Implement basic ACL check

contributions.php

@@ -1,6 +1,11 @@
 <?php
 $page = "Contribution Posts";
 include("functions.php");
+
+// Set Current page access level, and check if user has access
+$currentacl = FOR_ALL;
+CheckPageAccess();
+
 if (isset($_GET['a'])) {
 	$action = $_GET['a'];
 } else {

error.php

@@ -15,6 +15,8 @@
 	$pagecontent = "An SQL error occured. You've been logged out, so try again. If this error persists, please contact @dimitrisp on the DaVinci discord.";
 } else if ($i == -3) {
 	$pagecontent = "You are not logged in. Please <a href=\"https://steemconnect.com/oauth2/authorize?client_id=aristotle.app&redirect_uri=http://localhost/tasklist/callback.php&scope=login\">click here to login via SteemConnect</a>";
+} else if ($i == -4) {
+	$pagecontent = "You do not have permissions to the page you tried to access";
 } else {
 	$pagecontent = "An unexpected error occured. Please try again later";
 }

functions.php

@@ -33,6 +33,8 @@
 // Constants //
 ///////////////
 
+
+// User access levels
 const NO_SQL_CONNECTION = -2;
 const DENY_ACCESS = -1;
 const NO_ACCESS = 0;
@@ -41,6 +43,12 @@
 const IS_BOTH = 3;
 const IS_STAFF = 4;
 
+// Page access levels
+const FOR_TRANSLATORS = 1;
+const FOR_PROOFREADER = 2;
+const FOR_STAFF_AND_LM = 4;
+const FOR_ALL = 6;
+
 //////////////////////////
 // GENERIC DB FUNCTIONS //
 //////////////////////////
@@ -102,6 +110,39 @@ function CheckUserAccess($username) {
 	}
 }
 
+// Used to check if the user has access to the current page.
+// Should be changed to something better.
+
+function CheckPageAccess() {
+	//echo $GLOBALS['currentaccesslevel'];
+	$acl = $GLOBALS['currentacl'];
+	$hasaccess = $GLOBALS['hasaccess'];
+
+	$showerror = FALSE;
+
+	// Basically, the following IF will not allow:
+	// A translator to access pages marked with a level of FOR_PROOFREADER or bigger
+	// A staff to access pages marked with a level FOR_PROOFREADER or lower
+	// A person with NO_ACCESS, to access any page with ACL
+	// Perhaps, this could be simplified in some way
+
+	if (($acl != FOR_TRANSLATORS && $acl != FOR_ALL) && $hasaccess == IS_TRANSLATOR) {
+		$showerror = TRUE;
+	} else if (($acl != FOR_STAFF_AND_LM && $acl != FOR_ALL) && $hasaccess == IS_STAFF) {
+		$showerror = TRUE;
+	} else if ($hasaccess == NO_ACCESS) {
+		$showerror = TRUE;
+	}
+
+
+	if ($showerror) {
+		echo "You have no access";
+		header("Location: error.php?i=-4");
+		die();
+	}
+
+}
+
 function ConvertArray2CSV($arrayinput, $seperator) {
 	$arraycount = count($arrayinput);
 	$thisarray = "";

projects.php

@@ -1,6 +1,11 @@
 <?php
 $page = "Projects";
 include("functions.php");
+
+// Set Current page access level, and check if user has access
+$currentacl = FOR_TRANSLATORS;
+CheckPageAccess();
+
 if (isset($_GET['a'])) {
 	$action = $_GET['a'];
 } else {

tasks.php

@@ -1,6 +1,11 @@
 <?php
 $page = "Tasks";
 include("functions.php");
+
+// Set Current page access level, and check if user has access
+$currentacl = FOR_TRANSLATORS;
+CheckPageAccess();
+
 if (isset($_GET['a'])) {
 	$action = $_GET['a'];
 } else {

users.php

@@ -2,8 +2,12 @@
 $page = "Users";
 include("functions.php");
 
-	$userlist = GetAllUsers();
-	$pagecontent = "<table class=\"table table-striped table-hover\"><thead><tr><th>User</th><th>Member Role</th><th>Hired</th><th>Dismissed</th><th></th></tr></thead><tbody>$userlist</tbody></table>";
+// Set Current page access level, and check if user has access
+$currentacl = FOR_STAFF_AND_LM;
+CheckPageAccess();
+
+$userlist = GetAllUsers();
+$pagecontent = "<table class=\"table table-striped table-hover\"><thead><tr><th>User</th><th>Member Role</th><th>Hired</th><th>Dismissed</th><th></th></tr></thead><tbody>$userlist</tbody></table>";
 include("common/head.php");
 ?>
 

weeklyreports.php

@@ -1,6 +1,10 @@
 <?php
 include("functions.php");
 
+// Set Current page access level, and check if user has access
+$currentacl = FOR_STAFF_AND_LM;
+CheckPageAccess();
+
 if (isset($_GET['a'])) {
 	$action = $_GET['a'];
 } else {