From 0b34c70fcb312d38e6110e2ca1432779ffb73a8a Mon Sep 17 00:00:00 2001
From: Gina Haeussge <gina@foosel.net>
Date: Sun, 27 Jun 2010 14:50:49 +0200
Subject: FS#1795: Restrict media manager to users with at least read access on
 the supplied namespace.

---
 lib/exe/mediamanager.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib/exe/mediamanager.php')

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 1fe363985..c79a25c08 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -34,6 +34,12 @@
     // check auth
     $AUTH = auth_quickaclcheck("$NS:*");
 
+    // do not display the manager if user does not have read access
+    if($AUTH < AUTH_READ) {
+        header('HTTP/1.0 403 Forbidden');
+        die($lang['accessdenied']);
+    }
+
     // create the given namespace (just for beautification)
     if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); }
 
-- 
cgit v1.2.3