diff --git a/workflow/engine/controllers/admin.php b/workflow/engine/controllers/admin.php index dc556b438..7e4435ca2 100644 --- a/workflow/engine/controllers/admin.php +++ b/workflow/engine/controllers/admin.php @@ -15,6 +15,8 @@ class Admin extends Controller public function system () { + global $RBAC; + $RBAC->requirePermissions( 'PM_SETUP' ); require_once PATH_CONTROLLERS . 'main.php'; G::loadClass( 'system' ); $skinsList = System::getSkingList(); @@ -60,6 +62,8 @@ class Admin extends Controller public function uxList () { + global $RBAC; + $RBAC->requirePermissions( 'PM_SETUP' ); require_once PATH_CONTROLLERS . 'adminProxy.php'; $this->includeExtJS( 'admin/uxUsersList' ); G::LoadClass( 'configuration' ); diff --git a/workflow/engine/controllers/dashboard.php b/workflow/engine/controllers/dashboard.php index ddafc144e..e7d062236 100644 --- a/workflow/engine/controllers/dashboard.php +++ b/workflow/engine/controllers/dashboard.php @@ -16,6 +16,12 @@ class Dashboard extends Controller // Class constructor public function __construct () { + global $RBAC; + if ($RBAC->userCanAccess('PM_DASHBOARD') != 1) { + G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels'); + G::header( 'location: login/login' ); + exit(0); + } G::LoadClass( 'pmDashlet' ); $this->pmDashlet = new PMDashlet(); } diff --git a/workflow/engine/methods/cases/cases_Scheduler_Log.php b/workflow/engine/methods/cases/cases_Scheduler_Log.php index eaaec8343..bc28cfb4d 100755 --- a/workflow/engine/methods/cases/cases_Scheduler_Log.php +++ b/workflow/engine/methods/cases/cases_Scheduler_Log.php @@ -22,9 +22,11 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; if (($RBAC_Response = $RBAC->userCanAccess( "PM_LOGIN" )) != 1) { return $RBAC_Response; } +$RBAC->requirePermissions( 'PM_SETUP' ); $G_PUBLISH = new Publisher(); G::LoadClass( 'configuration' ); diff --git a/workflow/engine/methods/processes/mainInit.php b/workflow/engine/methods/processes/mainInit.php index 433eaa64d..f14d1fd03 100755 --- a/workflow/engine/methods/processes/mainInit.php +++ b/workflow/engine/methods/processes/mainInit.php @@ -23,6 +23,8 @@ */ //$oHeadPublisher = & headPublisher::getSingleton(); +global $RBAC; +$RBAC->requirePermissions( 'PM_FACTORY' ); G::loadClass( 'configuration' ); $conf = new Configurations(); diff --git a/workflow/engine/methods/setup/appCacheViewConf.php b/workflow/engine/methods/setup/appCacheViewConf.php index 50ef7b09a..4d969c72c 100755 --- a/workflow/engine/methods/setup/appCacheViewConf.php +++ b/workflow/engine/methods/setup/appCacheViewConf.php @@ -1,4 +1,6 @@ requirePermissions( 'PM_SETUP' ); // header('Pragma: no-cache'); // header('Cache-Control: no-store, no-cache, must-revalidate'); diff --git a/workflow/engine/methods/setup/clearCompiled.php b/workflow/engine/methods/setup/clearCompiled.php index 9757d4f57..a2115ef99 100755 --- a/workflow/engine/methods/setup/clearCompiled.php +++ b/workflow/engine/methods/setup/clearCompiled.php @@ -21,6 +21,8 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +$RBAC->requirePermissions( 'PM_SETUP' ); $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addExtJsScript( 'setup/clearCompiled', true ); //adding a javascript file .js diff --git a/workflow/engine/methods/setup/environmentSettings.php b/workflow/engine/methods/setup/environmentSettings.php index 4aa0e6285..ec2ce2ab3 100755 --- a/workflow/engine/methods/setup/environmentSettings.php +++ b/workflow/engine/methods/setup/environmentSettings.php @@ -1,4 +1,7 @@ requirePermissions( 'PM_SETUP' ); + G::loadClass( 'configuration' ); $c = new Configurations(); $oHeadPublisher = & headPublisher::getSingleton(); diff --git a/workflow/engine/methods/setup/loginSettings.php b/workflow/engine/methods/setup/loginSettings.php index b7962e6d3..aecf20bdb 100755 --- a/workflow/engine/methods/setup/loginSettings.php +++ b/workflow/engine/methods/setup/loginSettings.php @@ -21,6 +21,9 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +$RBAC->requirePermissions( 'PM_SETUP' ); + G::loadClass( 'configuration' ); $oConf = new Configurations(); diff --git a/workflow/engine/methods/setup/pluginsMain.php b/workflow/engine/methods/setup/pluginsMain.php index 2f70e5cf0..cfc084570 100755 --- a/workflow/engine/methods/setup/pluginsMain.php +++ b/workflow/engine/methods/setup/pluginsMain.php @@ -21,6 +21,8 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +$RBAC->requirePermissions( 'PM_SETUP' ); $headPublisher = & headPublisher::getSingleton(); $headPublisher->addExtJsScript( 'setup/pluginsMain', false ); diff --git a/workflow/engine/methods/setup/processHeartBeatConfig.php b/workflow/engine/methods/setup/processHeartBeatConfig.php index 518d3be3d..2eacc4eaf 100755 --- a/workflow/engine/methods/setup/processHeartBeatConfig.php +++ b/workflow/engine/methods/setup/processHeartBeatConfig.php @@ -21,6 +21,9 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +$RBAC->requirePermissions( 'PM_SETUP' ); + $oHeadPublisher = & headPublisher::getSingleton(); G::LoadClass( 'serverConfiguration' ); $oServerConf = & serverConf::getSingleton(); diff --git a/workflow/engine/methods/setup/systemInfo.php b/workflow/engine/methods/setup/systemInfo.php index 8b030a618..5142a2726 100644 --- a/workflow/engine/methods/setup/systemInfo.php +++ b/workflow/engine/methods/setup/systemInfo.php @@ -1,4 +1,7 @@ requirePermissions( 'PM_SETUP' ); + $option = (isset($_GET["option"]))? $_GET["option"] : null; switch ($option) {