#260 Restrict some pages to administrators

SVN:trunk[800]
2026-02-12 23:14:18 +01:00 · 2010-09-09 05:44:18 +00:00
parent a3f4dad24e
commit 5070dd2abe
7 changed files with 21 additions and 7 deletions
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -217,7 +217,7 @@ EOF
 			header("Location: $sUrl");			
 			exit;
 		}
-		
+
 		$aAllowedLoginTypes = utils::GetConfig()->GetAllowedLoginTypes();

 		if (isset($_SESSION['auth_user']))
@@ -329,7 +329,7 @@ EOF
 		}
 	}
 	
-	static function DoLogin()
+	static function DoLogin($bMustBeAdmin = false)
 	{
 		$operation = utils::ReadParam('loginop', '');
 		session_start();
@@ -378,11 +378,20 @@ EOF
 				$oPage = new LoginWebPage();
 				$oPage->DisplayChangePwdForm(true); // old pwd was wrong
 				$oPage->output();
-				exit;
 			}
 		}
 		
 		self::Login();
+
+		if ($bMustBeAdmin && !UserRights::IsAdministrator())
+		{	
+			require_once('../setup/setuppage.class.inc.php');
+			$oP = new SetupWebPage(Dict::S('UI:PageTitle:FatalError'));
+			$oP->add("<h1>".Dict::S('UI:Login:Error:AccessAdmin')."</h1>\n");	
+			$oP->p("<a href=\"../pages/logoff.php\">".Dict::S('UI:LogOffMenu')."</a>");
+			$oP->output();
+			exit;
+		}
 	}

 } // End of class
--- a/dictionaries/dictionary.itop.ui.php
+++ b/dictionaries/dictionary.itop.ui.php
@@ -443,6 +443,7 @@ Dict::Add('EN US', 'English', 'English', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
 	'UI:Button:Login' => 'Enter iTop',
 	'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+	'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
 	'UI:CSVImport:MappingSelectOne' => '-- select one --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
 	'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',
--- a/dictionaries/es_cr.dictionary.itop.ui.php
+++ b/dictionaries/es_cr.dictionary.itop.ui.php
@@ -452,6 +452,7 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
 	'UI:Button:Login' => 'Enter iTop',
 	'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+	'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
 	'UI:CSVImport:MappingSelectOne' => '-- select one --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
 	'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',
--- a/dictionaries/fr.dictionary.itop.ui.php
+++ b/dictionaries/fr.dictionary.itop.ui.php
@@ -443,6 +443,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'Les deux saisies du nouveau mot de passe ne sont pas identiques !',
 	'UI:Button:Login' => 'Entrer dans iTop',
 	'UI:Login:Error:AccessRestricted' => 'L\'accès à iTop est soumis à autorisation. Merci de contacter votre administrateur iTop.',
+	'UI:Login:Error:AccessAdmin' => 'Accès resreint aux utilisateurs possédant le profil Administrateur.',
 	'UI:CSVImport:MappingSelectOne' => '-- choisir une valeur --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignorer ce champ --',
 	'UI:CSVImport:NoData' => 'Aucune donnée... merci de fournir des données !',
@@ -700,7 +701,7 @@ Dict::Add('FR FR', 'French', 'Français', array(

 	'Menu:AdminTools' => 'Outils d\'admin',
 	'Menu:AdminTools+' => 'Outils d\'administration',
-	'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateur possédant le profil Administrateur.',
+	'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateurs possédant le profil Administrateur.',

 	'UI:AuditMenu' => 'Audit',
 	'UI:AuditMenu+' => 'Audit',
--- a/pages/UniversalSearch.php
+++ b/pages/UniversalSearch.php
@@ -30,7 +30,7 @@ require_once('../application/applicationcontext.class.inc.php');
 require_once('../application/startup.inc.php');

 require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)

 $oAppContext = new ApplicationContext();
 $iActiveNodeId = utils::ReadParam('menu', -1);
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -29,8 +29,7 @@ require_once('../application/itopwebpage.class.inc.php');
 require_once('../application/startup.inc.php');

 require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)

 function ShowExamples($oP, $sExpression)
 {
--- a/pages/schema.php
+++ b/pages/schema.php
@@ -28,6 +28,9 @@ require_once('../application/itopwebpage.class.inc.php');

 require_once('../application/startup.inc.php');

+require_once('../application/loginwebpage.class.inc.php');
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
+

 /**
 * Helper for this page -> link to a class