From eb2e4678eb5a10f6ca6a86e475d1ef9c6cd5d4e7 Mon Sep 17 00:00:00 2001
From: Meteo <marco@mooij.me>
Date: Wed, 7 Jan 2026 23:16:36 +0100
Subject: [PATCH] Fixed an issue that allowed some disabled module content to
 be visible or accessible.

---
 .../v1/customers/companies/activate/index.php |  5 ++
 pub/api/v1/office/stompjes/index.php          |  5 ++
 pub/api/v1/servers/index.php                  |  5 ++
 pub/bin/pages/customers/pageCompanies.php     |  6 ++
 .../customers/pageCompanies_company_view.php  |  5 ++
 .../pages/customers/pageCompanies_view.php    | 21 ++++--
 pub/bin/pages/office/pageStompjes.php         |  6 ++
 pub/bin/pages/servers/pageServerOverview.php  |  6 ++
 .../pageServerOverview_server_view.php        | 70 +++++++++++--------
 .../pages/servers/pageServerOverview_view.php |  5 ++
 10 files changed, 97 insertions(+), 37 deletions(-)

diff --git a/pub/api/v1/customers/companies/activate/index.php b/pub/api/v1/customers/companies/activate/index.php
index bb9c174..6a12bf2 100644
--- a/pub/api/v1/customers/companies/activate/index.php
+++ b/pub/api/v1/customers/companies/activate/index.php
@@ -2,6 +2,11 @@
 
 use api\classes\API_companies;
 
+if (!$GLOBALS['modules_enabled']['customers']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 session_start();
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
diff --git a/pub/api/v1/office/stompjes/index.php b/pub/api/v1/office/stompjes/index.php
index 15cc408..1acf4ec 100644
--- a/pub/api/v1/office/stompjes/index.php
+++ b/pub/api/v1/office/stompjes/index.php
@@ -2,6 +2,11 @@
 
 use api\classes\API_office_stompjes;
 
+if (!$GLOBALS['modules_enabled']['office']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 session_start();
 require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
 
diff --git a/pub/api/v1/servers/index.php b/pub/api/v1/servers/index.php
index d83522e..842d680 100644
--- a/pub/api/v1/servers/index.php
+++ b/pub/api/v1/servers/index.php
@@ -2,6 +2,11 @@
 
 use api\classes\API_servers;
 
+if (!$GLOBALS['modules_enabled']['servers']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 session_start();
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';
diff --git a/pub/bin/pages/customers/pageCompanies.php b/pub/bin/pages/customers/pageCompanies.php
index cf18d02..9598d01 100644
--- a/pub/bin/pages/customers/pageCompanies.php
+++ b/pub/bin/pages/customers/pageCompanies.php
@@ -2,6 +2,12 @@
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['customers']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 if (isset($_GET['view'])) {
     include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/customers/pageCompanies_company_view.php');
 } else {
diff --git a/pub/bin/pages/customers/pageCompanies_company_view.php b/pub/bin/pages/customers/pageCompanies_company_view.php
index a0eeead..ac5398e 100644
--- a/pub/bin/pages/customers/pageCompanies_company_view.php
+++ b/pub/bin/pages/customers/pageCompanies_company_view.php
@@ -2,6 +2,11 @@
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['customers']) {
+    echo '405 Not Allowed';
+    exit;
+}
 # IDE Section
 
 # Includes Section
diff --git a/pub/bin/pages/customers/pageCompanies_view.php b/pub/bin/pages/customers/pageCompanies_view.php
index 64f64ff..da6014c 100644
--- a/pub/bin/pages/customers/pageCompanies_view.php
+++ b/pub/bin/pages/customers/pageCompanies_view.php
@@ -3,6 +3,10 @@ if (!defined('APP_INIT')) {
     exit;
 }
 
+if (!$GLOBALS['modules_enabled']['customers']) {
+    echo '405 Not Allowed';
+    exit;
+}
 # IDE Section
 
 # Includes Section
@@ -26,8 +30,8 @@ $jsScriptLoadData['datatables'] = true;
 $jsScriptLoadData['multiFilterSelect'] = true;
 $jsScriptLoadData['datepicker'] = true;
 $jsScriptLoadData['activateCompany'] = true;
-# PageClasses Setup
 
+# PageClasses Setup
 
 # Retrieve Information for the page
 if (!isset($_GET['all'])) {
@@ -66,9 +70,8 @@ while ($row = $stmt->fetch_assoc()) {
                     <i class="fa-solid fa-filter"></i> &nbsp; <?php echo __('show_active') ?>
                 </a>
             <?php } ?>
-
         </div> &nbsp;
-        <form method="post" action="/api/v1/customers/companies/sync/">
+        <form method="post" action="/api/v1/sources/inserve/sync-companies/">
             <input type="hidden">
             <div class="col-lg-auto col-md-auto col-sm-auto">
                 <button class="btn btn-primary">
@@ -89,7 +92,9 @@ while ($row = $stmt->fetch_assoc()) {
                     <th><?php echo __('company_id') ?></th>
                     <th><?php echo __('company_debtor') ?></th>
                     <th><?php echo __('company_state') ?></th>
-                    <th><?php echo __('server_count') ?></th>
+                    <?php if ($GLOBALS['modules_enabled']['servers']) { ?>
+                        <th><?php echo __('server_count') ?></th>
+                    <?php } ?>
                     <th><?php echo __('actions') ?></th>
                 </tr>
                 </thead>
@@ -99,7 +104,9 @@ while ($row = $stmt->fetch_assoc()) {
                     <th><?php echo __('company_id') ?></th>
                     <th><?php echo __('company_debtor') ?></th>
                     <th><?php echo __('company_state') ?></th>
-                    <th><?php echo __('server_count') ?></th>
+                    <?php if ($GLOBALS['modules_enabled']['servers']) { ?>
+                        <th><?php echo __('server_count') ?></th>
+                    <?php } ?>
                     <th><?php echo __('actions') ?></th>
                 </tr>
                 </tfoot>
@@ -111,7 +118,9 @@ while ($row = $stmt->fetch_assoc()) {
                         <td class="text-nowrap"><?php echo $company['company_source_id'] ?></td>
                         <td class="text-nowrap"><?php echo $company['company_source_id2'] ?></td>
                         <td class="text-nowrap"><?php echo $company['company_state'] ?></td>
-                        <td class="text-nowrap"><?php echo $company['server_count'] ?></td>
+                        <?php if ($GLOBALS['modules_enabled']['servers']) { ?>
+                            <td class="text-nowrap"><?php echo $company['server_count'] ?></td>
+                        <?php } ?>
                         <td>
                             <a href="/companies?view=<?php echo $company['company_uuid'] ?>" class="btn btn-info btn-sm btn-rounded" data-item-uuid="<?php echo $company['company_uuid'] ?>"><i class="fa-solid fa-eye"></i></a>
                             <?php if ($API->checkPermissions('customer-companies', 'RW', true) && $company['server_count'] == 0) { ?>
diff --git a/pub/bin/pages/office/pageStompjes.php b/pub/bin/pages/office/pageStompjes.php
index 6a37c23..2e55c37 100644
--- a/pub/bin/pages/office/pageStompjes.php
+++ b/pub/bin/pages/office/pageStompjes.php
@@ -5,6 +5,12 @@ use api\classes\API;
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['office']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 # IDE Section
 
 # Includes Section
diff --git a/pub/bin/pages/servers/pageServerOverview.php b/pub/bin/pages/servers/pageServerOverview.php
index fbb586d..ebebcbf 100644
--- a/pub/bin/pages/servers/pageServerOverview.php
+++ b/pub/bin/pages/servers/pageServerOverview.php
@@ -2,6 +2,12 @@
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['servers']) {
+    echo '405 Not Allowed';
+    exit;
+}
+
 if (isset($_GET['view'])) {
     include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/servers/pageServerOverview_server_view.php');
 } else {
diff --git a/pub/bin/pages/servers/pageServerOverview_server_view.php b/pub/bin/pages/servers/pageServerOverview_server_view.php
index 6063635..1ecf846 100644
--- a/pub/bin/pages/servers/pageServerOverview_server_view.php
+++ b/pub/bin/pages/servers/pageServerOverview_server_view.php
@@ -6,6 +6,11 @@ use bin\php\Classes\pageNavbar;
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['servers']) {
+    echo '405 Not Allowed';
+    exit;
+}
 # IDE Section
 
 # Includes Section
@@ -37,10 +42,12 @@ $stmt->execute();
 $result = $stmt->get_result();
 $server_data = $result->fetch_assoc();
 
-$companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'");
-$companies = array();
-while ($company_data = $companies_data->fetch_assoc()) {
-    array_push($companies, $company_data);
+if ($GLOBALS['modules_enabled']['customers']) {
+    $companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'");
+    $companies = array();
+    while ($company_data = $companies_data->fetch_assoc()) {
+        array_push($companies, $company_data);
+    }
 }
 
 # Retrieve Information for the page
@@ -194,36 +201,37 @@ $pageNavbar->outPutNavbar();
                                 </h4>
                             </td>
                         </tr>
-                        <tr>
-                            <td>
-                                <h4>
-                                    <i class="fas fa-building"></i> <?php echo __('company') ?>
-                                </h4>
-                            </td>
-                            <td>
-                                <?php if ($API->checkPermissions('servers', 'RW', true)) { ?>
-
-
-                                    <div class="input-group">
-                                        <select id="company_uuid" name="company_uuid" class="form-control">
-                                            <option></option>
-                                            <?php foreach ($companies as $company) { ?>
-                                                <option <?php echo ($server_data['company_uuid'] == $company['company_uuid']) ? 'selected' : '' ?> value="<?php echo $company['company_uuid'] ?>"><?php echo $company['company_name'] ?></option>
-                                            <?php } ?>
-                                        </select>
-                                    </div>
-
-                                <?php } else { ?>
+                        <?php if ($GLOBALS['modules_enabled']['customers']) { ?>
+                            <tr>
+                                <td>
                                     <h4>
-                                        <?php
-                                        $companyMap = array_column($companies, 'company_name', 'company_uuid');
-                                        echo $companyMap[$server_data['company_uuid']] ?? null;
-                                        ?>
+                                        <i class="fas fa-building"></i> <?php echo __('company') ?>
                                     </h4>
-                                <?php } ?>
-                            </td>
-                        </tr>
+                                </td>
+                                <td>
+                                    <?php if ($API->checkPermissions('servers', 'RW', true)) { ?>
 
+
+                                        <div class="input-group">
+                                            <select id="company_uuid" name="company_uuid" class="form-control">
+                                                <option></option>
+                                                <?php foreach ($companies as $company) { ?>
+                                                    <option <?php echo ($server_data['company_uuid'] == $company['company_uuid']) ? 'selected' : '' ?> value="<?php echo $company['company_uuid'] ?>"><?php echo $company['company_name'] ?></option>
+                                                <?php } ?>
+                                            </select>
+                                        </div>
+
+                                    <?php } else { ?>
+                                        <h4>
+                                            <?php
+                                            $companyMap = array_column($companies, 'company_name', 'company_uuid');
+                                            echo $companyMap[$server_data['company_uuid']] ?? null;
+                                            ?>
+                                        </h4>
+                                    <?php } ?>
+                                </td>
+                            </tr>
+                        <?php } ?>
                         <tr>
                             <td>
                                 <h4>
diff --git a/pub/bin/pages/servers/pageServerOverview_view.php b/pub/bin/pages/servers/pageServerOverview_view.php
index ec17aba..f6e5866 100644
--- a/pub/bin/pages/servers/pageServerOverview_view.php
+++ b/pub/bin/pages/servers/pageServerOverview_view.php
@@ -5,6 +5,11 @@ use api\classes\API;
 if (!defined('APP_INIT')) {
     exit;
 }
+
+if (!$GLOBALS['modules_enabled']['servers']) {
+    echo '405 Not Allowed';
+    exit;
+}
 # IDE Section
 
 # Includes Section