From 5969eb8e3030c822333872f24daa23b9eac1f4f7 Mon Sep 17 00:00:00 2001
From: Dj Padzensky <djpadz@padz.net>
Date: Thu, 14 Jul 2016 13:20:56 -0700
Subject: Added tighter access controls to profile section

---
 app/Template/user_view/sidebar.php | 68 +++++++++++++++++++++++---------------
 1 file changed, 42 insertions(+), 26 deletions(-)

(limited to 'app/Template/user_view/sidebar.php')

diff --git a/app/Template/user_view/sidebar.php b/app/Template/user_view/sidebar.php
index d200a7f5..3dc6b7bc 100644
--- a/app/Template/user_view/sidebar.php
+++ b/app/Template/user_view/sidebar.php
@@ -12,18 +12,26 @@
             </li>
         <?php endif ?>
         <?php if ($this->user->isAdmin() || $this->user->isCurrentUser($user['id'])): ?>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
-                <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
-                <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
-                <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
-                <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
-            </li>
+            <?php if ($this->user->hasAccess('UserViewController', 'timesheet')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
+                    <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'lastLogin')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
+                    <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'sessions')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
+                    <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'passwordReset')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
+                    <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
         <?php endif ?>
 
         <?= $this->hook->render('template:user:sidebar:information', array('user' => $user)) ?>
@@ -42,13 +50,13 @@
                 </li>
             <?php endif ?>
 
-            <?php if ($user['is_ldap_user'] == 0): ?>
+            <?php if ($user['is_ldap_user'] == 0 && $this->user->hasAccess('UserCredentialController', 'changePassword')): ?>
                 <li <?= $this->app->checkMenuSelection('UserCredentialController', 'changePassword') ?>>
                     <?= $this->url->link(t('Change password'), 'UserCredentialController', 'changePassword', array('user_id' => $user['id'])) ?>
                 </li>
             <?php endif ?>
 
-            <?php if ($this->user->isCurrentUser($user['id'])): ?>
+            <?php if ($this->user->isCurrentUser($user['id']) && $this->user->hasAccess('TwoFactorController', 'index')): ?>
                 <li <?= $this->app->checkMenuSelection('TwoFactorController', 'index') ?>>
                     <?= $this->url->link(t('Two factor authentication'), 'TwoFactorController', 'index', array('user_id' => $user['id'])) ?>
                 </li>
@@ -58,18 +66,26 @@
                 </li>
             <?php endif ?>
 
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
-                <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
-                <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
-                <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
-                <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
-            </li>
+            <?php if ($this->user->hasAccess('UserViewController', 'share')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
+                    <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'notifications')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
+                    <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'external')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
+                    <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'integrations')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
+                    <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
         <?php endif ?>
 
         <?php if ($this->user->hasAccess('UserCredentialController', 'changeAuthentication')): ?>
-- 
cgit v1.2.3