Check usergroups when accessing admin panel
This commit is contained in:
parent
1ce3490ff0
commit
3d3903eadc
|
|
@ -9,7 +9,7 @@ class UserManager{
|
|||
public $usergroups = [
|
||||
'admin' => 1,
|
||||
'prosjekt' => 2,
|
||||
'hendelser' => 4
|
||||
'aktiviteter' => 4
|
||||
];
|
||||
|
||||
public function __construct($pdo){
|
||||
|
|
|
|||
|
|
@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||
require __DIR__ . '/../../../sql_config.php';
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$eventID = $_GET['id'];
|
||||
|
||||
$query = 'DELETE FROM events WHERE id=\'' . $eventID . '\'';
|
||||
|
|
|
|||
|
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$customActivity = new \pvv\side\DBActivity($pdo);
|
||||
|
||||
$new = 0;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$customActivity = new \pvv\side\DBActivity($pdo);
|
||||
$events = $customActivity->getAllEvents();
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||
require __DIR__ . '/../../../sql_config.php';
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['start']) or !isset($_POST['end']) or !isset($_POST['organiser']) or !isset($_POST['location'])){
|
||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,19 @@
|
|||
<?php
|
||||
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
|
||||
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!($userManager->isAdmin($uname) | $userManager->hasGroup($uname, 'prosjekt') | $userManager->hasGroup($uname, 'aktiviteter'))){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
?>
|
||||
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
|
|
|
|||
|
|
@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||
require __DIR__ . '/../../../sql_config.php';
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$projectID = $_GET['id'];
|
||||
|
||||
$query = 'DELETE FROM projects WHERE id=\'' . $projectID . '\'';
|
||||
|
|
|
|||
|
|
@ -6,6 +6,20 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||
require __DIR__ . '/../../../sql_config.php';
|
||||
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$projectManager = new \pvv\side\ProjectManager($pdo);
|
||||
$projects = $projectManager->getAll();
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
$projectManager = new \pvv\side\ProjectManager($pdo);
|
||||
$projects = $projectManager->getAll();
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||
require __DIR__ . '/../../../sql_config.php';
|
||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$userManager = new \pvv\admin\UserManager($pdo);
|
||||
|
||||
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||
$as->requireAuth();
|
||||
$attrs = $as->getAttributes();
|
||||
$uname = $attrs['uid'][0];
|
||||
|
||||
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||
echo 'Ingen tilgang';
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['organisername']) or !isset($_POST['organiser'])){
|
||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||
|
|
|
|||
Loading…
Reference in New Issue