diff --git a/ajax/container.php b/ajax/container.php index 46b7588f..ef42a8eb 100644 --- a/ajax/container.php +++ b/ajax/container.php @@ -29,10 +29,17 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); use Glpi\Http\Response; if (isset($_GET['action']) && $_GET['action'] === 'get_fields_html') { + + $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $c_id); + if ($right < READ) { + echo ''; + } + $containers_id = $_GET['id']; $itemtype = $_GET['itemtype']; $items_id = (int) $_GET['items_id']; diff --git a/ajax/container_display_condition.php b/ajax/container_display_condition.php index 5d68a34b..4988d99e 100644 --- a/ajax/container_display_condition.php +++ b/ajax/container_display_condition.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); if (isset($_GET['action'])) { if ($_GET['action'] === 'get_add_form') { diff --git a/ajax/container_itemtypes_dropdown.php b/ajax/container_itemtypes_dropdown.php index dcebe711..d397e7a2 100644 --- a/ajax/container_itemtypes_dropdown.php +++ b/ajax/container_itemtypes_dropdown.php @@ -29,5 +29,6 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); PluginFieldsContainer::showFormItemtype($_REQUEST); diff --git a/ajax/container_subtype_dropdown.php b/ajax/container_subtype_dropdown.php index 904a83d5..7a482bba 100644 --- a/ajax/container_subtype_dropdown.php +++ b/ajax/container_subtype_dropdown.php @@ -29,5 +29,6 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); PluginFieldsContainer::showFormSubtype($_REQUEST, true); diff --git a/ajax/reorder.php b/ajax/reorder.php index bdfc71f4..9ee4516d 100644 --- a/ajax/reorder.php +++ b/ajax/reorder.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); if ( !array_key_exists('container_id', $_POST) diff --git a/ajax/status_override.php b/ajax/status_override.php index 6ce7f353..f5554387 100644 --- a/ajax/status_override.php +++ b/ajax/status_override.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); if (isset($_GET['action'])) { if ($_GET['action'] === 'get_status_dropdown') { diff --git a/front/commondropdown.form.php b/front/commondropdown.form.php index b93b7b94..9801c46d 100644 --- a/front/commondropdown.form.php +++ b/front/commondropdown.form.php @@ -29,6 +29,7 @@ */ include '../../../inc/includes.php'; +Session::checkLoginUser(); if (preg_match('/[a-z]/i', $_REQUEST['ddtype']) !== 1) { throw new \RuntimeException(sprintf('Invalid itemtype "%1$s"', $_REQUEST['ddtype'])); } diff --git a/front/commondropdown.php b/front/commondropdown.php index 16433472..a9009efe 100644 --- a/front/commondropdown.php +++ b/front/commondropdown.php @@ -29,6 +29,7 @@ */ include '../../../inc/includes.php'; +Session::checkLoginUser(); if (preg_match('/[a-z]/i', $_REQUEST['ddtype']) !== 1) { throw new \RuntimeException(sprintf('Invalid itemtype "%1$s"', $_REQUEST['ddtype'])); } diff --git a/front/container.form.php b/front/container.form.php index b8dd3bca..28e8c37a 100644 --- a/front/container.form.php +++ b/front/container.form.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); if (empty($_GET['id'])) { $_GET['id'] = ''; @@ -59,6 +60,12 @@ } Html::back(); } else { + + $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $_GET['id']); + if ($right < READ) { + Html::displayRightError("User is missing the " . READ . " ('read') right for container"); + } + Html::header( __('Additional fields', 'fields'), $_SERVER['PHP_SELF'], diff --git a/front/container.php b/front/container.php index c22df9b1..933fc66a 100644 --- a/front/container.php +++ b/front/container.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkLoginUser(); Html::header( __('Additional fields', 'fields'), @@ -38,7 +39,7 @@ 'fieldscontainer', ); -Session::checkRight('entity', READ); +Session::checkRight('config', READ); PluginFieldsContainer::titleList(); Search::show('PluginFieldsContainer'); diff --git a/front/containerdisplaycondition.form.php b/front/containerdisplaycondition.form.php index c61cfcdc..bb8cdda7 100644 --- a/front/containerdisplaycondition.form.php +++ b/front/containerdisplaycondition.form.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkRight('config', READ); $status_override = new PluginFieldsContainerDisplayCondition(); if (isset($_POST['add'])) { diff --git a/front/export_to_yaml.php b/front/export_to_yaml.php index 2e7016c5..16e8afb7 100644 --- a/front/export_to_yaml.php +++ b/front/export_to_yaml.php @@ -31,7 +31,7 @@ include('../../../inc/includes.php'); include('../hook.php'); -Session::checkRight('entity', READ); +Session::checkRight('config', READ); $ID = null; if (isset($_GET['id'])) { diff --git a/front/field.form.php b/front/field.form.php index 4fe928ac..da7323ea 100644 --- a/front/field.form.php +++ b/front/field.form.php @@ -34,7 +34,7 @@ $_GET['id'] = ''; } -Session::checkRight('entity', READ); +Session::checkRight('config', READ); $field = new PluginFieldsField(); diff --git a/front/labeltranslation.form.php b/front/labeltranslation.form.php index b5ab239d..00eabac5 100644 --- a/front/labeltranslation.form.php +++ b/front/labeltranslation.form.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkRight('config', UPDATE); $translation = new PluginFieldsLabelTranslation(); if (isset($_POST['add'])) { diff --git a/front/profile.form.php b/front/profile.form.php index 760a5d95..dc769620 100644 --- a/front/profile.form.php +++ b/front/profile.form.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkRight('config', UPDATE); if (isset($_POST['update'])) { PluginFieldsProfile::updateProfile($_POST); diff --git a/front/regenerate_files.php b/front/regenerate_files.php index 57fff02d..c6dfa4fe 100644 --- a/front/regenerate_files.php +++ b/front/regenerate_files.php @@ -31,7 +31,7 @@ include('../../../inc/includes.php'); include('../hook.php'); -Session::checkRight('entity', READ); +Session::checkRight('config', READ); plugin_fields_checkFiles(); diff --git a/front/statusoverride.form.php b/front/statusoverride.form.php index 120a6ab2..1fc2b956 100644 --- a/front/statusoverride.form.php +++ b/front/statusoverride.form.php @@ -29,6 +29,7 @@ */ include('../../../inc/includes.php'); +Session::checkRight('config', READ); $status_override = new PluginFieldsStatusOverride(); if (isset($_POST['add'])) {