oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

don't let non-priviledged users turn on the admin; additional logic to kick them out of admin when they're no longer logged in would be nice too.

Browse source
This commit is contained in:
Scott Walters 2013-09-24 12:27:50 -05:00
parent 1ac133d955
commit 3aaa72f12c
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Content/Admin.pm
View file

@ -47,6 +47,8 @@ Handle every op=admin request
sub handler { sub handler {
my ($session) = @_; my ($session) = @_;
return "" unless ($session->user->canUseAdminMode);
if ( $session->form->get("op") eq "admin" ) { if ( $session->form->get("op") eq "admin" ) {
if ( $session->form->get("plugin") ) { if ( $session->form->get("plugin") ) {
my $id = $session->form->get('id'); my $id = $session->form->get('id');

4
lib/WebGUI/Operation/Admin.pm
View file

@ -19,7 +19,9 @@ Package WebGUI::Operation::Admin
=head1 DESCRIPTION =head1 DESCRIPTION
Operation handler for admin functions Operation handler for admin functions.
See also L<WebGUI::Content::Admin>, which handles C<op=admin> requests.
=cut =cut