From d6bec7a7dba66e8312305eb50bdad73299c533e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 30 Jun 2015 06:28:48 -0400
Subject: [PATCH] - fixed access check in client templates and mail content filters

---
 interface/web/mail/mail_content_filter_edit.php |    2 +-
 interface/web/client/client_template_list.php   |    2 +-
 interface/web/client/client_template_del.php    |    2 +-
 interface/web/client/client_template_edit.php   |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/web/client/client_template_del.php b/interface/web/client/client_template_del.php
index b57224f..29d7499 100644
--- a/interface/web/client/client_template_del.php
+++ b/interface/web/client/client_template_del.php
@@ -44,7 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are for Admins only.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
diff --git a/interface/web/client/client_template_edit.php b/interface/web/client/client_template_edit.php
index bc5c6d2..3ce027a 100644
--- a/interface/web/client/client_template_edit.php
+++ b/interface/web/client/client_template_edit.php
@@ -43,7 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/client/client_template_list.php b/interface/web/client/client_template_list.php
index c87cea0..70cdc80 100644
--- a/interface/web/client/client_template_list.php
+++ b/interface/web/client/client_template_list.php
@@ -41,7 +41,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('listform_actions');
 $app->listform_actions->SQLOrderBy = 'ORDER BY client_template.template_name';
diff --git a/interface/web/mail/mail_content_filter_edit.php b/interface/web/mail/mail_content_filter_edit.php
index 5672135..8a98a03 100644
--- a/interface/web/mail/mail_content_filter_edit.php
+++ b/interface/web/mail/mail_content_filter_edit.php
@@ -44,7 +44,7 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('These Filters are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('These Filters are only for Admins.');
 
 
 // Loading classes

--
Gitblit v1.9.1