added new security model

2007-12-30 13:15:39 +00:00 · 2007-12-30 13:15:39 +00:00 · f8aec0f1a8
parent 4808d138fd
commit f8aec0f1a8
13 changed files with 41 additions and 2 deletions
--- a/lam/templates/massBuildAccounts.php
+++ b/lam/templates/massBuildAccounts.php
@ -41,6 +41,9 @@ include_once('../lib/modules.inc');
 // Start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 // Redirect to startpage if user is not loged in
 if (!isset($_SESSION['loggedIn'])) {
 	metaRefresh("login.php");
--- a/lam/templates/massDoUpload.php
+++ b/lam/templates/massDoUpload.php
@ -45,6 +45,9 @@ include_once('../lib/cache.inc');
 // Start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 // Redirect to startpage if user is not loged in
 if (!isset($_SESSION['loggedIn'])) {
 	metaRefresh("login.php");
--- a/lam/templates/masscreate.php
+++ b/lam/templates/masscreate.php
@ -41,6 +41,9 @@ include_once('../lib/modules.inc');
 // Start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 // Redirect to startpage if user is not loged in
 if (!isset($_SESSION['loggedIn'])) {
 	metaRefresh("login.php");
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@ -40,6 +40,9 @@ include_once("../lib/status.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $types = $_SESSION['config']->get_ActiveTypes();
--- a/lam/templates/pdfedit/pdfdelete.php
+++ b/lam/templates/pdfedit/pdfdelete.php
@ -37,6 +37,9 @@ include_once('../../lib/pdfstruct.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 // check if user is logged in, if not go to login
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
-  Copyright (C) 2003 - 2006  Michael Dürgner
+  Copyright (C) 2003 - 2006  Michael D<EFBFBD>rgner

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -24,7 +24,7 @@ $Id$
 /**
 * This is the main window of the pdf structure editor.
 *
-* @author Michael Dürgner
+* @author Michael D<EFBFBD>rgner
 * @package PDF
 */

@ -42,6 +42,9 @@ include_once("../../lib/modules.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 // Unset pdf structure definitions in session if set
--- a/lam/templates/pdfedit/pdfpage.php
+++ b/lam/templates/pdfedit/pdfpage.php
@ -48,6 +48,9 @@ include_once('../../lib/xml_parser.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 // check if user is logged in, if not go to login
--- a/lam/templates/profedit/profiledelete.php
+++ b/lam/templates/profedit/profiledelete.php
@ -40,6 +40,9 @@ include_once("../../lib/config.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 // check if user is logged in, if not go to login
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@ -40,6 +40,9 @@ include_once("../../lib/config.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $types = $_SESSION['config']->get_ActiveTypes();
--- a/lam/templates/profedit/profilepage.php
+++ b/lam/templates/profedit/profilepage.php
@ -44,6 +44,9 @@ include_once("../../lib/status.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 // check if user is logged in, if not go to login
--- a/lam/templates/tests/index.php
+++ b/lam/templates/tests/index.php
@ -36,6 +36,9 @@ include_once("../../lib/config.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 echo $_SESSION['header'];
--- a/lam/templates/tests/lamdaemonTest.php
+++ b/lam/templates/tests/lamdaemonTest.php
@ -37,6 +37,9 @@ include_once("../../lib/config.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 echo $_SESSION['header'];
--- a/lam/templates/tests/schemaTest.php
+++ b/lam/templates/tests/schemaTest.php
@ -40,6 +40,9 @@ include_once("../../lib/schema.inc");
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 echo $_SESSION['header'];