Redirect to the login page if the user is not logged in or display the no permissions message when the permissions are insufficient.

This commit is contained in:
Alex Tselegidis 2022-01-17 18:24:02 +01:00
parent 3c0f925596
commit 8d93f283f8
14 changed files with 145 additions and 41 deletions

View file

@ -47,12 +47,19 @@ class About extends EA_Controller {
{
session(['dest_url' => site_url('about')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USER_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -47,12 +47,19 @@ class Account extends EA_Controller {
{
session(['dest_url' => site_url('account')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USER_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$account = $this->users_model->find($user_id);

View file

@ -43,12 +43,19 @@ class Admins extends EA_Controller {
{
session(['dest_url' => site_url('admins')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USERS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -47,12 +47,19 @@ class Booking_settings extends EA_Controller {
{
session(['dest_url' => site_url('booking_settings')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SYSTEM_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -47,12 +47,19 @@ class Business_settings extends EA_Controller {
{
session(['dest_url' => site_url('business_settings')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SYSTEM_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -53,12 +53,19 @@ class Calendar extends EA_Controller {
{
session(['dest_url' => site_url('backend/index' . (! empty($appointment_hash) ? '/' . $appointment_hash : ''))]);
$user_id = session('user_id');
if (cannot('view', PRIV_APPOINTMENTS))
{
return;
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -43,12 +43,19 @@ class Categories extends EA_Controller {
{
session(['dest_url' => site_url('categories')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SERVICES))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -44,12 +44,20 @@ class Customers extends EA_Controller {
{
session(['dest_url' => site_url('customers')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USERS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');
$date_format = setting('date_format');

View file

@ -38,12 +38,21 @@ class General_settings extends EA_Controller {
{
session(['dest_url' => site_url('general_settings')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SYSTEM_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');
script_vars([
'user_id' => $user_id,

View file

@ -38,12 +38,19 @@ class Legal_settings extends EA_Controller {
{
session(['dest_url' => site_url('legal_settings')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SYSTEM_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -44,12 +44,20 @@ class Providers extends EA_Controller {
{
session(['dest_url' => site_url('providers')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USERS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -44,12 +44,19 @@ class Secretaries extends EA_Controller {
{
session(['dest_url' => site_url('secretaries')]);
$user_id = session('user_id');
if (cannot('view', PRIV_USERS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -43,12 +43,19 @@ class Services extends EA_Controller {
{
session(['dest_url' => site_url('services')]);
$user_id = session('user_id');
if (cannot('view', PRIV_SERVICES))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
$user_id = session('user_id');
redirect('login');
return;
}
$role_slug = session('role_slug');

View file

@ -48,11 +48,20 @@ class Update extends EA_Controller {
{
try
{
$user_id = session('user_id');
if (cannot('edit', PRIV_SYSTEM_SETTINGS))
{
if ($user_id)
{
abort(403, 'Forbidden');
}
redirect('login');
return;
}
$this->instance->migrate();
$view = ['success' => TRUE];