Check usergroups when accessing admin panel
This commit is contained in:
parent
1ce3490ff0
commit
3d3903eadc
@ -9,7 +9,7 @@ class UserManager{
|
|||||||
public $usergroups = [
|
public $usergroups = [
|
||||||
'admin' => 1,
|
'admin' => 1,
|
||||||
'prosjekt' => 2,
|
'prosjekt' => 2,
|
||||||
'hendelser' => 4
|
'aktiviteter' => 4
|
||||||
];
|
];
|
||||||
|
|
||||||
public function __construct($pdo){
|
public function __construct($pdo){
|
||||||
|
@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||||||
require __DIR__ . '/../../../sql_config.php';
|
require __DIR__ . '/../../../sql_config.php';
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$eventID = $_GET['id'];
|
$eventID = $_GET['id'];
|
||||||
|
|
||||||
$query = 'DELETE FROM events WHERE id=\'' . $eventID . '\'';
|
$query = 'DELETE FROM events WHERE id=\'' . $eventID . '\'';
|
||||||
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||||||
|
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$customActivity = new \pvv\side\DBActivity($pdo);
|
$customActivity = new \pvv\side\DBActivity($pdo);
|
||||||
|
|
||||||
$new = 0;
|
$new = 0;
|
||||||
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||||||
|
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$customActivity = new \pvv\side\DBActivity($pdo);
|
$customActivity = new \pvv\side\DBActivity($pdo);
|
||||||
$events = $customActivity->getAllEvents();
|
$events = $customActivity->getAllEvents();
|
||||||
|
|
||||||
|
@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||||||
require __DIR__ . '/../../../sql_config.php';
|
require __DIR__ . '/../../../sql_config.php';
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'aktiviteter')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['start']) or !isset($_POST['end']) or !isset($_POST['organiser']) or !isset($_POST['location'])){
|
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['start']) or !isset($_POST['end']) or !isset($_POST['organiser']) or !isset($_POST['location'])){
|
||||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||||
|
@ -1,7 +1,19 @@
|
|||||||
<?php
|
<?php
|
||||||
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
|
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
|
||||||
|
|
||||||
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
$as = new SimpleSAML_Auth_Simple('default-sp');
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
$attrs = $as->getAttributes();
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!($userManager->isAdmin($uname) | $userManager->hasGroup($uname, 'prosjekt') | $userManager->hasGroup($uname, 'aktiviteter'))){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||||||
require __DIR__ . '/../../../sql_config.php';
|
require __DIR__ . '/../../../sql_config.php';
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$projectID = $_GET['id'];
|
$projectID = $_GET['id'];
|
||||||
|
|
||||||
$query = 'DELETE FROM projects WHERE id=\'' . $projectID . '\'';
|
$query = 'DELETE FROM projects WHERE id=\'' . $projectID . '\'';
|
||||||
|
@ -6,6 +6,20 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||||||
require __DIR__ . '/../../../sql_config.php';
|
require __DIR__ . '/../../../sql_config.php';
|
||||||
|
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$projectManager = new \pvv\side\ProjectManager($pdo);
|
$projectManager = new \pvv\side\ProjectManager($pdo);
|
||||||
$projects = $projectManager->getAll();
|
$projects = $projectManager->getAll();
|
||||||
|
|
||||||
|
@ -7,6 +7,19 @@ require __DIR__ . '/../../../sql_config.php';
|
|||||||
|
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$projectManager = new \pvv\side\ProjectManager($pdo);
|
$projectManager = new \pvv\side\ProjectManager($pdo);
|
||||||
$projects = $projectManager->getAll();
|
$projects = $projectManager->getAll();
|
||||||
|
|
||||||
|
@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
|
|||||||
require __DIR__ . '/../../../sql_config.php';
|
require __DIR__ . '/../../../sql_config.php';
|
||||||
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
$pdo = new \PDO($dbDsn, $dbUser, $dbPass);
|
||||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
$userManager = new \pvv\admin\UserManager($pdo);
|
||||||
|
|
||||||
|
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('default-sp');
|
||||||
|
$as->requireAuth();
|
||||||
|
$attrs = $as->getAttributes();
|
||||||
|
$uname = $attrs['uid'][0];
|
||||||
|
|
||||||
|
if(!$userManager->hasGroup($uname, 'prosjekt')){
|
||||||
|
echo 'Ingen tilgang';
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['organisername']) or !isset($_POST['organiser'])){
|
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['organisername']) or !isset($_POST['organiser'])){
|
||||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||||
|
Reference in New Issue
Block a user