+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Development Discussion & Specification (http://www.weberp.org/forum/forumdisplay.php?fid=10)
+--- Thread: New Page adding error (/showthread.php?tid=535)
New Page adding error - mannu87 - 02-12-2013
I tried to add a page(test.php) in weberp root directory. When I opened that page in browser, it shows below error
The security settings on your account do not permit you to access this function
Is there any special format, I have to follow to develop new page or plugin in weberp. Or, do I need to give special permission to every page I add in weberp.
Whatever is the reason? Please reply in detail and soon.
RE: New Page adding error - phil - 02-13-2013
Hello Mannu87,
All pages are checked in includes/session.inc to see if the user is allowed to access them ...
Code:
if (!isset($AllowAnyone)){
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
$Title = _('Security Permissions Problem');
include($PathPrefix . 'includes/header.inc');
echo '<tr>
<td class="menu_group_items">
<table width="100%" class="table_index">
<tr><td class="menu_group_item">';
echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';
echo '</td>
</tr>
</table>
</td>
</tr>';
include($PathPrefix . 'includes/footer.inc');
exit;
}
}So the key point:
Code:
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {If you set a variable
Code:
$PageSecurity = 1;Then this is most likely to be in the array of $_SESSION['AllowedPageSecurityTokens'] - this array is read in at login from the users role permissions set up. You can read a bit about the security set up in the Manual.
Alternatively there is an over-ride $AllowAnyone - if this is set before including includes/session.inc then the security checking is turned off.