Rework permission handling

Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2014-07-15 20:52:54 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2014-07-15 22:56:57 +0200
commit: 03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree: 25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/addvote.php
parent: 9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
download: aurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz
1 files changed, 2 insertions, 5 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index 3ce99c0..0b6b9c6 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -11,13 +11,10 @@ $title = __("Add Proposal");
 html_header($title);
 
 if (isset($_COOKIE["AURSID"])) {
-  $atype = account_from_sid($_COOKIE["AURSID"]);
-  $uid = uid_from_sid($_COOKIE["AURSID"]);
-} else {
-  $atype = "";
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
 }
 
-if ($atype == "Trusted User" || $atype == "Developer") {
+if (has_credential(CRED_TU_ADD_VOTE)) {
 
 	if (!empty($_POST['addVote']) && !check_token()) {
 		$error = __("Invalid token for user action.");
author	Lukas Fleischer <archlinux@cryptocrack.de>	2014-07-15 20:52:54 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2014-07-15 22:56:57 +0200
commit	03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree	25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/addvote.php
parent	9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
download	aurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz