FS#1795: Restrict media manager to users with at least read access

on the supplied namespace.

1 files changed, 6 insertions, 0 deletions

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 1fe363985..c79a25c08 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -34,6 +34,12 @@
     // check auth
     $AUTH = auth_quickaclcheck("$NS:*");
 
+    // do not display the manager if user does not have read access
+    if($AUTH < AUTH_READ) {
+        header('HTTP/1.0 403 Forbidden');
+        die($lang['accessdenied']);
+    }
+
     // create the given namespace (just for beautification)
     if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); }