Merge branch 'master' of github.com:splitbrain/dokuwiki

author: Anika Henke <anika@selfthinker.org> 2010-06-27 13:58:29 +0100
committer: Anika Henke <anika@selfthinker.org> 2010-06-27 13:58:29 +0100
commit: bf815306862aa34ee3bf304147a862efc52f9b63 (patch)
tree: ac4d12b386937105d150b0c76b41f8ed1ff0837c /lib
parent: ef362bb863eb95d3968a3a1df35562914a1bbdef (diff)
parent: e6a6dbfe6cfcfaf3fb0992350ea7769faa762116 (diff)
download: rpg-bf815306862aa34ee3bf304147a862efc52f9b63.tar.gz
rpg-bf815306862aa34ee3bf304147a862efc52f9b63.tar.bz2
2 files changed, 13 insertions, 4 deletions
diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 1fe363985..c79a25c08 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -34,6 +34,12 @@
     // check auth
     $AUTH = auth_quickaclcheck("$NS:*");
 
+    // do not display the manager if user does not have read access
+    if($AUTH < AUTH_READ) {
+        header('HTTP/1.0 403 Forbidden');
+        die($lang['accessdenied']);
+    }
+
     // create the given namespace (just for beautification)
     if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); }
 
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 673ffbc96..84932f7ac 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -69,6 +69,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
         global $AUTH_ACL;
         global $ID;
         global $auth;
+        global $config_cascade;
 
         // fresh 1:1 copy without replacements
         $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
@@ -161,11 +162,11 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
                     }
                 }
                 // save it
-                io_saveFile(DOKU_CONF.'acl.auth.php', join('',$lines));
+                io_saveFile($config_cascade['acl']['default'], join('',$lines));
             }
 
             // reload ACL config
-            $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
+            $AUTH_ACL = file($config_cascade['acl']['default']);
         }
 
         // initialize ACL array
@@ -696,7 +697,8 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
      * @author  Frank Schubert <frank@schokilade.de>
      */
     function _acl_add($acl_scope, $acl_user, $acl_level){
-        $acl_config = file_get_contents(DOKU_CONF.'acl.auth.php');
+        global $config_cascade;
+        $acl_config = file_get_contents($config_cascade['acl']['default']);
         $acl_user = auth_nameencode($acl_user,true);
 
         // max level for pagenames is edit
@@ -718,7 +720,8 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
      * @author  Frank Schubert <frank@schokilade.de>
      */
     function _acl_del($acl_scope, $acl_user){
-        $acl_config = file(DOKU_CONF.'acl.auth.php');
+        global $config_cascade;
+        $acl_config = file($config_cascade['acl']['default']);
         $acl_user = auth_nameencode($acl_user,true);
 
         $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
author	Anika Henke <anika@selfthinker.org>	2010-06-27 13:58:29 +0100
committer	Anika Henke <anika@selfthinker.org>	2010-06-27 13:58:29 +0100
commit	bf815306862aa34ee3bf304147a862efc52f9b63 (patch)
tree	ac4d12b386937105d150b0c76b41f8ed1ff0837c /lib
parent	ef362bb863eb95d3968a3a1df35562914a1bbdef (diff)
parent	e6a6dbfe6cfcfaf3fb0992350ea7769faa762116 (diff)
download	rpg-bf815306862aa34ee3bf304147a862efc52f9b63.tar.gz rpg-bf815306862aa34ee3bf304147a862efc52f9b63.tar.bz2