- fixed access check in client templates and mail content filters

Author: Marius Cramer

interface/web/client/client_template_del.php

@@ -44,7 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are for Admins only.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');

interface/web/client/client_template_edit.php

@@ -43,7 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');

interface/web/client/client_template_list.php

@@ -41,7 +41,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('listform_actions');
 $app->listform_actions->SQLOrderBy = 'ORDER BY client_template.template_name';

interface/web/mail/mail_content_filter_edit.php

@@ -44,7 +44,7 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('These Filters are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('These Filters are only for Admins.');
 
 
 // Loading classes