From 03c6304e19d5d3ecd276dd3f42220db301ab511d Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 15 Jul 2014 20:52:54 +0200 Subject: Rework permission handling Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer --- web/html/account.php | 20 +++++++------------- web/html/addvote.php | 7 ++----- web/html/packages.php | 7 ------- web/html/pkgbase.php | 31 ++++++++++++------------------- web/html/pkgdel.php | 8 +------- web/html/pkgmerge.php | 8 +------- web/html/pkgreq.php | 2 +- web/html/tu.php | 9 ++------- web/html/voters.php | 3 +-- 9 files changed, 27 insertions(+), 68 deletions(-) (limited to 'web/html') diff --git a/web/html/account.php b/web/html/account.php index 47cf6d2..f212eab 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -18,18 +18,14 @@ echo "

".__("Accounts")."

\n"; $action = in_request("Action"); if (isset($_COOKIE["AURSID"])) { - # visitor is logged in - # - $atype = account_from_sid($_COOKIE["AURSID"]); - if ($action == "SearchAccounts") { # security check # - if ($atype == "Trusted User" || $atype == "Developer") { + if (has_credential(CRED_ACCOUNT_SEARCH)) { # the user has entered search criteria, find any matching accounts # - search_results_page($atype, in_request("O"), in_request("SB"), + search_results_page(in_request("O"), in_request("SB"), in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("R"), in_request("I"), in_request("K")); @@ -48,8 +44,8 @@ if (isset($_COOKIE["AURSID"])) { print __("Could not retrieve information for the specified user."); } else { /* Verify user has permission to edit the account */ - if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) { - display_account_form($atype, "UpdateAccount", $row["Username"], + if (can_edit_account($row)) { + display_account_form("UpdateAccount", $row["Username"], $row["AccountTypeID"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], $row["IRCNick"], $row["PGPKey"], @@ -70,22 +66,20 @@ if (isset($_COOKIE["AURSID"])) { } } elseif ($action == "UpdateAccount") { - $uid = uid_from_sid($_COOKIE['AURSID']); - /* Details for account being updated */ $acctinfo = account_details(in_request('ID'), in_request('U')); /* Verify user permissions and that the request is a valid POST */ - if (can_edit_account($atype, $acctinfo, $uid) && check_token()) { + if (can_edit_account($acctinfo) && check_token()) { /* Update the details for the existing account */ - process_account_form($atype, "edit", "UpdateAccount", + process_account_form("edit", "UpdateAccount", in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("J"), in_request("ID")); } } else { - if ($atype == "Trusted User" || $atype == "Developer") { + if (has_credential(CRED_ACCOUNT_SEARCH)) { # display the search page if they're a TU/dev # print __("Use this form to search existing accounts.")."
\n"; diff --git a/web/html/addvote.php b/web/html/addvote.php index 3ce99c0..0b6b9c6 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -11,13 +11,10 @@ $title = __("Add Proposal"); html_header($title); if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); - $uid = uid_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; + $uid = uid_from_sid($_COOKIE["AURSID"]); } -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_ADD_VOTE)) { if (!empty($_POST['addVote']) && !check_token()) { $error = __("Invalid token for user action."); diff --git a/web/html/packages.php b/web/html/packages.php index 2fb9cbc..645806e 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -35,13 +35,6 @@ if (isset($pkgname)) { $title = __("Packages"); } -# Retrieve account type -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; -} - $details = array(); if (isset($pkgname)) { $details = pkg_get_details($pkgid); diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index cf2b774..4f35a67 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -32,13 +32,6 @@ if (!isset($base_id) || !isset($pkgbase_name)) { /* Set the title to package base name. */ $title = $pkgbase_name; -/* Retrieve account type. */ -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} else { - $atype = ""; -} - /* Grab the list of package base IDs to be operated on. */ $ids = array(); if (isset($_POST['IDs'])) { @@ -55,29 +48,29 @@ $ret = false; $output = ""; if (check_token()) { if (current_action("do_Flag")) { - list($ret, $output) = pkgbase_flag($atype, $ids); + list($ret, $output) = pkgbase_flag($ids); } elseif (current_action("do_UnFlag")) { - list($ret, $output) = pkgbase_unflag($atype, $ids); + list($ret, $output) = pkgbase_unflag($ids); } elseif (current_action("do_Adopt")) { - list($ret, $output) = pkgbase_adopt($atype, $ids, true, NULL); + list($ret, $output) = pkgbase_adopt($ids, true, NULL); } elseif (current_action("do_Disown")) { $via = isset($_POST['via']) ? $_POST['via'] : NULL; - list($ret, $output) = pkgbase_adopt($atype, $ids, false, $via); + list($ret, $output) = pkgbase_adopt($ids, false, $via); } elseif (current_action("do_Vote")) { - list($ret, $output) = pkgbase_vote($atype, $ids, true); + list($ret, $output) = pkgbase_vote($ids, true); } elseif (current_action("do_UnVote")) { - list($ret, $output) = pkgbase_vote($atype, $ids, false); + list($ret, $output) = pkgbase_vote($ids, false); } elseif (current_action("do_Delete")) { if (isset($_POST['confirm_Delete'])) { $via = isset($_POST['via']) ? $_POST['via'] : NULL; if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { - list($ret, $output) = pkgbase_delete($atype, $ids, NULL, $via); + list($ret, $output) = pkgbase_delete($ids, NULL, $via); unset($_GET['ID']); } else { $merge_base_id = pkgbase_from_name($_POST['merge_Into']); if ($merge_base_id) { - list($ret, $output) = pkgbase_delete($atype, $ids, $merge_base_id, $via); + list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via); unset($_GET['ID']); } else { $output = __("Cannot find package to merge votes and comments into."); @@ -90,13 +83,13 @@ if (check_token()) { $ret = false; } } elseif (current_action("do_Notify")) { - list($ret, $output) = pkgbase_notify($atype, $ids); + list($ret, $output) = pkgbase_notify($ids); } elseif (current_action("do_UnNotify")) { - list($ret, $output) = pkgbase_notify($atype, $ids, false); + list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { - list($ret, $output) = pkgbase_delete_comment($atype); + list($ret, $output) = pkgbase_delete_comment(); } elseif (current_action("do_ChangeCategory")) { - list($ret, $output) = pkgbase_change_category($base_id, $atype); + list($ret, $output) = pkgbase_change_category($base_id); } elseif (current_action("do_FileRequest")) { list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']); } elseif (current_action("do_CloseRequest")) { diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php index 621c3c9..41900e4 100644 --- a/web/html/pkgdel.php +++ b/web/html/pkgdel.php @@ -10,13 +10,7 @@ check_sid(); html_header(__("Package Deletion")); -$atype = ""; - -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer"): ?> +if (has_credential(CRED_PKGBASE_DELETE)): ?>

diff --git a/web/html/pkgmerge.php b/web/html/pkgmerge.php index ba3f742..6a3b3c5 100644 --- a/web/html/pkgmerge.php +++ b/web/html/pkgmerge.php @@ -10,13 +10,7 @@ check_sid(); html_header(__("Package Merging")); -$atype = ""; - -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer"): ?> +if (has_credential(CRED_PKGBASE_DELETE)): ?>

diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index 9dec1f6..03b31b8 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -16,7 +16,7 @@ if (isset($base_id)) { $pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id); include('pkgreq_close_form.php'); } else { - if (!check_user_privileges()) { + if (!has_credential(CRED_PKGREQ_LIST)) { header('Location: /'); exit(); } diff --git a/web/html/tu.php b/web/html/tu.php index 5d4e37d..158632a 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -14,12 +14,7 @@ html_header($title); $pp = 10; $prev_Len = 75; -$atype = ""; -if (isset($_COOKIE["AURSID"])) { - $atype = account_from_sid($_COOKIE["AURSID"]); -} - -if ($atype == "Trusted User" || $atype == "Developer") { +if (has_credential(CRED_TU_LIST_VOTES)) { if (isset($_GET['id'])) { if (is_numeric($_GET['id'])) { @@ -39,7 +34,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { if ($isrunning == 0) { $canvote = 0; $errorvote = __("Voting is closed for this proposal."); - } else if ($atype == "Developer") { + } else if (!has_credential(CRED_TU_VOTE)) { $canvote = 0; $errorvote = __("Only Trusted Users are allowed to vote."); } else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) { diff --git a/web/html/voters.php b/web/html/voters.php index bbcf547..8766fa7 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -6,11 +6,10 @@ include_once('pkgfuncs.inc.php'); $SID = $_COOKIE['AURSID']; $pkgname = htmlspecialchars($_GET['N']); $votes = pkgbase_votes_from_name($pkgname); -$atype = account_from_sid($SID); html_header(__("Voters")); -if ($atype == 'Trusted User' || $atype== 'Developer'): +if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>

-- cgit v1.2.3-54-g00ecf