From fce3edc0ff8de6f051092574b10f0627c6099e88 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Fri, 6 Jan 2017 23:27:40 +0545 Subject: Allow admin to clear notices --- src/etc/inc/priv.inc | 27 +++++++++++++++++---------- src/usr/local/www/head.inc | 2 +- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index c430ced..d624f99 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -182,7 +182,7 @@ function get_user_privdesc(& $user) { return $privs; } -function isAllowed($username, $page) { +function isAdminUID($username) { global $_SESSION; if (!isset($username)) { @@ -199,6 +199,20 @@ function isAllowed($username, $page) { } } + return false; +} + +function isAllowed($username, $page) { + global $_SESSION; + + if (!isset($username)) { + return false; + } + + if (isAdminUID($username)) { + return true; + } + /* user privilege access check */ if (cmp_page_matches($page, $_SESSION['page-match'])) { return true; @@ -207,7 +221,6 @@ function isAllowed($username, $page) { return false; } - function isAllowedPage($page) { global $_SESSION; @@ -218,14 +231,8 @@ function isAllowedPage($page) { return false; } - /* admin/root access check */ - $user = getUserEntry($username); - if (isset($user)) { - if (isset($user['uid'])) { - if ($user['uid'] == 0) { - return true; - } - } + if (isAdminUID($username)) { + return true; } /* user privilege access check */ diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index 24bf835..daa1680 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -425,7 +425,7 @@ $allow_clear_notices = false; if (are_notices_pending()) { // Evaluate user privs to determine if notices should be displayed, and if the user can clear them. $user_entry = getUserEntry($_SESSION['Username']); - if (userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { + if (isAdminUID($username) || userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { $display_notices = true; $allow_clear_notices = true; } elseif (userHasPrivilege($user_entry, "user-view-notices")) { -- cgit v1.1 From b2daca7675fc3fefd9938935a7b7d0548438b6ed Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Sat, 7 Jan 2017 08:09:40 +0545 Subject: Fix username reference --- src/usr/local/www/head.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index daa1680..6205772 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -425,7 +425,7 @@ $allow_clear_notices = false; if (are_notices_pending()) { // Evaluate user privs to determine if notices should be displayed, and if the user can clear them. $user_entry = getUserEntry($_SESSION['Username']); - if (isAdminUID($username) || userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { + if (isAdminUID($_SESSION['Username']) || userHasPrivilege($user_entry, "user-view-clear-notices") || userHasPrivilege($user_entry, "page-all")) { $display_notices = true; $allow_clear_notices = true; } elseif (userHasPrivilege($user_entry, "user-view-notices")) { -- cgit v1.1