Add permissions for every table (view, add, edit, and delete). Important change to increase security on the REST API and will be beneficial for more detailed control of permissions.

2026-01-06 11:43:50 +00:00 · 2013-09-25 20:23:10 +00:00
parent ca26a0ec46
commit 187bc9dbeb
27 changed files with 816 additions and 331 deletions
--- a/app/vars/app_config.php
+++ b/app/vars/app_config.php
@@ -36,17 +36,17 @@
 		$apps[$x]['menu'][0]['groups'][] = 'superadmin';

 	//permission details
-		$apps[$x]['permissions'][0]['name'] = 'variable_view';
-		$apps[$x]['permissions'][0]['groups'][] = 'superadmin';
-
-		$apps[$x]['permissions'][1]['name'] = 'variable_add';
-		$apps[$x]['permissions'][1]['groups'][] = 'superadmin';
-
-		$apps[$x]['permissions'][2]['name'] = 'variable_edit';
-		$apps[$x]['permissions'][2]['groups'][] = 'superadmin';
-
-		$apps[$x]['permissions'][3]['name'] = 'variable_delete';
-		$apps[$x]['permissions'][3]['groups'][] = 'superadmin';
+		$apps[$x]['permissions'][$y]['name'] = 'var_view';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = 'var_add';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = 'var_edit';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = 'var_delete';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';

 	//schema details
 		$apps[$x]['db'][$y]['table'] = 'v_vars';