Menu
▾
▴
[WebERP-developers] Hardcoded check for page security tokens.
|
From: Sumeet S. - O. <su...@ou...> - 2014-01-31 12:27:08
|
Hi,
Have noticed that the security settings of each page and user is competely
configurable via pages (scripts), security tokens, and security roles.
However, in the code, at multiple places, hardcoded checks are being done.
e.g. the below check in CustomerInquiry.php to check if a user is allowed
to do credit notes. Not just that this is bad coding practice, but it
actually makes the security settings not fully configurable.
/* assumed allowed page security token 3 allows the user to create credits
for invoices */
if (in_array(3,$_SESSION['AllowedPageSecurityTokens']) AND ... ){
Does anyone have any suggestions on how to fix the same (or has this
problem been solved?) - other than what I am doing currently - every time
page securities are changed, I change the hardcoded value (e.g. 3 above) in
the php files where it breaks down?
Thanks in advance!
Best regards,
Sumeet Savla
*Outdoor Travel
Gear**www.OutdoorTravelGear.com*<http://www.OutdoorTravelGear.com>
*+91 - 98205 14956*
*Related Web: **www.LADAKH.com* <http://www.LADAKH.com>* |
**www.wild-escapes.com
<http://www.wild-escapes.com>*
**** An endeavour by Outdoor Travel and Sports Gear Private Limited ****
|
