diff options
| author | Christian Hofmaier | 2018-01-16 17:50:22 +0100 |
|---|---|---|
| committer | Christian Hofmaier | 2018-01-16 17:50:22 +0100 |
| commit | 3ddf56c399746efe3c56194b7be522a92caefb59 (patch) | |
| tree | 67ef9c2584a12b1bf33164588e7ab8ce0d05326b /modules-available/minilinux/page.inc.php | |
| parent | [baseconfig_partitions_cdn] updated permission-descriptions (diff) | |
| download | slx-admin-3ddf56c399746efe3c56194b7be522a92caefb59.tar.gz slx-admin-3ddf56c399746efe3c56194b7be522a92caefb59.tar.xz slx-admin-3ddf56c399746efe3c56194b7be522a92caefb59.zip | |
[minilinux] implemented permission-system. you can't see the side without any permission. there are only 2 permissions: show the side and update content (which includes the show permission).
Diffstat (limited to 'modules-available/minilinux/page.inc.php')
| -rw-r--r-- | modules-available/minilinux/page.inc.php | 80 |
1 files changed, 44 insertions, 36 deletions
diff --git a/modules-available/minilinux/page.inc.php b/modules-available/minilinux/page.inc.php index 2623500b..df4f14a3 100644 --- a/modules-available/minilinux/page.inc.php +++ b/modules-available/minilinux/page.inc.php @@ -7,7 +7,12 @@ class Page_MiniLinux extends Page { User::load(); - if (!User::hasPermission('superadmin')) { + if (!User::isLoggedIn()) { + Message::addError('main.no-permission'); + Util::redirect('?do=Main'); + } + + if (!(User::hasPermission("show") || User::hasPermission("update"))) { Message::addError('main.no-permission'); Util::redirect('?do=Main'); } @@ -81,48 +86,51 @@ class Page_MiniLinux extends Page $system['version'] = $selected['version']; } $data['versions'] = array_values($versionNumbers); + $data['allowedToUpdate'] = User::hasPermission("update"); echo Render::parse('filelist', $data); return; case 'download': - $id = Request::post('id'); - $name = Request::post('name'); - if (!$id || !$name || strpos("$id$name", '/') !== false) { - echo "Invalid download request"; - return; - } - $file = false; - $gpg = 'missing'; - foreach ($data['systems'] as &$system) { - if ($system['id'] !== $id) continue; - foreach ($system['versions'] as &$version) { - if ($version['version'] != $selectedVersion) continue; - foreach ($version['files'] as &$f) { - if ($f['name'] !== $name) continue; - $file = $f; - if (!empty($f['gpg'])) $gpg = $f['gpg']; - break; + if (User::hasPermission("update")) { + $id = Request::post('id'); + $name = Request::post('name'); + if (!$id || !$name || strpos("$id$name", '/') !== false) { + echo "Invalid download request"; + return; + } + $file = false; + $gpg = 'missing'; + foreach ($data['systems'] as &$system) { + if ($system['id'] !== $id) continue; + foreach ($system['versions'] as &$version) { + if ($version['version'] != $selectedVersion) continue; + foreach ($version['files'] as &$f) { + if ($f['name'] !== $name) continue; + $file = $f; + if (!empty($f['gpg'])) $gpg = $f['gpg']; + break; + } } } - } - if ($file === false) { - echo "Nonexistent system/file: $id / $name"; - return; - } - $task = Taskmanager::submit('DownloadFile', array( - 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, - 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, - 'gpg' => $gpg - )); - if (!isset($task['id'])) { - echo 'Error launching download task: ' . $task['statusCode']; + if ($file === false) { + echo "Nonexistent system/file: $id / $name"; + return; + } + $task = Taskmanager::submit('DownloadFile', array( + 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, + 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, + 'gpg' => $gpg + )); + if (!isset($task['id'])) { + echo 'Error launching download task: ' . $task['statusCode']; + return; + } + Property::setDownloadTask($file['md5'], $task['id']); + echo Render::parse('download', array( + 'name' => $name, + 'task' => $task['id'] + )); return; } - Property::setDownloadTask($file['md5'], $task['id']); - echo Render::parse('download', array( - 'name' => $name, - 'task' => $task['id'] - )); - return; } } |