git.shiar.nl / minimedit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: admin subpermission check for edit pages
[minimedit.git] / auth.inc.php
diff --git a/auth.inc.php b/auth.inc.php
index a1ccedf50cf16ea328ac107e4c8ee8fd9326fa15..7ece6350219902345e504b9d253156200f2d982d 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -3,9 +3,9 @@ date_default_timezone_set('Europe/Amsterdam');
 
 class User
 {
-       function __construct($dir)
+       function __construct($dir, $existing = TRUE)
        {
-               if (!file_exists($dir)) {
+               if (!file_exists($dir) and $existing) {
                        throw new Exception("Gebruiker niet gevonden in $dir");
                }
                $this->dir = $dir;
@@ -40,7 +40,14 @@ class User
        function admin($permission = NULL)
        {
                if (isset($permission)) {
-                       return $this->admin && isset($this->admin[$permission]);  # check level
+                       if (!$this->admin) {
+                               return FALSE;  # empty results
+                       }
+                       @list ($rootlevel, $sublevel) = explode(' ', $permission);
+                       if ($sublevel and isset($this->admin[$rootlevel])) {
+                               return TRUE;  # root match
+                       }
+                       return isset($this->admin[$permission]);  # check level
                }
                if (!@file_exists("{$this->dir}/.admin")) {
                        return FALSE;  # not an admin
MinimEdit - databaseless cms with only a bit of php