diff options
-rw-r--r-- | inc/lang/en/lang.php | 1 | ||||
-rw-r--r-- | lib/exe/mediamanager.php | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index 1fddfe727..802a90360 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -119,6 +119,7 @@ $lang['deletefail'] = '"%s" couldn\'t be deleted - check permissions.'; $lang['mediainuse'] = 'The file "%s" hasn\'t been deleted - it is still in use.'; $lang['namespaces'] = 'Namespaces'; $lang['mediafiles'] = 'Available files in'; +$lang['accessdenied'] = 'You are not allowed to view this page.'; $lang['js']['searchmedia'] = 'Search for files'; $lang['js']['keepopen'] = 'Keep window open on selection'; diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 1fe363985..c79a25c08 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -34,6 +34,12 @@ // check auth $AUTH = auth_quickaclcheck("$NS:*"); + // do not display the manager if user does not have read access + if($AUTH < AUTH_READ) { + header('HTTP/1.0 403 Forbidden'); + die($lang['accessdenied']); + } + // create the given namespace (just for beautification) if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); } |