kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adding a variable 'subadmin_restriction' who determine how the account list may be accessed by admin account who are not uid=2000

This commit is contained in:
Benjamin Sonntag 2010-04-11 13:39:24 +00:00
parent e79702c344
commit 023e2a6ab0
5 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bureau/admin/adm_doedit.php
View File

@ -35,7 +35,10 @@ if (!$admin->enabled) {
__("This page is restricted to authorized staff");
exit();
}
if (!$admin->checkcreator($uid)) {
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($uid)) {
__("This page is restricted to authorized staff");
exit();
}

4
bureau/admin/adm_edit.php
View File

@ -42,7 +42,9 @@ $fields = array (
);
getFields($fields);
if (!$admin->checkcreator($uid)) {
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($uid)) {
__("This page is restricted to authorized staff");
exit();
}

23
bureau/admin/adm_list.php
View File

@ -40,17 +40,20 @@ if (!$admin->enabled) {
$fields = array (
"show" => array ("request", "string", ""),
"creator_id" => array("request", "integer", 2000),
"creator" => array("request", "integer", 0),
);
getFields($fields);
if ($show && $cuid != 2000)
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && $show && $cuid != 2000)
{
__("This page is restricted to authorized staff");
exit();
}
$r=$admin->get_list($show == 'all' ? 1 : 0, $creator_id);
$r=$admin->get_list($show == 'all' ? 1 : 0, $creator);
?>
<h3><?php __("Member list"); ?></h3>
@ -64,12 +67,12 @@ $r=$admin->get_list($show == 'all' ? 1 : 0, $creator_id);
&nbsp;
<?php if($_REQUEST['show'] != 'all') {
echo '<br /><a href="adm_list.php?show=all">' . _('List all the accounts') . '</a>';
if ($cuid == 2000) {
if ($subadmin!=0 || $cuid==2000) {
$list_creators = $admin->get_creator_list();
$infos_creators = array();
foreach ($list_creators as $key => $val) {
$infos_creators[] = '<a href="adm_list.php?show_all&creator=' . $val['uid'] . '">' . $val['login'] . '</a>';
$infos_creators[] = '<a href="adm_list.php?creator=' . $val['uid'] . '">' . $val['login'] . '</a>';
}
if (count($infos_creators)) {
@ -117,7 +120,6 @@ while (list($key,$val)=each($r))
?>
<tr class="lst<?php echo $col; ?>">
<?php
if($admin->checkcreator($val['uid'])) {
if ($val["su"]) { ?>
<td>&nbsp;</td>
<?php } else { ?>
@ -130,16 +132,11 @@ while (list($key,$val)=each($r))
if (!$val["enabled"])
echo "<img src=\"icon/encrypted.png\" width=\"16\" height=\"16\" alt=\""._("Locked Account")."\" />";
else {
if($admin->checkcreator($val['uid'])) {
?>
<a href="adm_login.php?id=<?php echo $val["uid"];?>"><?php __("Connect as"); ?></a>
<?php } } ?>
<?php } ?>
</td>
<?php
} else {
echo "<td colspan=\"5\"></td>";
}
?>
<td <?php if ($val["su"]) echo "style=\"color: red\""; ?>><?php echo $val["login"] ?></td>
<td><a href="mailto:<?php echo $val["mail"]; ?>"><?php echo $val["nom"]." ".$val["prenom"] ?></a>&nbsp;</td>
<td><?php echo $val["parentlogin"] ?></td>

4
bureau/admin/adm_login.php
View File

@ -39,7 +39,9 @@ $fields = array (
);
getFields($fields);
if (!$admin->checkcreator($id)) {
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($id)) {
__("This page is restricted to authorized staff");
exit();
}

3
bureau/class/m_admin.php
View File

@ -197,7 +197,7 @@ class m_admin {
return false;
}
$db=new DB_System();
if ($mem->user['uid']==2000 && $creator) {
if ($creator) {
// Limit listing to a specific reseller
$db->query("SELECT uid FROM membres WHERE creator='".$creator."' ORDER BY login;");
} elseif ($mem->user['uid']==2000 || $all) {
@ -215,6 +215,7 @@ class m_admin {
}
}
/**
* Returns an array with the known information about resellers (uid, login, number of accounts)
* Does not include account 2000 in the list.