diff options
| author | Christian Hofmaier | 2017-10-27 16:49:13 +0200 |
|---|---|---|
| committer | Christian Hofmaier | 2017-10-27 16:49:13 +0200 |
| commit | f8778f213cb9f916fa56279c9e1cf6deb067b35c (patch) | |
| tree | 4d951d85dab1a015ef120f189a229ed734f1ce32 /modules-available/dozmod/page.inc.php | |
| parent | [internetaccess] user is now checked if he's logged in before he can access t... (diff) | |
| download | slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.tar.gz slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.tar.xz slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.zip | |
[dozmod] implemented new permission system to module for: deleting expired vm versions, sending testmails and saving mailconfig, resetting templates or saving them, saving runtimeconfig, giving users rights (when no permission, it will show another animation). Also fixed a design issue (dialog instead of modal).
Diffstat (limited to 'modules-available/dozmod/page.inc.php')
| -rw-r--r-- | modules-available/dozmod/page.inc.php | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php index 24ad00d8..19c05555 100644 --- a/modules-available/dozmod/page.inc.php +++ b/modules-available/dozmod/page.inc.php @@ -27,7 +27,7 @@ class Page_DozMod extends Page { User::load(); - if (!User::hasPermission('superadmin')) { + if (!User::isLoggedIn()) { Message::addError('main.no-permission'); Util::redirect('?do=Main'); } @@ -50,15 +50,30 @@ class Page_DozMod extends Page $action = Request::post('action', false, 'string'); if ($action === 'mail') { - $this->mailHandler(); + if (User::hasPermission("mail.save")) { + $this->mailHandler(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=mailconfig'); + } } elseif ($action === 'runtime') { - $this->runtimeHandler(); + if (User::hasPermission("runtimeconfig.save")) { + $this->runtimeHandler(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=runtimeconfig'); + } } elseif ($action === 'delimages') { - $result = $this->handleDeleteImages(); - if (!empty($result)) { - Message::addInfo('delete-images', $result); + if (User::hasPermission("images.delete")) { + $result = $this->handleDeleteImages(); + if (!empty($result)) { + Message::addInfo('delete-images', $result); + } + Util::redirect('?do=DozMod'); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod'); } - Util::redirect('?do=DozMod'); } elseif ($action !== false) { Util::traceError('Invalid action: ' . $action); } @@ -204,8 +219,6 @@ class Page_DozMod extends Page protected function doAjax() { User::load(); - if (!User::hasPermission('superadmin')) - return; $this->setupSubPage(); if ($this->subPage !== false) { @@ -214,10 +227,19 @@ class Page_DozMod extends Page } $action = Request::post('action'); + if ($action === 'mail') { - $this->handleTestMail(); + if (User::hasPermission("mail.testmail")) { + $this->handleTestMail(); + } else { + die('No permission'); + } } elseif ($action === 'delimages') { - die($this->handleDeleteImages()); + if (User::hasPermission("images.delete")) { + die($this->handleDeleteImages()); + } else { + die('No permission'); + } } elseif ($action === 'getblockinfo') { $this->ajaxGetBlockInfo(); } |