From 24b6af179994b48561c352e7955f62b9782a3a85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20A=CC=8Ane?= <yorinad@pvv.ntnu.no>
Date: Tue, 13 Feb 2018 18:30:49 +0100
Subject: [PATCH] Add admin button to user menu, if admin

---
 inc/navbar.php            | 12 +++++++++++-
 www/admin/index.php       |  5 +++--
 www/aktiviteter/index.php |  2 +-
 www/kontakt/index.php     |  2 +-
 www/prosjekt/index.php    |  2 +-
 5 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/inc/navbar.php b/inc/navbar.php
index 09d0ec0..d902756 100644
--- a/inc/navbar.php
+++ b/inc/navbar.php
@@ -25,7 +25,8 @@ function navbar($depth, $active = NULL) {
 	return $result . "\t</ul>\n";
 }
 
-function loginBar($sp = 'default-sp') {
+function loginBar($sp = null, $pdo = null) {
+	if (is_null($sp)) $sp = 'default-sp';
 	$result = "\n";
 	require_once(__DIR__ . '/../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
 	$as = new SimpleSAML_Auth_Simple($sp);
@@ -44,10 +45,19 @@ function loginBar($sp = 'default-sp') {
 	$attr = $as->getAttributes();
 	if($attr) {
 		$uname = $attr['uid'][0];
+		if (isset($pdo)) {
+			$userManager = new \pvv\admin\UserManager($pdo);
+			$isAdmin = $userManager->isAdmin($uname);
+		} else {
+			$isAdmin = false;
+		}
 		$result .= "\t<a id=\"login\" href=\"#usermenu\" aria-hidden=\"true\">${svgWhite}" . htmlspecialchars($uname) . "</a>\n";
 
 		$result .= "\n\t<ul id=\"usermenu\">\n";
 		$result .= "\n\t\t<li><a id=\"login\" href=\"#\">${svgBlue}" . htmlspecialchars($uname) . "</a></li>\n";
+		if ($isAdmin) {
+			$result .= "\n\t\t<li><a href=\"/admin/\">Admin</a></li>\n";
+		}
 		$result .= "\n\t\t<li><a href=\"" . htmlspecialchars($as->getLogoutURL()) . "\">Logg ut</a></li>\n";
 		$result .= "\n\t</ul>\n";
 	} else {
diff --git a/www/admin/index.php b/www/admin/index.php
index c210b47..906631c 100644
--- a/www/admin/index.php
+++ b/www/admin/index.php
@@ -18,7 +18,8 @@ $projectGroup = $userManager->hasGroup($uname, 'prosjekt');
 $activityGroup = $userManager->hasGroup($uname, 'aktiviteter');
 
 if(!($isAdmin | $projectGroup | $activityGroup)){
-	echo 'Her har du ikke lov\'t\'å\'værra!!!';
+	header('Content-Type: text/plain', true, 403);
+	echo "Her har du ikke lov't'å'værra!!!\r\n";
 	exit();
 }
 ?>
@@ -54,5 +55,5 @@ if(!($isAdmin | $projectGroup | $activityGroup)){
 
 <nav>
 	<?= navbar(1); ?>
-	<?= loginbar(); ?>
+	<?= loginbar(null, $pdo); ?>
 </nav>
diff --git a/www/aktiviteter/index.php b/www/aktiviteter/index.php
index 5a3674c..c9bca84 100644
--- a/www/aktiviteter/index.php
+++ b/www/aktiviteter/index.php
@@ -80,5 +80,5 @@ foreach($events as $event) {
 
 <nav>
 	<?= navbar(1, 'aktiviteter'); ?>
-	<?= loginbar(); ?>
+	<?= loginbar(null, $pdo); ?>
 </nav>
diff --git a/www/kontakt/index.php b/www/kontakt/index.php
index e37a0d9..053683b 100755
--- a/www/kontakt/index.php
+++ b/www/kontakt/index.php
@@ -39,5 +39,5 @@ Det er også mulig å ta i bruk analog kontakt ved å møte opp <a href="https:/
 
 <nav>
 	<?= navbar(1, 'kontakt'); ?>
-	<?= loginbar(); ?>
+	<?= loginbar(null, $pdo); ?>
 </nav>
diff --git a/www/prosjekt/index.php b/www/prosjekt/index.php
index 1f66499..7d8bd98 100644
--- a/www/prosjekt/index.php
+++ b/www/prosjekt/index.php
@@ -69,5 +69,5 @@ $projects = $projectManager->getAll();
 
 <nav>
 	<?= navbar(1, 'prosjekt'); ?>
-	<?= loginbar(); ?>
+	<?= loginbar(null, $pdo); ?>
 </nav>