admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#35733 betere _FACILITOR autorisering

Browse Source 
svn path=/Website/trunk/; revision=28421
This commit is contained in:
Jos Groot Lipman
2016-03-10 11:01:27 +00:00
parent e65bd4ae2e
commit 20765d360e
11 changed files with 101 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
APPL/API2/model_reportsx.inc
View File

@@ -80,13 +80,15 @@ function model_reportsx(usrrap_key, rapparams)
this._check_authorization = function(params, method)
{
params.message = "";
var autfunction = "WEB_PRSSYS";
var autfunction = "WEB_UDRMAN";
params.authparams = user.checkAutorisation(autfunction); // pessimistisch
};
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
this._analyze_fields = function (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
{
if (user.oslogin() != "_FACILITOR") // Die mag alles
if (hasFACFAC) // Die mag alles
{
// viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields.
if ("viewname" in dbfields)
@@ -126,7 +128,7 @@ function model_reportsx(usrrap_key, rapparams)
var wheres = api2.sqlfilter(params, this);
query.wheres = query.wheres.concat(wheres);
var authparams = user.checkAutorisation("WEB_PRSSYS", true);
var authparams = user.checkAutorisation("WEB_UDRMAN", true);
if (!authparams)
{
query.wheres.push("(fac_functie_key IN"
@@ -222,7 +224,7 @@ function model_reportsx(usrrap_key, rapparams)
if (!rapparams.internal)
{
if (user.oslogin() == "_FACILITOR")
if (hasFACFAC)
settings.overrule_setting("fac_usrrap_mode", 1); // _FACILITOR mag alles
else
{
@@ -235,7 +237,7 @@ function model_reportsx(usrrap_key, rapparams)
this.fields["pivot"].readonly = true;
this.fields["graph"].readonly = true;
}
if (!user.checkAutorisation("WEB_PRSSYS", true))
if (!user.checkAutorisation("WEB_UDRMAN", true))
{ // Dit heeft betrekking op de zoekvelden van appl/fac/fac_reportx_show.asp?mode=search
// Omdat wij standaard linken naar mode=list speelt dit zelden.
for (var fld in this.fields)