Commit 79e30f61 authored by Richard Mansfield's avatar Richard Mansfield

Prevent non-institutionaladmins getting to pages with INSTITUTIONALADMIN defined

parent 28714c43
......@@ -25,7 +25,7 @@
*/
define('INTERNAL', 1);
define('ADMIN', 1);
define('INSTITUTIONALADMIN', 1);
define('MENUITEM', 'configusers/usersearch');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
define('TITLE', get_string('usersearch', 'admin'));
......
......@@ -331,11 +331,20 @@ function auth_setup () {
else if ($USER->get('admin') && !$userreallyadmin) {
// The user's admin rights have been taken away
$USER->admin = 0;
}
if (!$USER->get('admin')) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
elseif (!$USER->get('admin')) {
// The user never was an admin
} else if (defined('INSTITUTIONALADMIN')) {
$userreallyadminfor = get_column('usr_institution', 'institution', 'usr', $USER->id, 'admin', 1);
if (!$USER->is_institutional_admin() && !empty($userreallyadminfor)) {
$USER->set_admin_institutions($userreallyadminfor);
}
else if ($USER->is_institutional_admin() && empty($userreallyadminfor)) {
$USER->set_admin_institutions(array());
}
if (!$USER->is_institutional_admin()) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
......@@ -1001,7 +1010,8 @@ function login_submit(Pieform $form, $values) {
}
// Only admins in the admin section!
if (defined('ADMIN') && !$USER->admin) {
if (defined('ADMIN') && !$USER->get('admin')
|| defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin()) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
......
......@@ -55,7 +55,6 @@ class User {
'id' => 0,
'username' => '',
'password' => '',
'institution' => 'mahara',
'salt' => '',
'passwordchange' => 0,
'active' => 1,
......@@ -368,6 +367,10 @@ class User {
return !empty($a);
}
public function set_admin_institutions($institutions) {
$this->set('admininstitutions', array_fill_keys($institutions, true));
}
}
......
......@@ -282,6 +282,8 @@ $string['changeinstitution'] = 'Change Institution';
$string['institutionstaff'] = 'Institution Staff';
$string['institutionadmin'] = 'Institution Admin';
$string['settingsfor'] = 'Settings for:';
$string['institutionadministration'] = 'Institution Administration';
$string['institutionmembers'] = 'Institution Members';
// general stuff
......
......@@ -336,6 +336,9 @@ EOF;
if (defined('ADMIN')) {
$smarty->assign('ADMIN', true);
}
if (defined('INSTITUTIONALADMIN')) {
$smarty->assign('INSTITUTIONALADMIN', true);
}
$smarty->assign('LOGGEDIN', $USER->is_logged_in());
if ($USER->is_logged_in()) {
......@@ -1289,7 +1292,54 @@ function make_link($url) {
* @return $adminnav a data structure containing the admin navigation
*/
function admin_nav() {
$wwwroot = get_config('wwwroot');
global $USER;
if (!$USER->get('admin')) {
// Institutional Admin menu
return array(
array(
'path' => 'configusers',
'url' => 'admin/users/search.php',
'title' => get_string('institutionadministration', 'admin'),
'weight' => 10,
),
array(
'path' => 'configusers/usersearch',
'url' => 'admin/users/search.php',
'title' => get_string('usersearch', 'admin'),
'weight' => 10,
),
array(
'path' => 'configusers/institutionmembers',
'url' => 'admin/users/staff.php',
'title' => get_string('institutionmembers', 'admin'),
'weight' => 20,
),
array(
'path' => 'configusers/staff',
'url' => 'admin/users/staff.php',
'title' => get_string('staffusers', 'admin'),
'weight' => 30,
),
array(
'path' => 'configusers/admins',
'url' => 'admin/users/admins.php',
'title' => get_string('adminusers', 'admin'),
'weight' => 40,
),
array(
'path' => 'configusers/adminnotifications',
'url' => 'admin/users/notifications.php',
'title' => get_string('adminnotifications', 'admin'),
'weight' => 50,
),
array(
'path' => 'configusers/uploadcsv',
'url' => 'admin/users/uploadcsv.php',
'title' => get_string('uploadcsv', 'admin'),
'weight' => 60,
),
);
}
$menu = array(
array(
......@@ -1403,7 +1453,7 @@ function admin_nav() {
* Builds a data structure representing the menu for Mahara.
*/
function main_nav() {
if (defined('ADMIN')) {
if (defined('ADMIN') || defined('INSTITUTIONALADMIN')) {
$menu = admin_nav();
}
else {
......
......@@ -41,7 +41,7 @@
{elseif $USER->get('admin')}
<li id="globalnav-siteadmin"><a href="{$WWWROOT}admin/">Site Administration</a></li>
{else}
<li id="globalnav-siteadmin"><a href="{$WWWROOT}admin/">User Administration</a></li>
<li id="globalnav-siteadmin"><a href="{$WWWROOT}admin/users/search.php">User Administration</a></li>
{/if}
{* <li><a href="" onclick="createLoggingPane(); return false;">Create Logging Pane</a></li> *}
{/if}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment