Check usergroups when accessing admin panel

2017-11-11 17:06:56 +01:00
parent 1ce3490ff0
commit 3d3903eadc
10 changed files with 116 additions and 1 deletions
--- a/www/admin/prosjekter/delete.php
+++ b/www/admin/prosjekter/delete.php
@@ -3,6 +3,19 @@ require __DIR__ . '/../../../src/_autoload.php';
 require __DIR__ . '/../../../sql_config.php';
 $pdo = new \PDO($dbDsn, $dbUser, $dbPass);
 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$userManager = new \pvv\admin\UserManager($pdo);
+
+require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
+$as = new SimpleSAML_Auth_Simple('default-sp');
+$as->requireAuth();
+$attrs = $as->getAttributes();
+$uname = $attrs['uid'][0];
+
+if(!$userManager->hasGroup($uname, 'prosjekt')){
+	echo 'Ingen tilgang';
+	exit();
+}
+
 $projectID = $_GET['id'];

 $query = 'DELETE FROM projects WHERE id=\'' . $projectID . '\'';