diff --git a/index.php b/index.php index 07fa793fe..d7c6416b8 100755 --- a/index.php +++ b/index.php @@ -455,7 +455,7 @@ ) { echo '
  • - +

    ' . $lang->get('favorites') . ' diff --git a/pages/export.php b/pages/export.php index 403ea7c50..93d84dcc8 100755 --- a/pages/export.php +++ b/pages/export.php @@ -64,9 +64,19 @@ 'user_key' => returnIfSet($session->get('key'), null), ] ); -// Handle the case + +// Check user access and printing enabled echo $checkUserAccess->caseHandler(); -if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('export') === false) { +if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('export') === false + || isset($SETTINGS['allow_print']) === false || (int) $SETTINGS['allow_print'] === 0 + || isset($SETTINGS['roles_allowed_to_print_select']) === false + || empty($SETTINGS['roles_allowed_to_print_select']) === true + || count(array_intersect( + explode(';', $session->get('user-roles')), + explode(',', str_replace(['"', '[', ']'], '', $SETTINGS['roles_allowed_to_print_select'])) + )) === 0 + || (int) $session_user_admin === 1 +) { // Not allowed page $session->set('system-error_code', ERR_NOT_ALLOWED); include $SETTINGS['cpassman_dir'] . '/error.php'; diff --git a/pages/favourites.php b/pages/favourites.php index 223760131..926c2095d 100755 --- a/pages/favourites.php +++ b/pages/favourites.php @@ -64,9 +64,12 @@ 'user_key' => returnIfSet($session->get('key'), null), ] ); -// Handle the case + +// Check user access and favourites enabled echo $checkUserAccess->caseHandler(); -if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('favourites') === false) { +if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('favourites') === false + || isset($SETTINGS['enable_favourites']) === false || (int) $SETTINGS['enable_favourites'] === 0 + || (int) $session_user_admin === 1) { // Not allowed page $session->set('system-error_code', ERR_NOT_ALLOWED); include $SETTINGS['cpassman_dir'] . '/error.php'; diff --git a/pages/import.php b/pages/import.php index ab5096b88..969ceba9b 100755 --- a/pages/import.php +++ b/pages/import.php @@ -64,9 +64,11 @@ 'user_key' => returnIfSet($session->get('key'), null), ] ); -// Handle the case + +// Check user access and import enabled echo $checkUserAccess->caseHandler(); -if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('import') === false) { +if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('import') === false + || isset($SETTINGS['allow_import']) === false || (int) $SETTINGS['allow_import'] !== 1) { // Not allowed page $session->set('system-error_code', ERR_NOT_ALLOWED); include $SETTINGS['cpassman_dir'] . '/error.php'; diff --git a/vendor/teampassclasses/performchecks/src/PerformChecks.php b/vendor/teampassclasses/performchecks/src/PerformChecks.php index cd2393d52..0d51be30b 100755 --- a/vendor/teampassclasses/performchecks/src/PerformChecks.php +++ b/vendor/teampassclasses/performchecks/src/PerformChecks.php @@ -154,7 +154,7 @@ function userAccessPage($pageVisited): bool // Definition $pagesRights = array( 'user' => array( - 'home', 'items', 'search', 'kb', 'favourites', 'suggestion', 'profile', 'import', 'export', 'folders', 'offline', + 'home', 'items', 'search', 'kb', 'favourites', 'suggestion', 'profile', 'import', 'export', 'offline', ), 'manager' => array( 'home', 'items', 'search', 'kb', 'favourites', 'suggestion', 'folders', 'roles', 'utilities', 'users', 'profile',