Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

1 files changed, 2 insertions, 5 deletions

diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 30b26fd..9a99e78 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -17,7 +17,7 @@
 		</p>
 		<?php
 		# Only TUs or Devs can promote/demote/suspend a user
-		if ($UTYPE == "Trusted User" || $UTYPE == "Developer"):
+		if (has_credential(CRED_ACCOUNT_CHANGE_TYPE)):
 		?>
 		<p>
 			<label for="id_type"><?= __("Account Type") ?>:</label>
@@ -32,10 +32,7 @@
 				<?php else: ?>
 				<option value="2"><?= __("Trusted user") ?></option>
 				<?php endif; ?>
-				<?php
-				# Only developers can make another account a developer
-				if ($UTYPE == "Developer"):
-				?>
+				<?php if (has_credential(CRED_ACCOUNT_EDIT_DEV)): ?>
 				<option value="3"
 				<?php $T == 3 ? print " selected=\"selected\">" : print ">";
 				print __("Developer")."\n"; ?>