Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

1 files changed, 4 insertions, 7 deletions

diff --git a/web/template/account_search_results.php b/web/template/account_search_results.php
index bd4ee29..43f2d1d 100644
--- a/web/template/account_search_results.php
+++ b/web/template/account_search_results.php
@@ -42,13 +42,10 @@ else:
 					<td><?php $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;" ?></td>
 					<td><?php $row["PGPKey"] ? print html_format_pgp_fingerprint($row["PGPKey"]) : print "&nbsp;" ?></td>
 					<td>
-					<?php
-						if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer"):
-							# TUs can't edit devs
-							print "&nbsp;";
-						else:
-					?>
-						<a href="<?= get_user_uri($row["Username"]) . "edit/" ?>"><?= __("Edit") ?></a>
+					<?php if (can_edit_account($row)): ?>
+					<a href="<?= get_user_uri($row["Username"]) . "edit/" ?>"><?= __("Edit") ?></a>
+					<?php else: ?>
+					&nbsp;
 					<?php endif; ?>
 					</td>
 				</tr>