+
+ /* regular mask */
+ if (!empty($_GET['mask'])) {
+ if (check_permissions($_GET['mask']))
+ return true;
+ else {
+ header('Location: ./');
+ exit();
+ }
+ }
+
+ /* table data */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-17) == '/ricoXMLquery.php' &&
+ !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
+ if (check_permissions(substr($_GET['id'],5)))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+
+ /* table connections */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-25) == '/ricoUpdateConnection.php' &&
+ !empty($_POST['table'])) {
+ if (check_permissions($_POST['table']))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+
+ /* ajax calls */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
+ !empty($_POST['source'])) {
+ if (check_permissions(substr($_POST['source'],5)))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+