diff --git a/app/bridges/bridge_edit.php b/app/bridges/bridge_edit.php index 9bd608aadf..a96c05be44 100644 --- a/app/bridges/bridge_edit.php +++ b/app/bridges/bridge_edit.php @@ -26,7 +26,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('bridge_add') && !permission_exists('bridge_edit')) { + if (!(permission_exists('bridge_add') || permission_exists('bridge_edit'))) { echo "access denied"; exit; } diff --git a/app/call_block/call_block_edit.php b/app/call_block/call_block_edit.php index 0e3193e18c..fa92277a3b 100644 --- a/app/call_block/call_block_edit.php +++ b/app/call_block/call_block_edit.php @@ -32,7 +32,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) { + if (!(permission_exists('call_block_edit') || permission_exists('call_block_add'))) { echo "access denied"; exit; } diff --git a/app/call_forward/call_forward.php b/app/call_forward/call_forward.php index 8640239bea..76e095f27d 100644 --- a/app/call_forward/call_forward.php +++ b/app/call_forward/call_forward.php @@ -18,7 +18,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2024 + Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): @@ -34,7 +34,7 @@ require_once "resources/paging.php"; //check permissions - if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) { + if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) { echo "access denied"; exit; } diff --git a/app/call_forward/call_forward_edit.php b/app/call_forward/call_forward_edit.php index 001a3ce291..2a998fc51f 100644 --- a/app/call_forward/call_forward_edit.php +++ b/app/call_forward/call_forward_edit.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2024 + Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): @@ -30,7 +30,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) { + if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) { echo "access denied"; exit; } diff --git a/app/call_forward/resources/dashboard/call_forward.php b/app/call_forward/resources/dashboard/call_forward.php index 57729da161..c06a21c4e0 100644 --- a/app/call_forward/resources/dashboard/call_forward.php +++ b/app/call_forward/resources/dashboard/call_forward.php @@ -5,7 +5,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!(permission_exists('follow_me') || !permission_exists('call_forward') || permission_exists('do_not_disturb'))) { + if (!(permission_exists('follow_me') || permission_exists('call_forward') || permission_exists('do_not_disturb'))) { echo "access denied"; exit; } diff --git a/app/dialplans/dialplans.php b/app/dialplans/dialplans.php index 085bac4052..af070862c6 100644 --- a/app/dialplans/dialplans.php +++ b/app/dialplans/dialplans.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2023 + Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): @@ -31,7 +31,7 @@ require_once "resources/paging.php"; //check permissions - if (!(permission_exists('dialplan_view') || !permission_exists('inbound_route_view') || permission_exists('outbound_route_view'))) { + if (!(permission_exists('dialplan_view') || permission_exists('inbound_route_view') || permission_exists('outbound_route_view'))) { echo "access denied"; exit; } diff --git a/app/fax/fax_edit.php b/app/fax/fax_edit.php index 3876f45dc2..96d4b0ac00 100644 --- a/app/fax/fax_edit.php +++ b/app/fax/fax_edit.php @@ -29,7 +29,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!(permission_exists('fax_extension_add') || !permission_exists('fax_extension_edit') || permission_exists('fax_extension_delete'))) { + if (!(permission_exists('fax_extension_add') || permission_exists('fax_extension_edit') || permission_exists('fax_extension_delete'))) { echo "access denied"; exit; } diff --git a/app/phrases/phrase_edit.php b/app/phrases/phrase_edit.php index bacea0f07a..035fcf2e95 100644 --- a/app/phrases/phrase_edit.php +++ b/app/phrases/phrase_edit.php @@ -29,10 +29,7 @@ require_once "resources/check_auth.php"; //check permissions - if (permission_exists('phrase_add') || permission_exists('phrase_edit')) { - //access granted - } - else { + if (!(permission_exists('phrase_add') || permission_exists('phrase_edit'))) { echo "access denied"; exit; } diff --git a/app/sip_profiles/sip_profile_copy.php b/app/sip_profiles/sip_profile_copy.php index dc585c5888..08596ff4e1 100644 --- a/app/sip_profiles/sip_profile_copy.php +++ b/app/sip_profiles/sip_profile_copy.php @@ -30,11 +30,10 @@ require_once "resources/paging.php"; //check permissions - if (!permission_exists('dialplan_add') - || !permission_exists('inbound_route_add') - || !permission_exists('outbound_route_add') - || !permission_exists('time_condition_add')) { - //access granted + if (!(permission_exists('dialplan_add') + || permission_exists('inbound_route_add') + || permission_exists('outbound_route_add') + || permission_exists('time_condition_add'))) { echo "access denied"; exit; } @@ -149,4 +148,4 @@ if (is_uuid($sip_profile_uuid) && $sip_profile_name != '') { header("Location: sip_profiles.php"); exit; -?> \ No newline at end of file +?> diff --git a/app/system/system.php b/app/system/system.php index 6b23d5e3f3..dff0aa7635 100644 --- a/app/system/system.php +++ b/app/system/system.php @@ -30,11 +30,11 @@ Con Portions created by the Initial Developer are Copyright (C) 2008-2025 require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('system_view_info') - || !permission_exists('system_view_cpu') - || !permission_exists('system_view_hdd') - || !permission_exists('system_view_ram') - || !permission_exists('system_view_backup')) { + if (!(permission_exists('system_view_info') + || permission_exists('system_view_cpu') + || permission_exists('system_view_hdd') + || permission_exists('system_view_ram') + || permission_exists('system_view_backup'))) { echo "access denied"; exit; } diff --git a/app/xml_cdr/xml_cdr.php b/app/xml_cdr/xml_cdr.php index ccf6574912..0ab384d9e3 100644 --- a/app/xml_cdr/xml_cdr.php +++ b/app/xml_cdr/xml_cdr.php @@ -32,10 +32,7 @@ require_once "resources/paging.php"; //check permisions - if (permission_exists('xml_cdr_view')) { - //access granted - } - else { + if (!permission_exists('xml_cdr_view')) { echo "access denied"; exit; } diff --git a/core/contacts/contact_attachment_edit.php b/core/contacts/contact_attachment_edit.php index 6f16d25b09..25c74395be 100644 --- a/core/contacts/contact_attachment_edit.php +++ b/core/contacts/contact_attachment_edit.php @@ -30,8 +30,9 @@ require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) { - echo "access denied"; exit; + if (!(permission_exists('contact_attachment_edit') || permission_exists('contact_attachment_add'))) { + echo "access denied"; + exit; } //add multi-lingual support diff --git a/core/contacts/contact_auth.php b/core/contacts/contact_auth.php index 07c1e7d4ae..07ca52e212 100644 --- a/core/contacts/contact_auth.php +++ b/core/contacts/contact_auth.php @@ -26,10 +26,9 @@ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; -if (permission_exists('contact_add')) { - //access granted -} -else { + +//check permissions +if (!permission_exists('contact_add')) { echo "access denied"; exit; } diff --git a/core/contacts/contact_relations_view.php b/core/contacts/contact_relations_view.php index b72cf2fa35..3682f2d5ec 100644 --- a/core/contacts/contact_relations_view.php +++ b/core/contacts/contact_relations_view.php @@ -29,10 +29,7 @@ require_once "resources/check_auth.php"; //check permissions - if (permission_exists('contact_relation_view')) { - //access granted - } - else { + if (!permission_exists('contact_relation_view')) { echo "access denied"; exit; } diff --git a/core/contacts/contact_timer.php b/core/contacts/contact_timer.php index ee7f332a15..2c28b97163 100644 --- a/core/contacts/contact_timer.php +++ b/core/contacts/contact_timer.php @@ -26,7 +26,12 @@ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; - if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } + +//check permissions + if (!permission_exists('contact_time_add')) { + echo "access denied"; + exit; + } //set the defaults $contact_time_uuid = ''; diff --git a/core/contacts/contact_timer_inc.php b/core/contacts/contact_timer_inc.php index 040dfb88db..310077ac38 100644 --- a/core/contacts/contact_timer_inc.php +++ b/core/contacts/contact_timer_inc.php @@ -26,7 +26,12 @@ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; - if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } + +//check permissions + if (!permission_exists('contact_time_add')) { + echo "access denied"; + exit; + } //get contact and time uuids $domain_uuid = $_REQUEST['domain_uuid']; diff --git a/core/contacts/contacts_vcard.php b/core/contacts/contacts_vcard.php index 04be8aa61e..ce4ce5d040 100644 --- a/core/contacts/contacts_vcard.php +++ b/core/contacts/contacts_vcard.php @@ -27,10 +27,7 @@ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; -if (permission_exists('contact_view')) { - //access granted -} -else { +if (!permission_exists('contact_view')) { echo "access denied"; exit; } diff --git a/core/groups/permissions_default.php b/core/groups/permissions_default.php index 4b5b41f02e..d2c7aa4a54 100644 --- a/core/groups/permissions_default.php +++ b/core/groups/permissions_default.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2023 + Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): @@ -29,10 +29,7 @@ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; - if (permission_exists('group_edit')) { - //access granted - } - else { + if (!permission_exists('group_edit')) { echo "access denied"; return; } diff --git a/core/menu/menu_item_list.php b/core/menu/menu_item_list.php index 68af0a8e13..9527409593 100644 --- a/core/menu/menu_item_list.php +++ b/core/menu/menu_item_list.php @@ -29,7 +29,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!(permission_exists('menu_add') || !permission_exists('menu_edit') || permission_exists('menu_delete'))) { + if (!(permission_exists('menu_add') || permission_exists('menu_edit') || permission_exists('menu_delete'))) { echo "access denied"; exit; } diff --git a/core/users/user_edit.php b/core/users/user_edit.php index b6963df21b..a6993cdce9 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -30,7 +30,7 @@ require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('user_view') && !permission_exists('user_add') && !permission_exists('user_edit')) { + if (!(permission_exists('user_view') || !permission_exists('user_add') || permission_exists('user_edit'))) { echo "access denied"; exit; }