UWVA#38639 betere autorisatiecheck voor bijlagen meemailen

svn path=/Website/trunk/; revision=33727

APPL/RES/res_show_rsv_ruimte.asp

@@ -307,6 +307,7 @@ FCLTHeader.Requires({plugins: ["jQuery"]})
             + "&key=" + rrr.reservering_key
             + "&xkey=" +rsv_ruimte_key
             + "&subject=" + Server.URLencode(subject)
+            + "&pmodule=RES&pniveau=R"
             + "&mailfrom=" + (hasFOBOread? 1 : 0);
 %>
         var subject = "<%=safe.jsstring(subject)%>";

APPL/Shared/queuemail.asp

@@ -20,6 +20,7 @@
 <!-- #include file="../Shared/bedrijfselector.inc" -->
 <!-- #include file="../Shared/kenmerk_common.inc" -->
 <!-- #include file="../Shared/FlexFiles.inc" -->
+<!-- #include file="../res/res.inc" -->
 <!-- #include file="../mld/mld.inc" -->
 
 <%
@@ -41,16 +42,29 @@ var mailfrom = getQParamInt("mailfrom", 0) == 1;
 var xkey = getQParamInt("xkey", -1);
 var pshowcompany = getQParamInt("pshowcompany", 0) == 1;
 
-// Ben ik voor deze module FO, en mag ik dus attachments selecteren?
+// Ben ik voor deze module een prof (FO of BO), en mag ik dus attachments selecteren?
 var xfunc = user.func_enabled("*", null, null, user_key);
-var iamfo = false;
-var iambo = false;
+var attachmentOption = false;
 switch (pmodule)
 {
-  case "RES": iamfo = xfunc.canWrite("WEB_RESFOF"); break;
-  case "MLD": iamfo = xfunc.canWrite("WEB_MLDFOF"); iambo = xfunc.canWrite("WEB_MLDBOF"); break;
-  case "BES": iamfo = xfunc.canWrite("WEB_BESFOF"); break;  /* unsupported yet */
-  case "PRS": iamfo = xfunc.canWrite("WEB_PRSSYS"); break;  /* unsupported yet */
+  case "RES":
+        var this_res = res.func_enabled(xkey);
+        attachmentOption = this_res.canReadFO || this_res.canReadBO;
+        break;
+  case "MLD": switch (pniveau)
+              {
+                case "M":
+                    var this_mld = mld.func_enabled_melding(pkey);
+                    attachmentOption = this_mld.canFOread || this_mld.canBOread;
+                    break;
+                case "O":
+                    var this_opdr = mld.func_enabled_opdracht(pkey);
+                    attachmentOption = this_opdr.canReadBOF || this_opdr.canReadORD;
+                    break;
+              };
+              break;
+  case "BES": attachmentOption = xfunc.canRead("WEB_BESFOF"); break;  /* unsupported yet */
+  case "PRS": attachmentOption = xfunc.canRead("WEB_PRSSYS"); break;  /* unsupported yet */
 }
 
 function bestandenlijst(pmodule, pniveau, pkey)
@@ -424,7 +438,7 @@ function bestandenlijstALL(pmodule, pniveau, pkey)
             <tr><td><br/></td></tr>
 <%
             // Bijlagen meesturen.
-            if (iamfo || iambo)
+            if (attachmentOption)
             {
                 checklist = bestandenlijstALL(pmodule, pniveau, pkey);
                 for (i=0; i<checklist.length; i++)