From 24ea6500cc5285aac7f02df7f535ea10f8f97729 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 4 Mar 2011 20:29:24 +0100
Subject: check manager/admin role earlier for admin plugins FS#2180

---
 inc/actions.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'inc/actions.php')

diff --git a/inc/actions.php b/inc/actions.php
index 321d928b3..fa11bb7f1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,6 +18,7 @@ if(!defined('DOKU_INC')) die('meh.');
 function act_dispatch(){
     global $ACT;
     global $ID;
+    global $INFO;
     global $QUERY;
     global $lang;
     global $conf;
@@ -134,8 +135,15 @@ function act_dispatch(){
                 $pluginlist = plugin_list('admin');
                 if (in_array($_REQUEST['page'], $pluginlist)) {
                     // attempt to load the plugin
-                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
-                        $plugin->handle();
+                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+                        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+                            // a manager tried to load a plugin that's for admins only
+                            unset($_REQUEST['page']);
+                            msg('For admins only',-1);
+                        }else{
+                            $plugin->handle();
+                        }
+                    }
                 }
             }
         }
-- 
cgit v1.2.3