From 1a4fa4f756c9b58a5a4da6b4511ac9ceda866326 Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Thu, 14 Dec 2017 14:40:53 +0100
Subject: [backup] added permissions to create and restore backups

---
 modules-available/backup/page.inc.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'modules-available/backup/page.inc.php')

diff --git a/modules-available/backup/page.inc.php b/modules-available/backup/page.inc.php
index 77d677c7..26182ca3 100644
--- a/modules-available/backup/page.inc.php
+++ b/modules-available/backup/page.inc.php
@@ -11,21 +11,21 @@ class Page_Backup extends Page
 	protected function doPreprocess()
 	{
 		User::load();
-		if (!User::hasPermission('superadmin')) {
+		if (!User::isLoggedIn()) {
 			Message::addError('main.no-permission');
 			Util::redirect('?do=Main');
 		}
 		$this->action = Request::post('action');
-		if ($this->action === 'backup') {
+		if ($this->action === 'backup' && User::hasPermission("create")) {
 			$this->backup();
-		} elseif ($this->action === 'restore') {
+		} elseif ($this->action === 'restore' && User::hasPermission("restore")) {
 			$this->restore();
 		}
 	}
 
 	protected function doRender()
 	{
-		if ($this->action === 'restore') {
+		if ($this->action === 'restore' && User::hasPermission("restore")) {
 			Render::addTemplate('restore', $this->templateData);
 		} else {
 			$lastBackup = (int)Property::get(self::LAST_BACKUP_PROP, 0);
@@ -34,7 +34,9 @@ class Page_Backup extends Page
 			} else {
 				$lastBackup = date('d.m.Y', $lastBackup);
 			}
-			Render::addTemplate('_page', ['last_backup' => $lastBackup]);
+			Render::addTemplate('_page', ['last_backup' => $lastBackup,
+																"createAllowed" => User::hasPermission("create"),
+																"restoreAllowed" => User::hasPermission("restore")]);
 		}
 	}
 
-- 
cgit v1.2.3-55-g7522