diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 20:52:54 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 22:56:57 +0200 |
| commit | 03c6304e19d5d3ecd276dd3f42220db301ab511d (patch) | |
| tree | 25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/tu.php | |
| parent | 9e6b861b6f40a90363c402b4d26602f33964cf41 (diff) | |
| download | aurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz | |
Rework permission handling
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/tu.php')
| -rw-r--r-- | web/html/tu.php | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/web/html/tu.php b/web/html/tu.php index 5d4e37d..158632a 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -14,12 +14,7 @@ html_header($title); $pp = 10; $prev_Len = 75; -$atype = ""; -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_LIST_VOTES)) { if (isset($_GET['id'])) { if (is_numeric($_GET['id'])) { @@ -39,7 +34,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { if ($isrunning == 0) { $canvote = 0; $errorvote = __("Voting is closed for this proposal."); - } else if ($atype == "Developer") { + } else if (!has_credential(CRED_TU_VOTE)) { $canvote = 0; $errorvote = __("Only Trusted Users are allowed to vote."); } else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) { |