diff options
| -rw-r--r-- | etc/inc/config.lib.inc | 5 | ||||
| -rw-r--r-- | etc/inc/priv/user.priv.inc | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 54a9134..ddefde0 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -494,6 +494,11 @@ function write_config($desc="Unknown", $backup = true) { log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); */ + if (!empty($_SESSION['Username'])) { + $user = getUserEntry($_SESSION['Username']); + if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) + return false; + } $username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username']; if (!empty($_SERVER['REMOTE_ADDR'])) $username .= '@' . $_SERVER['REMOTE_ADDR']; diff --git a/etc/inc/priv/user.priv.inc b/etc/inc/priv/user.priv.inc index affa218..7c943cd 100644 --- a/etc/inc/priv/user.priv.inc +++ b/etc/inc/priv/user.priv.inc @@ -26,6 +26,10 @@ $priv_list['page-dashboard-widgets']['descr'] = "Allow direct access to all Dash $priv_list['page-dashboard-widgets']['match'] = array(); $priv_list['page-dashboard-widgets']['match'][] = "*.widget.php*"; +$priv_list['user-config-readonly'] = array(); +$priv_list['user-config-readonly']['name'] = "User - Config - Deny Config Write"; +$priv_list['user-config-readonly']['descr'] = "If present, ignores requests from this user to write config.xml."; + $priv_list['user-shell-access'] = array(); $priv_list['user-shell-access']['name'] = "User - System - Shell account access"; $priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". |
