kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adding a variable 'subadmin_restriction' who determine how the account list may be accessed by admin account who are not uid=2000

This commit is contained in:
Benjamin Sonntag 2010-04-11 13:39:24 +00:00
parent e79702c344
commit 023e2a6ab0
5 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bureau/admin/adm_doedit.php
View File

@ -35,7 +35,10 @@ if (!$admin->enabled) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
} }
if (!$admin->checkcreator($uid)) {
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($uid)) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
} }

4
bureau/admin/adm_edit.php
View File

@ -42,7 +42,9 @@ $fields = array (
); );
getFields($fields); getFields($fields);
if (!$admin->checkcreator($uid)) { $subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($uid)) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
} }

23
bureau/admin/adm_list.php
View File

@ -40,17 +40,20 @@ if (!$admin->enabled) {
$fields = array ( $fields = array (
"show" => array ("request", "string", ""), "show" => array ("request", "string", ""),
"creator_id" => array("request", "integer", 2000), "creator" => array("request", "integer", 0),
); );
getFields($fields); getFields($fields);
if ($show && $cuid != 2000) $subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && $show && $cuid != 2000)
{ {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
} }
$r=$admin->get_list($show == 'all' ? 1 : 0, $creator_id);
$r=$admin->get_list($show == 'all' ? 1 : 0, $creator);
?> ?>
<h3><?php __("Member list"); ?></h3> <h3><?php __("Member list"); ?></h3>
@ -64,12 +67,12 @@ $r=$admin->get_list($show == 'all' ? 1 : 0, $creator_id);
&nbsp; &nbsp;
<?php if($_REQUEST['show'] != 'all') { <?php if($_REQUEST['show'] != 'all') {
echo '<br /><a href="adm_list.php?show=all">' . _('List all the accounts') . '</a>'; echo '<br /><a href="adm_list.php?show=all">' . _('List all the accounts') . '</a>';
if ($cuid == 2000) { if ($subadmin!=0 || $cuid==2000) {
$list_creators = $admin->get_creator_list(); $list_creators = $admin->get_creator_list();
$infos_creators = array(); $infos_creators = array();
foreach ($list_creators as $key => $val) { foreach ($list_creators as $key => $val) {
$infos_creators[] = '<a href="adm_list.php?show_all&creator=' . $val['uid'] . '">' . $val['login'] . '</a>'; $infos_creators[] = '<a href="adm_list.php?creator=' . $val['uid'] . '">' . $val['login'] . '</a>';
} }
if (count($infos_creators)) { if (count($infos_creators)) {
@ -117,7 +120,6 @@ while (list($key,$val)=each($r))
?> ?>
<tr class="lst<?php echo $col; ?>"> <tr class="lst<?php echo $col; ?>">
<?php <?php
if($admin->checkcreator($val['uid'])) {
if ($val["su"]) { ?> if ($val["su"]) { ?>
<td>&nbsp;</td> <td>&nbsp;</td>
<?php } else { ?> <?php } else { ?>
@ -130,16 +132,11 @@ while (list($key,$val)=each($r))
if (!$val["enabled"]) if (!$val["enabled"])
echo "<img src=\"icon/encrypted.png\" width=\"16\" height=\"16\" alt=\""._("Locked Account")."\" />"; echo "<img src=\"icon/encrypted.png\" width=\"16\" height=\"16\" alt=\""._("Locked Account")."\" />";
else { else {
if($admin->checkcreator($val['uid'])) {
?> ?>
<a href="adm_login.php?id=<?php echo $val["uid"];?>"><?php __("Connect as"); ?></a> <a href="adm_login.php?id=<?php echo $val["uid"];?>"><?php __("Connect as"); ?></a>
<?php } } ?> <?php } ?>
</td> </td>
<?php
} else {
echo "<td colspan=\"5\"></td>";
}
?>
<td <?php if ($val["su"]) echo "style=\"color: red\""; ?>><?php echo $val["login"] ?></td> <td <?php if ($val["su"]) echo "style=\"color: red\""; ?>><?php echo $val["login"] ?></td>
<td><a href="mailto:<?php echo $val["mail"]; ?>"><?php echo $val["nom"]." ".$val["prenom"] ?></a>&nbsp;</td> <td><a href="mailto:<?php echo $val["mail"]; ?>"><?php echo $val["nom"]." ".$val["prenom"] ?></a>&nbsp;</td>
<td><?php echo $val["parentlogin"] ?></td> <td><?php echo $val["parentlogin"] ?></td>

4
bureau/admin/adm_login.php
View File

@ -39,7 +39,9 @@ $fields = array (
); );
getFields($fields); getFields($fields);
if (!$admin->checkcreator($id)) { $subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($id)) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
} }

3
bureau/class/m_admin.php
View File

@ -197,7 +197,7 @@ class m_admin {
return false; return false;
} }
$db=new DB_System(); $db=new DB_System();
if ($mem->user['uid']==2000 && $creator) { if ($creator) {
// Limit listing to a specific reseller // Limit listing to a specific reseller
$db->query("SELECT uid FROM membres WHERE creator='".$creator."' ORDER BY login;"); $db->query("SELECT uid FROM membres WHERE creator='".$creator."' ORDER BY login;");
} elseif ($mem->user['uid']==2000 || $all) { } elseif ($mem->user['uid']==2000 || $all) {
@ -215,6 +215,7 @@ class m_admin {
} }
} }
/** /**
* Returns an array with the known information about resellers (uid, login, number of accounts) * Returns an array with the known information about resellers (uid, login, number of accounts)
* Does not include account 2000 in the list. * Does not include account 2000 in the list.