diff options
| author | jim-p <jimp@pfsense.org> | 2017-01-07 00:14:01 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-01-07 00:14:01 -0500 |
| commit | 1a86beffd36166ebc5d5fe6e662aff1a616ec585 (patch) | |
| tree | 11c1cb82629cae93296c36642f3aa16da64072e7 /src | |
| parent | a5d486e9ad95d4e63603430c8aabf706fcc03363 (diff) | |
| parent | b2daca7675fc3fefd9938935a7b7d0548438b6ed (diff) | |
| download | pfsense-1a86beffd36166ebc5d5fe6e662aff1a616ec585.zip pfsense-1a86beffd36166ebc5d5fe6e662aff1a616ec585.tar.gz | |
Merge pull request #3359 from phil-davis/admin_notices
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/priv.inc | 27 | ||||
| -rw-r--r-- | src/usr/local/www/head.inc | 2 |
2 files changed, 18 insertions, 11 deletions
diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index c430ced..d624f99 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -182,7 +182,7 @@ function get_user_privdesc(& $user) { return $privs; } -function isAllowed($username, $page) { +function isAdminUID($username) { global $_SESSION; if (!isset($username)) { @@ -199,6 +199,20 @@ function isAllowed($username, $page) { } } + return false; +} + +function isAllowed($username, $page) { + global $_SESSION; + + if (!isset($username)) { + return false; + } + + if (isAdminUID($username)) { + return true; + } + /* user privilege access check */ if (cmp_page_matches($page, $_SESSION['page-match'])) { return true; @@ -207,7 +221,6 @@ function isAllowed($username, $page) { return false; } - function isAllowedPage($page) { global $_SESSION; @@ -218,14 +231,8 @@ function isAllowedPage($page) { return false; } - /* admin/root access check */ - $user = getUserEntry($username); - if (isset($user)) { - if (isset($user['uid'])) { - if ($user['uid'] == 0) { - return true; - } - } + if (isAdminUID($username)) { + return true; } /* user privilege access check */ diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index 24bf835..6205772 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -425,7 +425,7 @@ $allow_clear_notices = false; if (are_notices_pending()) { // Evaluate user privs to determine if notices should be displayed, and if the user can clear them. $user_entry = getUserEntry($_SESSION['Username']); - if (userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { + if (isAdminUID($_SESSION['Username']) || userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { $display_notices = true; $allow_clear_notices = true; } elseif (userHasPrivilege($user_entry, "user-view-notices")) { |
