Check usergroups when accessing admin panel

2017-11-11 17:06:56 +01:00
parent 1ce3490ff0
commit 3d3903eadc
10 changed files with 116 additions and 1 deletions
--- a/www/admin/prosjekter/update.php
+++ b/www/admin/prosjekter/update.php
@@ -5,6 +5,18 @@ require __DIR__ . '/../../../src/_autoload.php';
 require __DIR__ . '/../../../sql_config.php';
 $pdo = new \PDO($dbDsn, $dbUser, $dbPass);
 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$userManager = new \pvv\admin\UserManager($pdo);
+
+require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
+$as = new SimpleSAML_Auth_Simple('default-sp');
+$as->requireAuth();
+$attrs = $as->getAttributes();
+$uname = $attrs['uid'][0];
+
+if(!$userManager->hasGroup($uname, 'prosjekt')){
+	echo 'Ingen tilgang';
+	exit();
+}

 if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['organisername']) or !isset($_POST['organiser'])){
 	header('Location: ' . $_SERVER['HTTP_REFERER']);