From: Mischa POSLAWSKY Date: Thu, 31 Oct 2019 18:26:45 +0000 (+0100) Subject: nieuws: authorise admins by edit subpermissions X-Git-Tag: v4.1^0 X-Git-Url: http://git.shiar.net/minimedit.git/commitdiff_plain/2b63cbb67dfa8b65019433108edb62003a39d447 nieuws: authorise admins by edit subpermissions Treat news maintenance like any other edit location. --- diff --git a/edit/nieuws/tag/index.php b/edit/nieuws/tag/index.php index c65b81e..9bfb515 100644 --- a/edit/nieuws/tag/index.php +++ b/edit/nieuws/tag/index.php @@ -1,13 +1,13 @@ admin('news')) - abort("geen beheersrechten", '401 unauthorised'); - if (!$_POST) abort("niets te doen", '405 post error'); if (!$Args) abort("pagina niet opgegeven", '409 input error'); $pagename = ltrim($Args, '/').'.html'; +if (!$User or !$User->admin("edit $pagename")) + abort("geen beheersrechten", '401 unauthorised'); + @list ($category, $year, $article) = explode('/', $pagename); if (empty($article) or !file_exists($pagename)) abort("artikel onbekend: $pagename", '404 page error'); diff --git a/nieuws/index.php b/nieuws/index.php index 53dff0d..c6234cf 100644 --- a/nieuws/index.php +++ b/nieuws/index.php @@ -2,12 +2,12 @@ $replyform = $Page == 'melding' && !empty($User); @list ($year, $page) = explode('/', trim($Args, '/')); -if ($User and $User->admin('news')) { +if ($User and $User->admin("edit $Page")) { print ''."\n"; } if ($page and !is_numeric($page)) { - $edit = $User && $User->admin('news') ? htmlspecialchars(@$_GET['edit']) : NULL; + $edit = $User && $User->admin("edit $Page$Args") ? htmlspecialchars(@$_GET['edit']) : NULL; if ($edit) { $Article->title = $edit; } @@ -15,7 +15,7 @@ if ($page and !is_numeric($page)) { $Place[1] = ' '.$Article->date.''; } print preg_replace('{(?<=

)(.*?)(?=

)}', ($edit ?: '\1').' [[1]]', $Article->raw); - if ($User and $User->admin('news')) { + if ($User and $User->admin("edit $Page$Args")) { $taglist = []; foreach (glob("$Page/.tags/*") as $tagpath) { $tagname = pathinfo($tagpath, PATHINFO_BASENAME);