diff options
| author | Frederic Guillot <fred@kanboard.net> | 2016-02-10 19:41:08 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2016-02-10 19:41:08 -0500 |
| commit | 33214bdb524aca4e9c99f5d26974b6b9ef341369 (patch) | |
| tree | 95cefcd3d0fde0a5329fa49a2e98bd0efa6eee8a | |
| parent | a46757778f69e4b54f668f8542c06702eb1ef309 (diff) | |
Check access on sidebar action menus
| -rw-r--r-- | app/Template/user/sidebar.php | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/app/Template/user/sidebar.php b/app/Template/user/sidebar.php index 7e367443..765a1e6e 100644 --- a/app/Template/user/sidebar.php +++ b/app/Template/user/sidebar.php @@ -1,9 +1,11 @@ <div class="sidebar"> <h2><?= t('Information') ?></h2> <ul> - <li <?= $this->app->checkMenuSelection('user', 'show') ?>> - <?= $this->url->link(t('Summary'), 'user', 'show', array('user_id' => $user['id'])) ?> - </li> + <?php if ($this->user->hasAccess('user', 'show')): ?> + <li <?= $this->app->checkMenuSelection('user', 'show') ?>> + <?= $this->url->link(t('Summary'), 'user', 'show', array('user_id' => $user['id'])) ?> + </li> + <?php endif ?> <?php if ($this->user->isAdmin()): ?> <li> <?= $this->url->link(t('User dashboard'), 'app', 'index', array('user_id' => $user['id'])) ?> @@ -30,9 +32,12 @@ <h2><?= t('Actions') ?></h2> <ul> <?php if ($this->user->isAdmin() || $this->user->isCurrentUser($user['id'])): ?> - <li <?= $this->app->checkMenuSelection('user', 'edit') ?>> - <?= $this->url->link(t('Edit profile'), 'user', 'edit', array('user_id' => $user['id'])) ?> - </li> + + <?php if ($this->user->hasAccess('user', 'edit')): ?> + <li <?= $this->app->checkMenuSelection('user', 'edit') ?>> + <?= $this->url->link(t('Edit profile'), 'user', 'edit', array('user_id' => $user['id'])) ?> + </li> + <?php endif ?> <?php if ($user['is_ldap_user'] == 0): ?> <li <?= $this->app->checkMenuSelection('user', 'password') ?>> |