Permission check consistency updates (#7686)

* More permission check fixes * Update call_block_edit.php * Update call_forward.php * Update call_forward_edit.php * Update call_forward.php * Update dialplans.php * Update fax_edit.php * Update phrase_edit.php * Update sip_profile_copy.php * Update system.php * Update xml_cdr.php * Update contact_attachment_edit.php * Update contact_auth.php * Update contact_relations_view.php * Update contact_timer_inc.php * Update contact_timer.php * Update contacts_vcard.php * Update permissions_default.php * Update menu_item_list.php * Update user_edit.php
2026-03-17 05:52:11 +00:00 · 2026-01-02 14:04:39 -07:00
parent 24c1c00a4c
commit 0efc4befe4
20 changed files with 46 additions and 52 deletions
--- a/core/contacts/contact_attachment_edit.php
+++ b/core/contacts/contact_attachment_edit.php
@@ -30,8 +30,9 @@
 	require_once "resources/check_auth.php";

 //check permissions
-	if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) {
-		echo "access denied"; exit;
+	if (!(permission_exists('contact_attachment_edit') || permission_exists('contact_attachment_add'))) {
+		echo "access denied";
+		exit;
 	}

 //add multi-lingual support
--- a/core/contacts/contact_auth.php
+++ b/core/contacts/contact_auth.php
@@ -26,10 +26,9 @@
 //includes files
 require_once dirname(__DIR__, 2) . "/resources/require.php";
 require_once "resources/check_auth.php";
-if (permission_exists('contact_add')) {
-	//access granted
-}
-else {
+
+//check permissions
+if (!permission_exists('contact_add')) {
 	echo "access denied";
 	exit;
 }
--- a/core/contacts/contact_relations_view.php
+++ b/core/contacts/contact_relations_view.php
@@ -29,10 +29,7 @@
 	require_once "resources/check_auth.php";

 //check permissions
-	if (permission_exists('contact_relation_view')) {
-		//access granted
-	}
-	else {
+	if (!permission_exists('contact_relation_view')) {
 		echo "access denied";
 		exit;
 	}
--- a/core/contacts/contact_timer.php
+++ b/core/contacts/contact_timer.php
@@ -26,7 +26,12 @@
 //includes files
 	require_once dirname(__DIR__, 2) . "/resources/require.php";
 	require_once "resources/check_auth.php";
-	if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
+
+//check permissions
+	if (!permission_exists('contact_time_add')) {
+		echo "access denied";
+		exit;
+	}

 //set the defaults
 	$contact_time_uuid = '';
--- a/core/contacts/contact_timer_inc.php
+++ b/core/contacts/contact_timer_inc.php
@@ -26,7 +26,12 @@
 //includes files
 	require_once dirname(__DIR__, 2) . "/resources/require.php";
 	require_once "resources/check_auth.php";
-	if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
+
+//check permissions
+	if (!permission_exists('contact_time_add')) {
+		echo "access denied";
+		exit;
+	}

 //get contact and time uuids
 	$domain_uuid = $_REQUEST['domain_uuid'];
--- a/core/contacts/contacts_vcard.php
+++ b/core/contacts/contacts_vcard.php
@@ -27,10 +27,7 @@
 //includes files
 require_once dirname(__DIR__, 2) . "/resources/require.php";
 require_once "resources/check_auth.php";
-if (permission_exists('contact_view')) {
-	//access granted
-}
-else {
+if (!permission_exists('contact_view')) {
 	echo "access denied";
 	exit;
 }
--- a/core/groups/permissions_default.php
+++ b/core/groups/permissions_default.php
@@ -17,7 +17,7 @@

 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	the Initial Developer. All Rights Reserved.

 	Contributor(s):
@@ -29,10 +29,7 @@
 		//includes files
 		require_once dirname(__DIR__, 2) . "/resources/require.php";
 		require_once "resources/check_auth.php";
-		if (permission_exists('group_edit')) {
-			//access granted
-		}
-		else {
+		if (!permission_exists('group_edit')) {
 			echo "access denied";
 			return;
 		}
--- a/core/menu/menu_item_list.php
+++ b/core/menu/menu_item_list.php
@@ -29,7 +29,7 @@
 	require_once "resources/check_auth.php";

 //check permissions
-	if (!(permission_exists('menu_add') || !permission_exists('menu_edit') || permission_exists('menu_delete'))) {
+	if (!(permission_exists('menu_add') || permission_exists('menu_edit') || permission_exists('menu_delete'))) {
 		echo "access denied";
 		exit;
 	}
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -30,7 +30,7 @@
 	require_once "resources/check_auth.php";

 //check permissions
-	if (!permission_exists('user_view') && !permission_exists('user_add') && !permission_exists('user_edit')) {
+	if (!(permission_exists('user_view') || !permission_exists('user_add') || permission_exists('user_edit'))) {
 		echo "access denied";
 		exit;
 	}