Commit dc992c08 authored by Reto Da Forno's avatar Reto Da Forno
Browse files

access rights adjusted

parent 4ce8ae00
......@@ -113,7 +113,7 @@
$sql = "SELECT title, description, test_status as status, UNIX_TIMESTAMP(time_start_wish) AS start_planned, UNIX_TIMESTAMP(time_start_act) AS start_act, UNIX_TIMESTAMP(time_end_wish) AS end_planned, UNIX_TIMESTAMP(time_end_act) AS end_act
FROM `flocklab`.`tbl_serv_tests`
WHERE serv_tests_key=".intval($_POST['id']);
if ($userrole != 'admin') {
if ($userrole != 'admin' && $userrole != 'internal') {
$sql .= " AND owner_fk=$_SESSION[serv_users_key]";
}
$res = mysqli_query($db, $sql);
......
......@@ -105,8 +105,8 @@
'color' => 'orange',
);
}
} elseif ($_SESSION['is_admin'] == true) {
// The user is admin and can thus see all tests:
} elseif ($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) {
// The user is admin/internal and can thus see all tests:
$event = array(
'id' => $row['serv_tests_key'],
'title' => $row['username'] . ' (' . $row['firstname'] . ' ' . $row['lastname'] . ')',
......@@ -150,12 +150,12 @@
(`time_start` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '" OR
`time_end` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '")
GROUP BY serv_reservation_key
'. ($_SESSION['is_admin'] == true?'':'HAVING `reservation_match` is NULL OR `reservation_match` <> 1');
'. (($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) ? '' : 'HAVING `reservation_match` is NULL OR `reservation_match` <> 1');
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot get calendar data from database because: ' . mysqli_error($db));
while ($row = mysqli_fetch_array($rs)) {
$event = array(
'id' => $row['serv_reservation_key'],
'title' => ($_SESSION['is_admin'] == true?'Reservation for group '.$row['group_id_fk']:'Occupied'),
'title' => (($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) ? 'Reservation for group '.$row['group_id_fk'] : 'Occupied'),
'description' => $mini?'':'Another user is running a test.',
'allDay' => false,
);
......
......@@ -146,6 +146,7 @@ function do_login($username, $password) {
$_SESSION['lastname'] = $rows['lastname'];
$_SESSION['email'] = $rows['email'];
$_SESSION['is_admin'] = ($rows['role'] == 'admin') ? true : false;
$_SESSION['is_internal'] = ($rows['role'] == 'internal') ? true : false;
$_SESSION['expires'] = $_SERVER['REQUEST_TIME'] + $CONFIG['webserver']['sessionexpiretime'];
return true;
}
......
......@@ -34,7 +34,7 @@
<?php include_once('include/presets.php');?>
<?php
// provide archive
if (isset($_POST['testid']) && is_numeric($_POST['testid']) && (check_testid($_POST['testid'],$_SESSION['serv_users_key']) || $_SESSION['is_admin'])) {
if (isset($_POST['testid']) && is_numeric($_POST['testid']) && (check_testid($_POST['testid'],$_SESSION['serv_users_key']) || $_SESSION['is_admin'] || $_SESSION['is_internal'])) {
$testid = $_POST['testid'];
// check file
$archivepath = $CONFIG['testmanagementserver']['archivedir'];
......
......@@ -34,7 +34,7 @@
<?php include_once('include/presets.php');?>
<?php
if ($_SESSION['logged_in']) {
if (isset($_GET['t']) && is_numeric($_GET['t']) && (check_testid($_GET['t'], $_SESSION['serv_users_key']) || $_SESSION['is_admin'])) {
if (isset($_GET['t']) && is_numeric($_GET['t']) && (check_testid($_GET['t'], $_SESSION['serv_users_key']) || $_SESSION['is_admin'] || $_SESSION['is_internal'])) {
// user is logged in and test belongs to the user
$plot = $CONFIG['viz']['dir'].'/flocklab_plot_'.$_GET['t'].'.html';
$fs = filesize($plot);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment