summaryrefslogtreecommitdiffstats
path: root/web/html/tu.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 20:52:54 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:56:57 +0200
commit03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/tu.php
parent9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
downloadaurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz
Rework permission handling
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/tu.php')
-rw-r--r--web/html/tu.php9
1 files changed, 2 insertions, 7 deletions
diff --git a/web/html/tu.php b/web/html/tu.php
index 5d4e37d..158632a 100644
--- a/web/html/tu.php
+++ b/web/html/tu.php
@@ -14,12 +14,7 @@ html_header($title);
$pp = 10;
$prev_Len = 75;
-$atype = "";
-if (isset($_COOKIE["AURSID"])) {
- $atype = account_from_sid($_COOKIE["AURSID"]);
-}
-
-if ($atype == "Trusted User" || $atype == "Developer") {
+if (has_credential(CRED_TU_LIST_VOTES)) {
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
@@ -39,7 +34,7 @@ if ($atype == "Trusted User" || $atype == "Developer") {
if ($isrunning == 0) {
$canvote = 0;
$errorvote = __("Voting is closed for this proposal.");
- } else if ($atype == "Developer") {
+ } else if (!has_credential(CRED_TU_VOTE)) {
$canvote = 0;
$errorvote = __("Only Trusted Users are allowed to vote.");
} else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) {