diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 20:52:54 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 22:56:57 +0200 |
commit | 03c6304e19d5d3ecd276dd3f42220db301ab511d (patch) | |
tree | 25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/addvote.php | |
parent | 9e6b861b6f40a90363c402b4d26602f33964cf41 (diff) | |
download | aurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz |
Rework permission handling
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r-- | web/html/addvote.php | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php index 3ce99c0..0b6b9c6 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -11,13 +11,10 @@ $title = __("Add Proposal"); html_header($title); if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); - $uid = uid_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; + $uid = uid_from_sid($_COOKIE["AURSID"]); } -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_ADD_VOTE)) { if (!empty($_POST['addVote']) && !check_token()) { $error = __("Invalid token for user action."); |