Add custom priv for granting access to the user manager.

1 files changed, 6 insertions, 3 deletions

diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 80af866..e22013a 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -36,7 +36,12 @@ require("guiconfig.inc");
 // The page title for non-admins
 $pgtitle = array("System","User Password");
 
-if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
+/* Check for custom priv system_usermanager (no .php ending) */
+$allowed = $g['privs'];
+if (in_array("system_usermanager", $allowed))
+	$isAdminUser = true;
+
+if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']) or $isAdminUser) {
     // Page title for main admin
     $pgtitle = array("System","User Manager");
 
@@ -134,8 +139,6 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
             if (isset($id) && $a_user[$id])
                 $userent = $a_user[$id];
 
-
-
             /* the user did change his username */
             if ($_POST['usernamefld'] <> $_POST['oldusername']) {
                 $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];