diff options
| author | Gina Haeussge <gina@foosel.net> | 2010-06-27 14:50:49 +0200 |
|---|---|---|
| committer | Gina Haeussge <gina@foosel.net> | 2010-06-27 14:50:49 +0200 |
| commit | 0b34c70fcb312d38e6110e2ca1432779ffb73a8a (patch) | |
| tree | d13b3272fa5c0c3b6f1d875d60766bcf203eb869 | |
| parent | c8f80b4e70ee1b73ecc08cac583d021979af9359 (diff) | |
| download | rpg-0b34c70fcb312d38e6110e2ca1432779ffb73a8a.tar.gz rpg-0b34c70fcb312d38e6110e2ca1432779ffb73a8a.tar.bz2 | |
FS#1795: Restrict media manager to users with at least read access
on the supplied namespace.
| -rw-r--r-- | inc/lang/en/lang.php | 1 | ||||
| -rw-r--r-- | lib/exe/mediamanager.php | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index 1fddfe727..802a90360 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -119,6 +119,7 @@ $lang['deletefail'] = '"%s" couldn\'t be deleted - check permissions.'; $lang['mediainuse'] = 'The file "%s" hasn\'t been deleted - it is still in use.'; $lang['namespaces'] = 'Namespaces'; $lang['mediafiles'] = 'Available files in'; +$lang['accessdenied'] = 'You are not allowed to view this page.'; $lang['js']['searchmedia'] = 'Search for files'; $lang['js']['keepopen'] = 'Keep window open on selection'; diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 1fe363985..c79a25c08 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -34,6 +34,12 @@ // check auth $AUTH = auth_quickaclcheck("$NS:*"); + // do not display the manager if user does not have read access + if($AUTH < AUTH_READ) { + header('HTTP/1.0 403 Forbidden'); + die($lang['accessdenied']); + } + // create the given namespace (just for beautification) if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); } |