Home Explore Help
Sign In
fusionpbx
/
fusionpbx-apps
mirror of https://github.com/fusionpbx/fusionpbx-apps.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add permissions for every table (view, add, edit, and delete). Important change to increase security on the REST API and will be beneficial for more detailed control of permissions.

Mark Crane 12 years ago
parent
c4d87116c3
commit
a426cc38d3
3 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 1 1
      profiles/app_config.php
  2. 1 1
      profiles/v_profiles.php
  3. 3 3
      user_contacts/users.php

+ 1 - 1
profiles/app_config.php
View File 

@@ -27,6 +27,6 @@
 
 		$apps[$x]['permissions'][2]['name'] = 'sip_profiles_edit';
 
 		$apps[$x]['permissions'][2]['groups'][] = 'superadmin';
 
 
-		$apps[$x]['permissions'][3]['name'] = 'sip_profiles_delete';
 
+		$apps[$x]['permissions'][3]['name'] = 'sip_profile_delete';
 
 		$apps[$x]['permissions'][3]['groups'][] = 'superadmin';
 
 ?>

+ 1 - 1
profiles/v_profiles.php
View File 

@@ -151,7 +151,7 @@ if (strlen($save_msg) > 0) {
 
 			if (permission_exists('sip_profiles_edit')) {
 
 				echo "		  <td valign='middle'><a href='v_profile_edit.php?type=profile&f=".$file."' alt='edit'>$v_link_label_edit</a></td>\n";
 
 			}
 
-			if (permission_exists('sip_profiles_delete')) {
 
+			if (permission_exists('sip_profile_delete')) {
 
 				echo "		  <td><a href='v_profiles.php?type=profile&a=del&f=".$file."'  alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a></td>\n";
 
 			}
 
 			echo "		</tr>\n";

+ 3 - 3
user_contacts/users.php
View File 

@@ -97,7 +97,7 @@ require_once "resources/paging.php";
 
 	echo th_order_by('user_company_name', 'Organization', $order_by, $order);
 
 	echo th_order_by('user_phone_1', 'Phone', $order_by, $order);
 
 	echo "<td align='right' width='42'>\n";
 
-	if (permission_exists('contacts_add')) {
 
+	if (permission_exists('contact_add')) {
 
 		echo "	<a href='user_edit.php' alt='add'>$v_link_label_add</a>\n";
 
 	}
 
 	echo "</td>\n";
 
@@ -119,7 +119,7 @@ require_once "resources/paging.php";
 
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['user_company_name']."&nbsp;</td>\n";
 
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['user_phone_1']."&nbsp;</td>\n";
 
 			echo "	<td valign='top' align='right'>\n";
 
-			if (permission_exists('contacts_edit')) {
 
+			if (permission_exists('contact_edit')) {
 
 				echo "		<a href='user_edit.php?id=".$row['user_uuid']."' alt='edit'>$v_link_label_edit</a>\n";
 
 			}
 
 			if (permission_exists('contact_delete')) {
 
@@ -139,7 +139,7 @@ require_once "resources/paging.php";
 
 	echo "		<td width='33.3%' nowrap>&nbsp;</td>\n";
 
 	echo "		<td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
 
 	echo "		<td width='33.3%' align='right'>\n";
 
-	if (permission_exists('contacts_add')) {
 
+	if (permission_exists('contact_add')) {
 
 		echo "			<a href='user_edit.php' alt='add'>$v_link_label_add</a>\n";
 
 	}
 
 	echo "		</td>\n";