check manager/admin role earlier for admin plugins FS#2180

1 files changed, 10 insertions, 2 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 321d928b3..fa11bb7f1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,6 +18,7 @@ if(!defined('DOKU_INC')) die('meh.');
 function act_dispatch(){
     global $ACT;
     global $ID;
+    global $INFO;
     global $QUERY;
     global $lang;
     global $conf;
@@ -134,8 +135,15 @@ function act_dispatch(){
                 $pluginlist = plugin_list('admin');
                 if (in_array($_REQUEST['page'], $pluginlist)) {
                     // attempt to load the plugin
-                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
-                        $plugin->handle();
+                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+                        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+                            // a manager tried to load a plugin that's for admins only
+                            unset($_REQUEST['page']);
+                            msg('For admins only',-1);
+                        }else{
+                            $plugin->handle();
+                        }
+                    }
                 }
             }
         }