Add permission checks to the request feature

* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2014-08-08 11:47:06 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2014-08-08 11:48:58 +0200
commit: 218ccf51e38ad9b0654aa509f2bf8eec44d69c07 (patch)
tree: a5fed51509d35bf3da7672b7ca94bdbe47644090 /web/html
parent: d61b34f2557eb38142c879cbe2dea8598873dfb3 (diff)
download: aurweb-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php
index 03b31b8..ccb0acd 100644
--- a/web/html/pkgreq.php
+++ b/web/html/pkgreq.php
@@ -9,9 +9,17 @@ set_lang();
 check_sid();
 
 if (isset($base_id)) {
+	if (!has_credential(CRED_PKGREQ_FILE)) {
+		header('Location: /');
+		exit();
+	}
 	html_header(__("File Request"));
 	include('pkgreq_form.php');
 } elseif (isset($pkgreq_id)) {
+	if (!has_credential(CRED_PKGREQ_CLOSE)) {
+		header('Location: /');
+		exit();
+	}
 	html_header(__("Close Request"));
 	$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
 	include('pkgreq_close_form.php');
author	Lukas Fleischer <archlinux@cryptocrack.de>	2014-08-08 11:47:06 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2014-08-08 11:48:58 +0200
commit	218ccf51e38ad9b0654aa509f2bf8eec44d69c07 (patch)
tree	a5fed51509d35bf3da7672b7ca94bdbe47644090 /web/html
parent	d61b34f2557eb38142c879cbe2dea8598873dfb3 (diff)
download	aurweb-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.xz