1 files changed, 63 insertions, 6 deletions

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 81091e1b..20e8cd3d 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -31,8 +31,19 @@ class User
 		if (!self::isLoggedIn())
 			return false;
 		if (Module::isAvailable("permissionmanager")) {
-			$module = Page::getModule();
-			$permission = $module ? $module->getIdentifier().".".$permission : $permission;
+			if ($permission{0} === '.') {
+				$permission = substr($permission, 1);
+			} else {
+				if (class_exists('Page')) {
+					$module = Page::getModule();
+					if ($module !== false) {
+						$module = $module->getIdentifier();
+					}
+				} else {
+					$module = strtolower(Request::any('do'));
+				}
+				$permission = $module ? $module . "." . $permission : $permission;
+			}
 			return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid);
 		}
 		if (self::$user['permissions'] & Permission::get('superadmin'))
@@ -40,15 +51,60 @@ class User
 		return (self::$user['permissions'] & Permission::get($permission)) != 0;
 	}
 
+	/**
+	 * Confirm current user has the given permission, stop execution and show error message
+	 * otherwise.
+	 * @param string $permission Permission to check for
+	 * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient
+	 * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page
+	 */
+	public static function assertPermission($permission, $locationid = NULL, $redirect = NULL)
+	{
+		if (User::hasPermission($permission, $locationid))
+			return;
+		if (AJAX) {
+			Message::renderList();
+			exit;
+		}
+		if (!is_null($redirect)) {
+			Message::addError('main.no-permission');
+			Util::redirect($redirect);
+		} elseif (Module::isAvailable('permissionmanager')) {
+			if ($permission{0} !== '.') {
+				$module = Page::getModule();
+				if ($module !== false) {
+					$permission = '.' . $module->getIdentifier() . '.' . $permission;
+				}
+			}
+			Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission));
+		} else {
+			Message::addError('main.no-permission');
+			Util::redirect('?do=main');
+		}
+	}
+
 	public static function getAllowedLocations($permission)
 	{
+		if (!self::isLoggedIn())
+			return [];
 		if (Module::isAvailable("permissionmanager")) {
-			$module = Page::getModule();
-			$permission = $module ? $module->getIdentifier().".".$permission : $permission;
+			if ($permission{0} === '.') {
+				$permission = substr($permission, 1);
+			} else {
+				$module = Page::getModule();
+				$permission = $module ? $module->getIdentifier() . "." . $permission : $permission;
+			}
 			return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission);
 		}
-		if (self::$user['permissions'] & Permission::get('superadmin'))
-			return array_keys(Location::getLocationsAssoc());
+		if (self::$user['permissions'] & Permission::get('superadmin')) {
+			if (Module::isAvailable('locations')) {
+				$a = array_keys(Location::getLocationsAssoc());
+				$a[] = 0;
+			} else {
+				$a = [0];
+			}
+			return $a;
+		}
 		return array();
 	}
 
@@ -63,6 +119,7 @@ class User
 			self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid));
 			if (self::$user === false)
 				self::logout();
+			settype(self::$user['userid'], 'int');
 			return true;
 		}
 		return false;