diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/actions.php | 8 | ||||
| -rw-r--r-- | inc/auth.php | 57 | ||||
| -rw-r--r-- | inc/common.php | 10 | ||||
| -rw-r--r-- | inc/html.php | 5 | ||||
| -rw-r--r-- | inc/infoutils.php | 2 | ||||
| -rw-r--r-- | inc/template.php | 17 |
6 files changed, 92 insertions, 7 deletions
diff --git a/inc/actions.php b/inc/actions.php index 8d7479d0e..b37106ec5 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -208,7 +208,13 @@ function act_permcheck($act){ }elseif($act == 'resendpwd'){ $permneed = AUTH_NONE; }elseif($act == 'admin'){ - $permneed = AUTH_ADMIN; + if($INFO['ismanager']){ + // if the manager has the needed permissions for a certain admin + // action is checked later + $permneed = AUTH_READ; + }else{ + $permneed = AUTH_ADMIN; + } }else{ $permneed = AUTH_READ; } diff --git a/inc/auth.php b/inc/auth.php index bedc3877e..35c2e48d3 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -242,6 +242,63 @@ function auth_logoff(){ } /** + * Check if a user is a manager + * + * Should usually be called without any parameters to check the current + * user. + * + * The info is available through $INFO['ismanager'], too + * + * @author Andreas Gohr <andi@splitbrain.org> + * @see auth_isadmin + * @param string user - Username + * @param array groups - List of groups the user is in + * @param bool adminonly - when true checks if user is admin + */ +function auth_ismanager($user=null,$groups=null,$adminonly=false){ + global $conf; + global $USERINFO; + + if(!$conf['useacl']) return false; + if(is_null($user)) $user = $_SERVER['REMOTE_USER']; + if(is_null($groups)) $groups = $USERINFO['grps']; + $user = auth_nameencode($user); + + // check username against superuser and manager + if(auth_nameencode($conf['superuser']) == $user) return true; + if(!$adminonly){ + if(auth_nameencode($conf['manager']) == $user) return true; + } + + //prepend groups with @ and nameencode + $cnt = count($groups); + for($i=0; $i<$cnt; $i++){ + $groups[$i] = '@'.auth_nameencode($groups[$i]); + } + + // check groups against superuser and manager + if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true; + if(!$adminonly){ + if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true; + } + return false; +} + +/** + * Check if a user is admin + * + * Alias to auth_ismanager with adminonly=true + * + * The info is available through $INFO['isadmin'], too + * + * @author Andreas Gohr <andi@splitbrain.org> + * @see auth_ismanager + */ +function auth_isadmin($user=null,$groups=null){ + return auth_ismanager($user,$groups,true); +} + +/** * Convinience function for auth_aclcheck() * * This checks the permissions for the current user diff --git a/inc/common.php b/inc/common.php index af1d2248b..711df9d11 100644 --- a/inc/common.php +++ b/inc/common.php @@ -76,6 +76,16 @@ function pageinfo(){ $info['subscribed'] = is_subscribed($ID,$_SERVER['REMOTE_USER']); $info['client'] = $_SERVER['REMOTE_USER']; + // set info about manager/admin status + $info['isadmin'] = false; + $info['ismanager'] = false; + if($info['perm'] == AUTH_ADMIN){ + $info['isadmin'] = true; + $info['ismanager'] = true; + }elseif(auth_ismanager()){ + $info['ismanager'] = true; + } + // if some outside auth were used only REMOTE_USER is set if(!$info['userinfo']['name']){ $info['userinfo']['name'] = $_SERVER['REMOTE_USER']; diff --git a/inc/html.php b/inc/html.php index 106c10f60..d5a7a232e 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1274,6 +1274,7 @@ function html_debug(){ function html_admin(){ global $ID; + global $INFO; global $lang; global $conf; @@ -1284,6 +1285,10 @@ function html_admin(){ $menu = array(); foreach ($pluginlist as $p) { if($obj =& plugin_load('admin',$p) === NULL) continue; + + // check permissions + if($obj->forAdminOnly() && !$INFO['isadmin']) continue; + $menu[] = array('plugin' => $p, 'prompt' => $obj->getMenuText($conf['lang']), 'sort' => $obj->getMenuSort() diff --git a/inc/infoutils.php b/inc/infoutils.php index 7ca45efeb..a6d0c269e 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -18,7 +18,7 @@ function checkUpdateMessages(){ global $conf; global $INFO; if(!$conf['updatecheck']) return; - if($conf['useacl'] && $INFO['perm'] < AUTH_ADMIN) return; + if($conf['useacl'] && !$INFO['ismanager']) return; $cf = $conf['cachedir'].'/messages.txt'; $lm = @filemtime($cf); diff --git a/inc/template.php b/inc/template.php index 9d3efb339..27923f404 100644 --- a/inc/template.php +++ b/inc/template.php @@ -137,6 +137,7 @@ function tpl_content_core(){ * @author Andreas Gohr <andi@splitbrain.org> */ function tpl_admin(){ + global $INFO; $plugin = NULL; if (!empty($_REQUEST['page'])) { @@ -149,10 +150,16 @@ function tpl_admin(){ } } - if ($plugin !== NULL) - $plugin->html(); - else + if ($plugin !== NULL){ + if($plugin->forAdminOnly() && !$INFO['isadmin']){ + msg('For admins only',-1); + html_admin(); + }else{ + $plugin->html(); + } + }else{ html_admin(); + } } /** @@ -422,7 +429,7 @@ function tpl_button($type){ } break; case 'admin': - if($INFO['perm'] == AUTH_ADMIN) + if($INFO['ismanager']) print html_btn('admin',$ID,'',array('do' => 'admin')); break; case 'backtomedia': @@ -549,7 +556,7 @@ function tpl_actionlink($type,$pre='',$suf=''){ } return false; case 'admin': - if($INFO['perm'] == AUTH_ADMIN){ + if($INFO['ismanager']){ tpl_link(wl($ID,'do=admin'),$pre.$lang['btn_admin'].$suf,'class="action admin"'); return true; } |