webERP Forum
New Page adding error - Printable Version

+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Development Discussion & Specification (http://www.weberp.org/forum/forumdisplay.php?fid=10)
+--- Thread: New Page adding error (/showthread.php?tid=535)



New Page adding error - mannu87 - 02-12-2013

I tried to add a page(test.php) in weberp root directory. When I opened that page in browser, it shows below error

The security settings on your account do not permit you to access this function

Is there any special format, I have to follow to develop new page or plugin in weberp. Or, do I need to give special permission to every page I add in weberp.

Whatever is the reason? Please reply in detail and soon.


RE: New Page adding error - phil - 02-13-2013

Hello Mannu87,

All pages are checked in includes/session.inc to see if the user is allowed to access them ...

Code:
if (!isset($AllowAnyone)){
    if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
        $Title = _('Security Permissions Problem');
        include($PathPrefix . 'includes/header.inc');
        echo '<tr>
            <td class="menu_group_items">
                <table width="100%" class="table_index">
                    <tr><td class="menu_group_item">';
        echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';

        echo '</td>
            </tr>
            </table>
            </td>
            </tr>';

        include($PathPrefix . 'includes/footer.inc');
        exit;
    }
}

So the key point:
Code:
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {

If you set a variable
Code:
$PageSecurity = 1;

Then this is most likely to be in the array of $_SESSION['AllowedPageSecurityTokens'] - this array is read in at login from the users role permissions set up. You can read a bit about the security set up in the Manual.

Alternatively there is an over-ride $AllowAnyone - if this is set before including includes/session.inc then the security checking is turned off.