From 4b58c9e80aec4121426da99da7e7c3ca99545aaf Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Thu, 14 Dec 2017 14:08:07 +0100
Subject: [webinterface] added permissions to edit https, password and design
 settings

---
 modules-available/webinterface/page.inc.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'modules-available/webinterface/page.inc.php')

diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php
index 6dfc9faa..41636c19 100644
--- a/modules-available/webinterface/page.inc.php
+++ b/modules-available/webinterface/page.inc.php
@@ -10,19 +10,19 @@ class Page_WebInterface extends Page
 	protected function doPreprocess()
 	{
 		User::load();
-		if (!User::hasPermission('superadmin')) {
+		if (!User::isLoggedIn()) {
 			Message::addError('main.no-permission');
 			Util::redirect('?do=Main');
 		}
 		switch (Request::post('action')) {
 			case 'https':
-				$this->actionConfigureHttps();
+				if (User::hasPermission("edit.https")) $this->actionConfigureHttps();
 				break;
 			case 'password':
-				$this->actionShowHidePassword();
+				if (User::hasPermission("edit.password")) $this->actionShowHidePassword();
 				break;
 			case 'customization':
-				$this->actionCustomization();
+				if (User::hasPermission("edit.design")) $this->actionCustomization();
 				break;
 		}
 	}
@@ -123,6 +123,7 @@ class Page_WebInterface extends Page
 			}
 		}
 		$data[$type . 'Selected'] = true;
+		$data["editAllowed"] = User::hasPermission("edit.https");
 		Render::addTemplate('https', $data);
 		//
 		// Password fields
@@ -132,6 +133,7 @@ class Page_WebInterface extends Page
 			$data['selected_show'] = 'checked';
 		else
 			$data['selected_hide'] = 'checked';
+		$data["editAllowed"] = User::hasPermission("edit.password");
 		Render::addTemplate('passwords', $data);
 		$data = array('prefix' => Property::get('page-title-prefix'));
 		$data['colors'] = array_map(function ($i) { return array('color' => $i ? '#' . $i : '', 'text' => Render::readableColor($i)); },
@@ -148,6 +150,7 @@ class Page_WebInterface extends Page
 		if ($color) {
 			$data['colors'][] = array('color' => $color, 'selected' => 'selected');
 		}
+		$data["editAllowed"] = User::hasPermission("edit.design");
 		Render::addTemplate('customization', $data);
 	}
 
-- 
cgit v1.2.3-55-g7522