) { show_error('Forbidden', 403); } @@ -68,7 +68,7 @@ class Services extends EA_Controller { { try { - if (cannot('view', 'services')) + if (cannot('view', PRIV_SERVICES)) { show_error('Forbidden', 403); } @@ -100,7 +100,7 @@ class Services extends EA_Controller { { $service = json_decode(request('service'), TRUE); - if (cannot('add', 'services')) + if (cannot('add', PRIV_SERVICES)) { show_error('Forbidden', 403); } @@ -127,7 +127,7 @@ class Services extends EA_Controller { { $service = json_decode(request('service'), TRUE); - if (cannot('edit', 'services')) + if (cannot('edit', PRIV_SERVICES)) { show_error('Forbidden', 403); } @@ -152,7 +152,7 @@ class Services extends EA_Controller { { try { - if (cannot('delete', 'services')) + if (cannot('delete', PRIV_SERVICES)) { show_error('Forbidden', 403); } diff --git a/application/controllers/Unavailabilities.php b/application/controllers/Unavailabilities.php index 7e7f257c..3f874610 100644 --- a/application/controllers/Unavailabilities.php +++ b/application/controllers/Unavailabilities.php @@ -40,7 +40,7 @@ class Unavailabilities extends EA_Controller { { try { - if (cannot('view', 'unavailabilities')) + if (cannot('view', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -72,7 +72,7 @@ class Unavailabilities extends EA_Controller { { $unavailability = json_decode(request('unavailability'), TRUE); - if (cannot('add', 'unavailabilities')) + if (cannot('add', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -99,7 +99,7 @@ class Unavailabilities extends EA_Controller { { $unavailability = json_decode(request('unavailability'), TRUE); - if (cannot('edit', 'unavailabilities')) + if (cannot('edit', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -124,7 +124,7 @@ class Unavailabilities extends EA_Controller { { try { - if (cannot('delete', 'unavailabilities')) + if (cannot('delete', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); } @@ -150,7 +150,7 @@ class Unavailabilities extends EA_Controller { { try { - if (cannot('delete', 'users')) + if (cannot('view', PRIV_APPOINTMENTS)) { show_error('Forbidden', 403); }