Permission check consistency updates (#7686)

* More permission check fixes

* Update call_block_edit.php

* Update call_forward.php

* Update call_forward_edit.php

* Update call_forward.php

* Update dialplans.php

* Update fax_edit.php

* Update phrase_edit.php

* Update sip_profile_copy.php

* Update system.php

* Update xml_cdr.php

* Update contact_attachment_edit.php

* Update contact_auth.php

* Update contact_relations_view.php

* Update contact_timer_inc.php

* Update contact_timer.php

* Update contacts_vcard.php

* Update permissions_default.php

* Update menu_item_list.php

* Update user_edit.php

app/bridges/bridge_edit.php

@@ -26,7 +26,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!permission_exists('bridge_add') && !permission_exists('bridge_edit')) {
+	if (!(permission_exists('bridge_add') || permission_exists('bridge_edit'))) {
 		echo "access denied";
 		exit;
 	}

app/call_block/call_block_edit.php

@@ -32,7 +32,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) {
+	if (!(permission_exists('call_block_edit') || permission_exists('call_block_add'))) {
 		echo "access denied";
 		exit;
 	}

app/call_forward/call_forward.php

@@ -18,7 +18,7 @@
 
 	  The Initial Developer of the Original Code is
 	  Mark J Crane <markjcrane@fusionpbx.com>
-	  Portions created by the Initial Developer are Copyright (C) 2008-2024
+	  Portions created by the Initial Developer are Copyright (C) 2008-2025
 	  the Initial Developer. All Rights Reserved.
 
 	  Contributor(s):
@@ -34,7 +34,7 @@
 	require_once "resources/paging.php";
 
 //check permissions
-	if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
+	if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
 		echo "access denied";
 		exit;
 	}

app/call_forward/call_forward_edit.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2024
+	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -30,7 +30,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
+	if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
 		echo "access denied";
 		exit;
 	}

app/call_forward/resources/dashboard/call_forward.php

@@ -5,7 +5,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
+	if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) {
 		echo "access denied";
 		exit;
 	}

app/dialplans/dialplans.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -31,7 +31,7 @@
 	require_once "resources/paging.php";
 
 //check permissions
-	if (!(permission_exists('dialplan_view') || !permission_exists('inbound_route_view') || permission_exists('outbound_route_view'))) {
+	if (!(permission_exists('dialplan_view') || permission_exists('inbound_route_view') || permission_exists('outbound_route_view'))) {
 		echo "access denied";
 		exit;
 	}

app/fax/fax_edit.php

@@ -29,7 +29,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!(permission_exists('fax_extension_add') || !permission_exists('fax_extension_edit') || permission_exists('fax_extension_delete'))) {
+	if (!(permission_exists('fax_extension_add') || permission_exists('fax_extension_edit') || permission_exists('fax_extension_delete'))) {
 		echo "access denied";
 		exit;
 	}

app/phrases/phrase_edit.php

@@ -29,10 +29,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('phrase_add') || permission_exists('phrase_edit')) {
-		//access granted
-	}
-	else {
+	if (!(permission_exists('phrase_add') || permission_exists('phrase_edit'))) {
 		echo "access denied";
 		exit;
 	}

app/sip_profiles/sip_profile_copy.php

@@ -30,11 +30,10 @@
 	require_once "resources/paging.php";
 
 //check permissions
-	if (!permission_exists('dialplan_add')
-		|| !permission_exists('inbound_route_add')
-		|| !permission_exists('outbound_route_add')
-		|| !permission_exists('time_condition_add')) {
-		//access granted
+	if (!(permission_exists('dialplan_add')
+		|| permission_exists('inbound_route_add')
+		|| permission_exists('outbound_route_add')
+		|| permission_exists('time_condition_add'))) {
 		echo "access denied";
 		exit;
 	}
@@ -149,4 +148,4 @@ if (is_uuid($sip_profile_uuid) && $sip_profile_name != '') {
 	header("Location: sip_profiles.php");
 	exit;
 
-?>
+?>

app/system/system.php

@@ -30,11 +30,11 @@ Con	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!permission_exists('system_view_info')
-		|| !permission_exists('system_view_cpu')
-		|| !permission_exists('system_view_hdd')
-		|| !permission_exists('system_view_ram')
-		|| !permission_exists('system_view_backup')) {
+	if (!(permission_exists('system_view_info')
+		|| permission_exists('system_view_cpu')
+		|| permission_exists('system_view_hdd')
+		|| permission_exists('system_view_ram')
+		|| permission_exists('system_view_backup'))) {
 		echo "access denied";
 		exit;
 	}

app/xml_cdr/xml_cdr.php

@@ -32,10 +32,7 @@
 	require_once "resources/paging.php";
 
 //check permisions
-	if (permission_exists('xml_cdr_view')) {
-		//access granted
-	}
-	else {
+	if (!permission_exists('xml_cdr_view')) {
 		echo "access denied";
 		exit;
 	}

core/contacts/contact_attachment_edit.php

@@ -30,8 +30,9 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) {
-		echo "access denied"; exit;
+	if (!(permission_exists('contact_attachment_edit') || permission_exists('contact_attachment_add'))) {
+		echo "access denied";
+		exit;
 	}
 
 //add multi-lingual support

core/contacts/contact_auth.php

@@ -26,10 +26,9 @@
 //includes files
 require_once dirname(__DIR__, 2) . "/resources/require.php";
 require_once "resources/check_auth.php";
-if (permission_exists('contact_add')) {
-	//access granted
-}
-else {
+
+//check permissions
+if (!permission_exists('contact_add')) {
 	echo "access denied";
 	exit;
 }

core/contacts/contact_relations_view.php

@@ -29,10 +29,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('contact_relation_view')) {
-		//access granted
-	}
-	else {
+	if (!permission_exists('contact_relation_view')) {
 		echo "access denied";
 		exit;
 	}

core/contacts/contact_timer.php

@@ -26,7 +26,12 @@
 //includes files
 	require_once dirname(__DIR__, 2) . "/resources/require.php";
 	require_once "resources/check_auth.php";
-	if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
+
+//check permissions
+	if (!permission_exists('contact_time_add')) {
+		echo "access denied";
+		exit;
+	}
 
 //set the defaults
 	$contact_time_uuid = '';

core/contacts/contact_timer_inc.php

@@ -26,7 +26,12 @@
 //includes files
 	require_once dirname(__DIR__, 2) . "/resources/require.php";
 	require_once "resources/check_auth.php";
-	if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
+
+//check permissions
+	if (!permission_exists('contact_time_add')) {
+		echo "access denied";
+		exit;
+	}
 
 //get contact and time uuids
 	$domain_uuid = $_REQUEST['domain_uuid'];

core/contacts/contacts_vcard.php

@@ -27,10 +27,7 @@
 //includes files
 require_once dirname(__DIR__, 2) . "/resources/require.php";
 require_once "resources/check_auth.php";
-if (permission_exists('contact_view')) {
-	//access granted
-}
-else {
+if (!permission_exists('contact_view')) {
 	echo "access denied";
 	exit;
 }

core/groups/permissions_default.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -29,10 +29,7 @@
 		//includes files
 		require_once dirname(__DIR__, 2) . "/resources/require.php";
 		require_once "resources/check_auth.php";
-		if (permission_exists('group_edit')) {
-			//access granted
-		}
-		else {
+		if (!permission_exists('group_edit')) {
 			echo "access denied";
 			return;
 		}

core/menu/menu_item_list.php

@@ -29,7 +29,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!(permission_exists('menu_add') || !permission_exists('menu_edit') || permission_exists('menu_delete'))) {
+	if (!(permission_exists('menu_add') || permission_exists('menu_edit') || permission_exists('menu_delete'))) {
 		echo "access denied";
 		exit;
 	}

core/users/user_edit.php

@@ -30,7 +30,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (!permission_exists('user_view') && !permission_exists('user_add') && !permission_exists('user_edit')) {
+	if (!(permission_exists('user_view') || !permission_exists('user_add') || permission_exists('user_edit'))) {
 		echo "access denied";
 		exit;
 	}