summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 20:52:54 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:56:57 +0200
commit03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/lib/acctfuncs.inc.php
parent9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
downloadaurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz
Rework permission handling
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
-rw-r--r--web/lib/acctfuncs.inc.php37
1 files changed, 11 insertions, 26 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 06d4311..e2e37b8 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -42,7 +42,6 @@ function html_format_pgp_fingerprint($fingerprint) {
* Loads the account editing form, with any values that are already saved
*
* @global array $SUPPORTED_LANGS Languages that are supported by the AUR
- * @param string $UTYPE User type of the account accessing the form
* @param string $A Form to use, either UpdateAccount or NewAccount
* @param string $U The username to display
* @param string $T The account type of the displayed user
@@ -59,7 +58,7 @@ function html_format_pgp_fingerprint($fingerprint) {
*
* @return void
*/
-function display_account_form($UTYPE,$A,$U="",$T="",$S="",
+function display_account_form($A,$U="",$T="",$S="",
$E="",$P="",$C="",$R="",$L="",$I="",$K="",$J="", $UID=0) {
global $SUPPORTED_LANGS;
@@ -71,7 +70,6 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
* Process information given to new/edit account form
*
* @global array $SUPPORTED_LANGS Languages that are supported by the AUR
- * @param string $UTYPE The account type of the user modifying the account
* @param string $TYPE Either "edit" for editing or "new" for registering an account
* @param string $A Form to use, either UpdateAccount or NewAccount
* @param string $U The username for the account
@@ -89,7 +87,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
*
* @return string|void Return void if successful, otherwise return error
*/
-function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
+function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) {
global $SUPPORTED_LANGS, $AUR_LOCATION;
@@ -143,7 +141,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("The PGP key fingerprint is invalid.");
}
- if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) {
+ $atype = account_from_sid($_COOKIE['AURSID']);
+ if (($atype == "User" && $T > 1) || ($atype == "Trusted User" && $T > 2)) {
$error = __("Cannot increase account permissions.");
}
if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
@@ -188,7 +187,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($error) {
print "<ul class='errorlist'><li>".$error."</li></ul>\n";
- display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
+ display_account_form($A, $U, $T, $S, $E, "", "",
$R, $L, $I, $K, $J, $UID);
return;
}
@@ -299,7 +298,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
/**
* Display the search results page
*
- * @param string $UTYPE User type of the account accessing the form
* @param string $O The offset for the results page
* @param string $SB The column to sort the results page by
* @param string $U The username search criteria
@@ -312,7 +310,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
*
* @return void
*/
-function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
+function search_results_page($O=0,$SB="",$U="",$T="",
$S="",$E="",$R="",$I="",$K="") {
$HITS_PER_PAGE = 50;
@@ -1098,28 +1096,15 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal) {
/**
* Verify a user has the proper permissions to edit an account
*
- * @param string $atype Account type of the editing user
* @param array $acctinfo User account information for edited account
- * @param int $uid User ID of the editing user
*
* @return bool True if permission to edit the account, otherwise false
*/
-function can_edit_account($atype, $acctinfo, $uid) {
- /* Developers can edit any account */
- if ($atype == 'Developer') {
- return true;
- }
-
- /* Trusted Users can edit all accounts except Developer accounts */
- if ($atype == 'Trusted User' &&
- $acctinfo['AccountType'] != 'Developer') {
- return true;
+function can_edit_account($acctinfo) {
+ if ($acctinfo['AccountType'] == 'Developer') {
+ return has_credential(CRED_ACCOUNT_EDIT_DEV);
}
- /* Users can edit only their own account */
- if ($acctinfo['ID'] == $uid) {
- return true;
- }
-
- return false;
+ $uid = uid_from_sid($_COOKIE['AURSID']);
+ return has_credential(CRED_ACCOUNT_EDIT, array($uid));
}