Check usergroups when accessing admin panel

This commit is contained in:
Markus Wang Halvorsen 2017-11-11 17:06:56 +01:00
parent 1ce3490ff0
commit 3d3903eadc
10 changed files with 116 additions and 1 deletions

View File

@ -9,7 +9,7 @@ class UserManager{
public $usergroups = [
'admin' => 1,
'prosjekt' => 2,
'hendelser' => 4
'aktiviteter' => 4
];
public function __construct($pdo){

View File

@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'aktiviteter')){
echo 'Ingen tilgang';
exit();
}
$eventID = $_GET['id'];
$query = 'DELETE FROM events WHERE id=\'' . $eventID . '\'';

View File

@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'aktiviteter')){
echo 'Ingen tilgang';
exit();
}
$customActivity = new \pvv\side\DBActivity($pdo);
$new = 0;

View File

@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'aktiviteter')){
echo 'Ingen tilgang';
exit();
}
$customActivity = new \pvv\side\DBActivity($pdo);
$events = $customActivity->getAllEvents();

View File

@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'aktiviteter')){
echo 'Ingen tilgang';
exit();
}
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['start']) or !isset($_POST['end']) or !isset($_POST['organiser']) or !isset($_POST['location'])){
header('Location: ' . $_SERVER['HTTP_REFERER']);

View File

@ -1,7 +1,19 @@
<?php
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!($userManager->isAdmin($uname) | $userManager->hasGroup($uname, 'prosjekt') | $userManager->hasGroup($uname, 'aktiviteter'))){
echo 'Ingen tilgang';
exit();
}
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

View File

@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'prosjekt')){
echo 'Ingen tilgang';
exit();
}
$projectID = $_GET['id'];
$query = 'DELETE FROM projects WHERE id=\'' . $projectID . '\'';

View File

@ -6,6 +6,20 @@ require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'prosjekt')){
echo 'Ingen tilgang';
exit();
}
$projectManager = new \pvv\side\ProjectManager($pdo);
$projects = $projectManager->getAll();

View File

@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'prosjekt')){
echo 'Ingen tilgang';
exit();
}
$projectManager = new \pvv\side\ProjectManager($pdo);
$projects = $projectManager->getAll();

View File

@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../sql_config.php';
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$uname = $attrs['uid'][0];
if(!$userManager->hasGroup($uname, 'prosjekt')){
echo 'Ingen tilgang';
exit();
}
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['organisername']) or !isset($_POST['organiser'])){
header('Location: ' . $_SERVER['HTTP_REFERER']);