Commit e1126dec authored by Ruslan Kabalin's avatar Ruslan Kabalin Committed by Gerrit Code Review
Browse files

Merge "Add support for pages accessible by both admins and staff"

parents 10b13ad2 0d7f8ee9
......@@ -415,26 +415,26 @@ function auth_setup () {
// The session is still active, so continue it.
// Make sure that if a user's admin status has changed, they're kicked
// out of the admin section
if (defined('ADMIN')) {
$userreallyadmin = get_field('usr', 'admin', 'id', $USER->id);
if (!$USER->get('admin') && $userreallyadmin) {
if (in_admin_section()) {
// Reload site admin/staff permissions
$realuser = get_record('usr', 'id', $USER->id, null, null, null, null, 'admin,staff');
if (!$USER->get('admin') && $realuser->admin) {
// The user has been made into an admin
$USER->admin = 1;
}
else if ($USER->get('admin') && !$userreallyadmin) {
else if ($USER->get('admin') && !$realuser->admin) {
// The user's admin rights have been taken away
$USER->admin = 0;
}
if (!$USER->get('admin')) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
if (!$USER->get('staff') && $realuser->staff) {
$USER->staff = 1;
}
} else if (defined('INSTITUTIONALADMIN') && !$USER->get('admin')) {
$USER->reset_institutions();
if (!$USER->is_institutional_admin()) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
else if ($USER->get('staff') && !$realuser->staff) {
$USER->staff = 0;
}
// Reload institutional admin/staff permissions
$USER->reset_institutions();
auth_check_admin_section();
}
$USER->renew();
auth_check_required_fields();
......@@ -1366,13 +1366,7 @@ function login_submit(Pieform $form, $values) {
}
}
// Only admins in the admin section!
if (!$USER->get('admin') &&
(defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
auth_check_admin_section();
ensure_user_account_is_active();
// User is allowed to log in
......@@ -1380,6 +1374,35 @@ function login_submit(Pieform $form, $values) {
auth_check_required_fields();
}
/**
* Redirect to the home page if the user is trying to access the admin
* area without permission
*/
function auth_check_admin_section() {
global $USER, $SESSION;
if (defined('ADMIN')) {
$allowed = $USER->get('admin');
}
else if (defined('STAFF')) {
$allowed = $USER->get('admin') || $USER->get('staff');
}
else if (defined('INSTITUTIONALADMIN')) {
$allowed = $USER->get('admin') || $USER->is_institutional_admin();
}
else if (defined('INSTITUTIONALSTAFF')) {
$allowed = $USER->get('admin') || $USER->get('staff') || $USER->is_institutional_admin() || $USER->is_institutional_staff();
}
else {
return;
}
if (!$allowed) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
}
/**
* Die and log the user out if their account is not active.
*
......
......@@ -551,12 +551,7 @@ function auth_saml_login_submit(Pieform $form, $values) {
redirect('/auth/saml/');
}
// Only admins in the admin section!
if (!$USER->get('admin') &&
(defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
auth_check_admin_section();
// Check if the user's account has been deleted
if ($USER->deleted) {
......
......@@ -339,7 +339,8 @@ EOF;
$stylesheets = array_merge($stylesheets, array_reverse($pluginsheets));
}
}
if (defined('ADMIN') || defined('INSTITUTIONALADMIN')) {
if ($adminsection = in_admin_section()) {
if ($adminsheets = $THEME->get_url('style/admin.css', true)) {
$stylesheets = array_merge($stylesheets, array_reverse($adminsheets));
}
......@@ -408,6 +409,12 @@ EOF;
if (defined('INSTITUTIONALADMIN')) {
$smarty->assign('INSTITUTIONALADMIN', true);
}
if (defined('STAFF')) {
$smarty->assign('STAFF', true);
}
if (defined('INSTITUTIONALSTAFF')) {
$smarty->assign('INSTITUTIONALSTAFF', true);
}
$smarty->assign('LOGGEDIN', $USER->is_logged_in());
if ($USER->is_logged_in()) {
......@@ -461,7 +468,7 @@ EOF;
// ---------- sideblock stuff ----------
$sidebars = !isset($extraconfig['sidebars']) || $extraconfig['sidebars'] !== false;
if ($sidebars && !defined('INSTALLER') && (!defined('MENUITEM') || substr(MENUITEM, 0, 5) != 'admin')) {
if (get_config('installed') && !defined('ADMIN') && !defined('INSTITUTIONALADMIN')) {
if (get_config('installed') && !$adminsection) {
$data = site_menu();
if (!empty($data)) {
$smarty->assign('SITEMENU', site_menu());
......@@ -492,7 +499,7 @@ EOF;
}
}
if($USER->is_logged_in() && !defined('ADMIN') && !defined('INSTITUTIONALADMIN')) {
if ($USER->is_logged_in() && !$adminsection) {
$SIDEBLOCKS[] = array(
'name' => 'profile',
'id' => 'sb-profile',
......@@ -1714,6 +1721,14 @@ function pieform_get_help(Pieform $form, $element) {
$form->get_name(), $element['name']);
}
/**
* Is this a page in the admin area?
*
* @return bool
*/
function in_admin_section() {
return defined('ADMIN') || defined('INSTITUTIONALADMIN') || defined('STAFF') || defined('INSTITUTIONALSTAFF');
}
/**
* Returns the entries in the standard admin menu
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment