Skip to content

Commit

Permalink
Better access for nobody in access_api.php
Browse files Browse the repository at this point in the history 
git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1765 f5dc347c-c33d-0410-90a0-b07cc1902cb9
  • Loading branch information
@vboctor
vboctor committed Jan 24, 2003
1 parent 20d9450 commit 0723471
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions core/access_api.php
View file
Expand Up @@ -6,7 +6,7 @@
# See the README and LICENSE files for details

# --------------------------------------------------------
# $Id: access_api.php,v 1.10 2003-01-24 00:09:06 vboctor Exp $
# $Id: access_api.php,v 1.11 2003-01-24 00:31:41 vboctor Exp $
# --------------------------------------------------------

###########################################################################
Expand Down Expand Up @@ -67,13 +67,17 @@ function access_bug_check( $p_bug_id, $p_view_state='' ) {
function access_level_check_greater_or_equal( $p_access_level, $p_project_id=0 ) {
global $g_string_cookie_val;

if ( NOBODY == $p_access_level ) {
return false;
}

# user isn't logged in
if (( !isset( $g_string_cookie_val ) )||( is_blank( $g_string_cookie_val ) )) {
return false;
}

# Administrators ALWAYS pass.
if ( (NOBODY != $p_access_level) && current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return true;
}

Expand All @@ -99,13 +103,17 @@ function access_level_check_greater_or_equal( $p_access_level, $p_project_id=0 )
function access_level_ge_no_default_for_private ( $p_access_level, $p_project_id ) {
global $g_string_cookie_val;

if ( NOBODY == $p_access_level ) {
return false;
}

# user isn't logged in
if (( !isset( $g_string_cookie_val ) )||( is_blank( $g_string_cookie_val ) )) {
return false;
}

# Administrators ALWAYS pass.
if ( (NOBODY != $p_access_level) && current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return true;
}

Expand Down Expand Up @@ -159,6 +167,10 @@ function absolute_access_level_check_greater_or_equal( $p_access_level ) {
# --------------------
# Checks to see if the user should be here. If not then log the user out.
function check_access( $p_access_level ) {
if ( NOBODY == $p_access_level ) {
return false;
}

# Administrators ALWAYS pass.
if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return;
Expand Down

0 comments on commit 0723471

Please sign in to comment.