auth: admin subpermission check for edit pages

Check for specific "edit $path" rights in addition to full "edit",
allowing for partial access.

diff --git a/auth.inc.php b/auth.inc.php
index a792ef6838e13383a6b130facde423ad37a8c0d5..7ece6350219902345e504b9d253156200f2d982d 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -40,7 +40,14 @@ class User
        function admin($permission = NULL)
        {
                if (isset($permission)) {
-                       return $this->admin && isset($this->admin[$permission]);  # check level
+                       if (!$this->admin) {
+                               return FALSE;  # empty results
+                       }
+                       @list ($rootlevel, $sublevel) = explode(' ', $permission);
+                       if ($sublevel and isset($this->admin[$rootlevel])) {
+                               return TRUE;  # root match
+                       }
+                       return isset($this->admin[$permission]);  # check level
                }
                if (!@file_exists("{$this->dir}/.admin")) {
                        return FALSE;  # not an admin

diff --git a/edit/page/index.php b/edit/page/index.php
index 20ebcc5d9aa247636c7e9f6dd82172069f3dde44..32564ab299d39b345f48b9e0a148ed04f33cbece 100644 (file)
--- a/edit/page/index.php
+++ b/edit/page/index.php
@@ -1,7 +1,7 @@
 <?php
 ob_clean();
 
-if (!$User or !$User->admin('edit'))
+if (!$User or !$User->admin("edit $Page$Args"))
        abort("geen beheersrechten", '401 unauthorised');
 
 if ($_FILES) {

diff --git a/page.inc.php b/page.inc.php
index 577f1e030806152973998a8b8d4f9a7d60de69da..b7a7e77ab2e01764c4ba1ce43faf3364d26ecc2d 100644 (file)
--- a/page.inc.php
+++ b/page.inc.php
@@ -10,7 +10,7 @@ ob_start();
 if ($User) {
        print '<div class="login"><p>';
        printf('<span>Ingelogd: <b><a href="%s">%s</a></b></span>', '/login', $User->login);
-       if ($User->admin('edit')) {
+       if ($User->admin("edit $Page$Args")) {
                $editpage = $Page.$Args;
                if (is_dir($editpage)) {
                        if (file_exists("$editpage/index.html")) {
@@ -43,8 +43,8 @@ register_shutdown_function(function () {
        @include 'footer.inc.html';
        print "</footer>\n";
 
-       global $User;
-       if ($User and $User->admin('edit')) {
+       global $User, $Page, $Args;
+       if ($User and $User->admin("edit $Page$Args")) {
                $ckesrc = '/lib/ckeditor'; # local install
                if (!file_exists(DOCROOT . $ckesrc)) {
                        $ckesrc = '//cdn.ckeditor.com/4.7.3/full-all'; # remote fallback

diff --git a/page.php b/page.php
index 10e90facb00357fbf2a84123a47fdf8b50b4fccf..f5e9749cbeac10837f6d9bf0fb923c5a4234114d 100644 (file)
--- a/page.php
+++ b/page.php
@@ -159,7 +159,7 @@ if (file_exists("$Page$Args.html")) {
 elseif (file_exists("$Page$Args/index.html")) {
        $staticpage = "$Page$Args/index.html";
 }
-elseif ($User and $User->admin('edit')) {
+elseif ($User and $User->admin("edit $Page$Args")) {
        $staticpage = (file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html');
 }
 

diff --git a/widget/doclist.php b/widget/doclist.php
index e4fadef34a919700340f7e23b6ad883030193a80..796a4ad2812a7e3592d8d020974bb00becd976de 100644 (file)
--- a/widget/doclist.php
+++ b/widget/doclist.php
@@ -24,7 +24,7 @@ foreach (array_reverse($cal) as $title => $versions) {
        }
        else {
                print $title;
-               if ($versions and $User->admin('edit')) {
+               if ($versions and $User->admin("edit $Page$Args")) {
                        printf(' (%s)', implode(', ', array_map(
                                function ($format, $url) {
                                        return sprintf('<a href="/%s">%s</a>', $url, $format);