diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php
index 5e2caf914..23c48eb54 100644
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -217,7 +217,7 @@ EOF
header("Location: $sUrl");
exit;
}
-
+
$aAllowedLoginTypes = utils::GetConfig()->GetAllowedLoginTypes();
if (isset($_SESSION['auth_user']))
@@ -329,7 +329,7 @@ EOF
}
}
- static function DoLogin()
+ static function DoLogin($bMustBeAdmin = false)
{
$operation = utils::ReadParam('loginop', '');
session_start();
@@ -378,11 +378,20 @@ EOF
$oPage = new LoginWebPage();
$oPage->DisplayChangePwdForm(true); // old pwd was wrong
$oPage->output();
- exit;
}
}
self::Login();
+
+ if ($bMustBeAdmin && !UserRights::IsAdministrator())
+ {
+ require_once('../setup/setuppage.class.inc.php');
+ $oP = new SetupWebPage(Dict::S('UI:PageTitle:FatalError'));
+ $oP->add("".Dict::S('UI:Login:Error:AccessAdmin')."
\n");
+ $oP->p("".Dict::S('UI:LogOffMenu')."");
+ $oP->output();
+ exit;
+ }
}
} // End of class
diff --git a/dictionaries/dictionary.itop.ui.php b/dictionaries/dictionary.itop.ui.php
index 3245baced..a0b45eab5 100644
--- a/dictionaries/dictionary.itop.ui.php
+++ b/dictionaries/dictionary.itop.ui.php
@@ -443,6 +443,7 @@ Dict::Add('EN US', 'English', 'English', array(
'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
'UI:Button:Login' => 'Enter iTop',
'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+ 'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
'UI:CSVImport:MappingSelectOne' => '-- select one --',
'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',
diff --git a/dictionaries/es_cr.dictionary.itop.ui.php b/dictionaries/es_cr.dictionary.itop.ui.php
index d6f3574f1..a3bc810b1 100644
--- a/dictionaries/es_cr.dictionary.itop.ui.php
+++ b/dictionaries/es_cr.dictionary.itop.ui.php
@@ -452,6 +452,7 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
'UI:Button:Login' => 'Enter iTop',
'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+ 'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
'UI:CSVImport:MappingSelectOne' => '-- select one --',
'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',
diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php
index b8092fa53..ebaae475e 100644
--- a/dictionaries/fr.dictionary.itop.ui.php
+++ b/dictionaries/fr.dictionary.itop.ui.php
@@ -443,6 +443,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
'UI:Login:RetypePwdDoesNotMatch' => 'Les deux saisies du nouveau mot de passe ne sont pas identiques !',
'UI:Button:Login' => 'Entrer dans iTop',
'UI:Login:Error:AccessRestricted' => 'L\'accès à iTop est soumis à autorisation. Merci de contacter votre administrateur iTop.',
+ 'UI:Login:Error:AccessAdmin' => 'Accès resreint aux utilisateurs possédant le profil Administrateur.',
'UI:CSVImport:MappingSelectOne' => '-- choisir une valeur --',
'UI:CSVImport:MappingNotApplicable' => '-- ignorer ce champ --',
'UI:CSVImport:NoData' => 'Aucune donnée... merci de fournir des données !',
@@ -700,7 +701,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
'Menu:AdminTools' => 'Outils d\'admin',
'Menu:AdminTools+' => 'Outils d\'administration',
- 'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateur possédant le profil Administrateur.',
+ 'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateurs possédant le profil Administrateur.',
'UI:AuditMenu' => 'Audit',
'UI:AuditMenu+' => 'Audit',
diff --git a/pages/UniversalSearch.php b/pages/UniversalSearch.php
index f4ecf5f1d..3c09a2bd0 100644
--- a/pages/UniversalSearch.php
+++ b/pages/UniversalSearch.php
@@ -30,7 +30,7 @@ require_once('../application/applicationcontext.class.inc.php');
require_once('../application/startup.inc.php');
require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
$oAppContext = new ApplicationContext();
$iActiveNodeId = utils::ReadParam('menu', -1);
diff --git a/pages/run_query.php b/pages/run_query.php
index c1ed44f70..4bea654a3 100644
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -29,8 +29,7 @@ require_once('../application/itopwebpage.class.inc.php');
require_once('../application/startup.inc.php');
require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
function ShowExamples($oP, $sExpression)
{
diff --git a/pages/schema.php b/pages/schema.php
index c1471a928..c04bc0472 100644
--- a/pages/schema.php
+++ b/pages/schema.php
@@ -28,6 +28,9 @@ require_once('../application/itopwebpage.class.inc.php');
require_once('../application/startup.inc.php');
+require_once('../application/loginwebpage.class.inc.php');
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
+
/**
* Helper for this page -> link to a class