check manager/admin role earlier for admin plugins FS#2180

2 files changed, 13 insertions, 10 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 321d928b3..fa11bb7f1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,6 +18,7 @@ if(!defined('DOKU_INC')) die('meh.');
 function act_dispatch(){
     global $ACT;
     global $ID;
+    global $INFO;
     global $QUERY;
     global $lang;
     global $conf;
@@ -134,8 +135,15 @@ function act_dispatch(){
                 $pluginlist = plugin_list('admin');
                 if (in_array($_REQUEST['page'], $pluginlist)) {
                     // attempt to load the plugin
-                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
-                        $plugin->handle();
+                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+                        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+                            // a manager tried to load a plugin that's for admins only
+                            unset($_REQUEST['page']);
+                            msg('For admins only',-1);
+                        }else{
+                            $plugin->handle();
+                        }
+                    }
                 }
             }
         }
diff --git a/inc/template.php b/inc/template.php
index d29e3e779..0f0fb92a0 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -209,14 +209,9 @@ function tpl_admin(){
     }
 
     if ($plugin !== null){
-        if($plugin->forAdminOnly() && !$INFO['isadmin']){
-            msg('For admins only',-1);
-            html_admin();
-        }else{
-            if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
-            if($INFO['prependTOC']) tpl_toc();
-            $plugin->html();
-        }
+        if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
+        if($INFO['prependTOC']) tpl_toc();
+        $plugin->html();
     }else{
         html_admin();
     }