From 8d93f283f84c7d2ec8c5a99c10c3bbc91ff30191 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Mon, 17 Jan 2022 18:24:02 +0100 Subject: [PATCH] Redirect to the login page if the user is not logged in or display the no permissions message when the permissions are insufficient. --- application/controllers/About.php | 13 ++++++++++--- application/controllers/Account.php | 13 ++++++++++--- application/controllers/Admins.php | 13 ++++++++++--- application/controllers/Booking_settings.php | 17 ++++++++++++----- application/controllers/Business_settings.php | 17 ++++++++++++----- application/controllers/Calendar.php | 11 +++++++++-- application/controllers/Categories.php | 13 ++++++++++--- application/controllers/Customers.php | 12 ++++++++++-- application/controllers/General_settings.php | 15 ++++++++++++--- application/controllers/Legal_settings.php | 13 ++++++++++--- application/controllers/Providers.php | 12 ++++++++++-- application/controllers/Secretaries.php | 13 ++++++++++--- application/controllers/Services.php | 13 ++++++++++--- application/controllers/Update.php | 11 ++++++++++- 14 files changed, 145 insertions(+), 41 deletions(-) diff --git a/application/controllers/About.php b/application/controllers/About.php index efdee387..0b058fe8 100644 --- a/application/controllers/About.php +++ b/application/controllers/About.php @@ -47,12 +47,19 @@ class About extends EA_Controller { { session(['dest_url' => site_url('about')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USER_SETTINGS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Account.php b/application/controllers/Account.php index 5041ad63..f405119a 100644 --- a/application/controllers/Account.php +++ b/application/controllers/Account.php @@ -47,12 +47,19 @@ class Account extends EA_Controller { { session(['dest_url' => site_url('account')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USER_SETTINGS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $account = $this->users_model->find($user_id); diff --git a/application/controllers/Admins.php b/application/controllers/Admins.php index 2447bda5..a1a27701 100644 --- a/application/controllers/Admins.php +++ b/application/controllers/Admins.php @@ -43,12 +43,19 @@ class Admins extends EA_Controller { { session(['dest_url' => site_url('admins')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USERS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Booking_settings.php b/application/controllers/Booking_settings.php index 978cae12..a0058e14 100644 --- a/application/controllers/Booking_settings.php +++ b/application/controllers/Booking_settings.php @@ -47,13 +47,20 @@ class Booking_settings extends EA_Controller { { session(['dest_url' => site_url('booking_settings')]); - if (cannot('view', PRIV_SYSTEM_SETTINGS)) - { - abort(403, 'Forbidden'); - } - $user_id = session('user_id'); + if (cannot('view', PRIV_SYSTEM_SETTINGS)) + { + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + + return; + } + $role_slug = session('role_slug'); script_vars([ diff --git a/application/controllers/Business_settings.php b/application/controllers/Business_settings.php index 9867475b..cf5357b4 100644 --- a/application/controllers/Business_settings.php +++ b/application/controllers/Business_settings.php @@ -47,13 +47,20 @@ class Business_settings extends EA_Controller { { session(['dest_url' => site_url('business_settings')]); - if (cannot('view', PRIV_SYSTEM_SETTINGS)) - { - abort(403, 'Forbidden'); - } - $user_id = session('user_id'); + if (cannot('view', PRIV_SYSTEM_SETTINGS)) + { + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + + return; + } + $role_slug = session('role_slug'); script_vars([ diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php index 9c555166..8337863a 100644 --- a/application/controllers/Calendar.php +++ b/application/controllers/Calendar.php @@ -53,13 +53,20 @@ class Calendar extends EA_Controller { { session(['dest_url' => site_url('backend/index' . (! empty($appointment_hash) ? '/' . $appointment_hash : ''))]); + $user_id = session('user_id'); + if (cannot('view', PRIV_APPOINTMENTS)) { + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + return; } - $user_id = session('user_id'); - $role_slug = session('role_slug'); $user = $this->users_model->find($user_id); diff --git a/application/controllers/Categories.php b/application/controllers/Categories.php index 270a4419..a7ed1c00 100644 --- a/application/controllers/Categories.php +++ b/application/controllers/Categories.php @@ -43,12 +43,19 @@ class Categories extends EA_Controller { { session(['dest_url' => site_url('categories')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_SERVICES)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 03a9c4f0..b14dfcb4 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -44,12 +44,20 @@ class Customers extends EA_Controller { { session(['dest_url' => site_url('customers')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USERS)) { - abort(403, 'Forbidden'); + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + + return; } - $user_id = session('user_id'); $role_slug = session('role_slug'); $date_format = setting('date_format'); diff --git a/application/controllers/General_settings.php b/application/controllers/General_settings.php index 4291adb8..7f406b0f 100644 --- a/application/controllers/General_settings.php +++ b/application/controllers/General_settings.php @@ -38,12 +38,21 @@ class General_settings extends EA_Controller { { session(['dest_url' => site_url('general_settings')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_SYSTEM_SETTINGS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } + + $role_slug = session('role_slug'); script_vars([ 'user_id' => $user_id, diff --git a/application/controllers/Legal_settings.php b/application/controllers/Legal_settings.php index 4d01e6ec..e3332888 100644 --- a/application/controllers/Legal_settings.php +++ b/application/controllers/Legal_settings.php @@ -38,12 +38,19 @@ class Legal_settings extends EA_Controller { { session(['dest_url' => site_url('legal_settings')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_SYSTEM_SETTINGS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Providers.php b/application/controllers/Providers.php index 81967acd..8a24a2c6 100644 --- a/application/controllers/Providers.php +++ b/application/controllers/Providers.php @@ -44,12 +44,20 @@ class Providers extends EA_Controller { { session(['dest_url' => site_url('providers')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USERS)) { - abort(403, 'Forbidden'); + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + + return; } - $user_id = session('user_id'); $role_slug = session('role_slug'); diff --git a/application/controllers/Secretaries.php b/application/controllers/Secretaries.php index 17d3d902..b37327aa 100644 --- a/application/controllers/Secretaries.php +++ b/application/controllers/Secretaries.php @@ -44,12 +44,19 @@ class Secretaries extends EA_Controller { { session(['dest_url' => site_url('secretaries')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_USERS)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Services.php b/application/controllers/Services.php index b02f7248..4b96b454 100644 --- a/application/controllers/Services.php +++ b/application/controllers/Services.php @@ -43,12 +43,19 @@ class Services extends EA_Controller { { session(['dest_url' => site_url('services')]); + $user_id = session('user_id'); + if (cannot('view', PRIV_SERVICES)) { - abort(403, 'Forbidden'); - } + if ($user_id) + { + abort(403, 'Forbidden'); + } - $user_id = session('user_id'); + redirect('login'); + + return; + } $role_slug = session('role_slug'); diff --git a/application/controllers/Update.php b/application/controllers/Update.php index 88f55507..d9dce797 100644 --- a/application/controllers/Update.php +++ b/application/controllers/Update.php @@ -48,9 +48,18 @@ class Update extends EA_Controller { { try { + $user_id = session('user_id'); + if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { - abort(403, 'Forbidden'); + if ($user_id) + { + abort(403, 'Forbidden'); + } + + redirect('login'); + + return; } $this->instance->migrate();