From: Mischa POSLAWSKY Date: Tue, 22 Oct 2019 03:11:28 +0000 (+0200) Subject: auth: admin subpermission check for edit pages X-Git-Tag: v4.1~15 X-Git-Url: http://git.shiar.nl/minimedit.git/commitdiff_plain/5b94cc8fb8d15c44eb5223f262d091b0fe286944 auth: admin subpermission check for edit pages Check for specific "edit $path" rights in addition to full "edit", allowing for partial access. --- diff --git a/auth.inc.php b/auth.inc.php index a792ef6..7ece635 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -40,7 +40,14 @@ class User function admin($permission = NULL) { if (isset($permission)) { - return $this->admin && isset($this->admin[$permission]); # check level + if (!$this->admin) { + return FALSE; # empty results + } + @list ($rootlevel, $sublevel) = explode(' ', $permission); + if ($sublevel and isset($this->admin[$rootlevel])) { + return TRUE; # root match + } + return isset($this->admin[$permission]); # check level } if (!@file_exists("{$this->dir}/.admin")) { return FALSE; # not an admin diff --git a/edit/page/index.php b/edit/page/index.php index 20ebcc5..32564ab 100644 --- a/edit/page/index.php +++ b/edit/page/index.php @@ -1,7 +1,7 @@ admin('edit')) +if (!$User or !$User->admin("edit $Page$Args")) abort("geen beheersrechten", '401 unauthorised'); if ($_FILES) { diff --git a/page.inc.php b/page.inc.php index 577f1e0..b7a7e77 100644 --- a/page.inc.php +++ b/page.inc.php @@ -10,7 +10,7 @@ ob_start(); if ($User) { print '

'; printf('Ingelogd: %s', '/login', $User->login); - if ($User->admin('edit')) { + if ($User->admin("edit $Page$Args")) { $editpage = $Page.$Args; if (is_dir($editpage)) { if (file_exists("$editpage/index.html")) { @@ -43,8 +43,8 @@ register_shutdown_function(function () { @include 'footer.inc.html'; print "\n"; - global $User; - if ($User and $User->admin('edit')) { + global $User, $Page, $Args; + if ($User and $User->admin("edit $Page$Args")) { $ckesrc = '/lib/ckeditor'; # local install if (!file_exists(DOCROOT . $ckesrc)) { $ckesrc = '//cdn.ckeditor.com/4.7.3/full-all'; # remote fallback diff --git a/page.php b/page.php index 10e90fa..f5e9749 100644 --- a/page.php +++ b/page.php @@ -159,7 +159,7 @@ if (file_exists("$Page$Args.html")) { elseif (file_exists("$Page$Args/index.html")) { $staticpage = "$Page$Args/index.html"; } -elseif ($User and $User->admin('edit')) { +elseif ($User and $User->admin("edit $Page$Args")) { $staticpage = (file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); } diff --git a/widget/doclist.php b/widget/doclist.php index e4fadef..796a4ad 100644 --- a/widget/doclist.php +++ b/widget/doclist.php @@ -24,7 +24,7 @@ foreach (array_reverse($cal) as $title => $versions) { } else { print $title; - if ($versions and $User->admin('edit')) { + if ($versions and $User->admin("edit $Page$Args")) { printf(' (%s)', implode(', ', array_map( function ($format, $url) { return sprintf('%s', $url, $format);