arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Allow superuser to always access admin/config even if its not in their session roles

Browse Source
This commit is contained in:
james 2010-12-06 18:33:02 +00:00
parent 8817e5eb86
commit 0acf5a5661
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
user.inc.php
View File

@ -1086,7 +1086,16 @@ function user_auth_required($all_required = array(), $one_required = array())
* in $all_required that are also in the session roles */
if(!is_array($all_required)) $all_required = array($all_required);
$match = array_intersect($all_required, $_SESSION['roles']);
//superuser always can access admin and config, even if its not in their SESSION roles
if($_SESSION['superuser']=="yes") {
$roles=array_merge(array("admin","config"),$_SESSION['roles']);
}
else {
$roles=$_SESSION['roles'];
}
$match = array_intersect($all_required, $roles);
if($all_required != $match) {
/* Something is missing */
$ok = false;
@ -1095,7 +1104,7 @@ function user_auth_required($all_required = array(), $one_required = array())
/* Make sure the user has one role in $one_required */
if(!is_array($one_required)) $one_required = array($one_required);
if(count($one_required)) {
$match = array_intersect($one_required, $_SESSION['roles']);
$match = array_intersect($one_required, $roles);
if(count($match) == 0) {
/* Missing any role in $one_required */
$ok = false;