From 218ccf51e38ad9b0654aa509f2bf8eec44d69c07 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 8 Aug 2014 11:47:06 +0200
Subject: Add permission checks to the request feature

* Only show the request form to users that are logged in.
* Only show the close request form to Trusted Users and developers.
* Check for a valid login in pkgreq_file().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/credentials.inc.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'web/lib/credentials.inc.php')

diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index efc203d..0c428f2 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13);
 define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
 define("CRED_PKGBASE_UNFLAG", 15);
 define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_FILE", 23);
 define("CRED_PKGREQ_CLOSE", 17);
 define("CRED_PKGREQ_LIST", 18);
 define("CRED_TU_ADD_VOTE", 19);
@@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_PKGBASE_FLAG:
 	case CRED_PKGBASE_NOTIFY:
 	case CRED_PKGBASE_VOTE:
+	case CRED_PKGREQ_FILE:
 		return ($atype == 'User' || $atype == 'Trusted User' ||
 			$atype == 'Developer' ||
 			$atype == 'Trusted User & Developer');
-- 
cgit v1.2.3-70-g09d2