diff --git a/common.php b/common.php
index 2309585..337f448 100755
--- a/common.php
+++ b/common.php
@@ -153,6 +153,14 @@
// Check Function Availability
//////////////////////////////////////////////////////////////////
+ function checkAccess() {
+ return file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')?false:true;
+ }
+
+ //////////////////////////////////////////////////////////////////
+ // Check Function Availability
+ //////////////////////////////////////////////////////////////////
+
function isAvailable($func) {
if (ini_get('safe_mode')) return false;
$disabled = ini_get('disable_functions');
diff --git a/components/project/controller.php b/components/project/controller.php
index 289e070..28f2462 100755
--- a/components/project/controller.php
+++ b/components/project/controller.php
@@ -52,13 +52,15 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='create'){
- $Project->name = $_GET['project_name'];
- // Git Clone?
- if(!empty($_GET['git_repo'])){
- $Project->gitrepo = $_GET['git_repo'];
- $Project->gitbranch = $_GET['git_branch'];
+ if(checkAccess()) {
+ $Project->name = $_GET['project_name'];
+ // Git Clone?
+ if(!empty($_GET['git_repo'])){
+ $Project->gitrepo = $_GET['git_repo'];
+ $Project->gitbranch = $_GET['git_branch'];
+ }
+ $Project->Create();
}
- $Project->Create();
}
//////////////////////////////////////////////////////////////////
@@ -66,8 +68,10 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='delete'){
- $Project->path = $_GET['project_path'];
- $Project->Delete();
+ if(checkAccess()) {
+ $Project->path = $_GET['project_path'];
+ $Project->Delete();
+ }
}
//////////////////////////////////////////////////////////////////
diff --git a/components/project/dialog.php b/components/project/dialog.php
index 8399a93..3f6f60f 100755
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@@ -75,7 +75,7 @@
| Open |
Project Name |
Path |
- Delete |
+ Delete |
/ |
|
@@ -111,7 +111,7 @@
?>
-
+
username = User::CleanUsername( $_POST['username'] );
- $User->password = $_POST['password'];
- $User->Create();
+ if(checkAccess()) {
+ $User->username = User::CleanUsername( $_POST['username'] );
+ $User->password = $_POST['password'];
+ $User->Create();
+ }
}
//////////////////////////////////////////////////////////////////
@@ -58,8 +60,10 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='delete'){
- $User->username = $_GET['username'];
- $User->Delete();
+ if(checkAccess()) {
+ $User->username = $_GET['username'];
+ $User->Delete();
+ }
}
//////////////////////////////////////////////////////////////////
@@ -67,9 +71,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='project_access'){
- $User->username = $_GET['username'];
- $User->projects = $_POST['projects'];
- $User->Project_Access();
+ if(checkAccess()) {
+ $User->username = $_GET['username'];
+ $User->projects = $_POST['projects'];
+ $User->Project_Access();
+ }
}
//////////////////////////////////////////////////////////////////
@@ -77,9 +83,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='password'){
- $User->username = $_POST['username'];
- $User->password = $_POST['password'];
- $User->Password();
+ if(checkAccess() || $_POST['username'] == $_SESSION['user']) {
+ $User->username = $_POST['username'];
+ $User->password = $_POST['password'];
+ $User->Password();
+ }
}
//////////////////////////////////////////////////////////////////
diff --git a/components/user/dialog.php b/components/user/dialog.php
index e098835..958ec34 100755
--- a/components/user/dialog.php
+++ b/components/user/dialog.php
@@ -23,7 +23,7 @@
case 'list':
$projects_assigned = false;
- if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
+ if(!checkAccess()){
?>
You can not edit the user list