Restrict access to the admin pages using fine-grained permissions

2011-12-20 01:44:05 +00:00
parent fcea8eec59
commit 4a81b0ce7b
6 changed files with 39 additions and 3 deletions
--- a/source/webui/pages/admin/service.php
+++ b/source/webui/pages/admin/service.php
@@ -2,13 +2,18 @@

 $main = StatusBoard_Main::instance();
 $request = $main->request();
+$auth = $main->auth();
+
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateStatusBoards)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}

 $service_id = $request->get('id', 'Sihnon_Exception_InvalidParameters');
 $service = null;
 try {
    $service = StatusBoard_Service::fromId($service_id);
 } catch (Sihnon_Exception_ResultCountMismatch $e) {
-    StatusBoard_Page::redirect('errors/404');
+    throw new StatusBoard_Exception_FileNotFound();
 }

 $sites = $service->sites();