From 0b34c70fcb312d38e6110e2ca1432779ffb73a8a Mon Sep 17 00:00:00 2001
From: Gina Haeussge <gina@foosel.net>
Date: Sun, 27 Jun 2010 14:50:49 +0200
Subject: FS#1795: Restrict media manager to users with at least read access on
 the supplied namespace.

---
 inc/lang/en/lang.php     | 1 +
 lib/exe/mediamanager.php | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php
index 1fddfe727..802a90360 100644
--- a/inc/lang/en/lang.php
+++ b/inc/lang/en/lang.php
@@ -119,6 +119,7 @@ $lang['deletefail']  = '"%s" couldn\'t be deleted - check permissions.';
 $lang['mediainuse']  = 'The file "%s" hasn\'t been deleted - it is still in use.';
 $lang['namespaces']  = 'Namespaces';
 $lang['mediafiles']  = 'Available files in';
+$lang['accessdenied'] = 'You are not allowed to view this page.';
 
 $lang['js']['searchmedia']    = 'Search for files';
 $lang['js']['keepopen']    = 'Keep window open on selection';
diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 1fe363985..c79a25c08 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -34,6 +34,12 @@
     // check auth
     $AUTH = auth_quickaclcheck("$NS:*");
 
+    // do not display the manager if user does not have read access
+    if($AUTH < AUTH_READ) {
+        header('HTTP/1.0 403 Forbidden');
+        die($lang['accessdenied']);
+    }
+
     // create the given namespace (just for beautification)
     if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); }
 
-- 
cgit v1.2.3