- karma rfe: Limiting access to admin mode to set of ip's

lib/WebGUI/Operation/Admin.pm

@@ -33,7 +33,7 @@ If the current user is in the Turn On Admin Group, then return an Admin Console.
 
 sub www_adminConsole {
 	my $session = shift;
-	return "" unless ($session->user->isInGroup(12));
+	return "" unless ($session->user->canUseAdminMode);
 	my $ac = WebGUI::AdminConsole->new($session);
 	return $ac->render;
 }
@@ -50,7 +50,7 @@ via WebGUI::Session::Var::switchAdminOff()
 
 sub www_switchOffAdmin {
 	my $session = shift;
-	return "" unless ($session->user->isInGroup(12));
+	return "" unless ($session->user->canUseAdminMode);
 	$session->http->setCacheControl("none");
 	$session->var->switchAdminOff();
 	return "";
@@ -66,7 +66,7 @@ If the current user is in the Turn On Admin Group, then allow them to turn on Ad
 
 sub www_switchOnAdmin {
 	my $session = shift;
-	return "" unless ($session->user->isInGroup(12));
+	return "" unless ($session->user->canUseAdminMode);
 	$session->http->setCacheControl("none");
 	$session->var->switchAdminOn();
 	return "";

lib/WebGUI/User.pm

@@ -120,6 +120,24 @@ sub authMethod {
 
 #-------------------------------------------------------------------
 
+=head2 canUseAdminMode ( )
+
+Returns a boolean indicating whether the user has the basic privileges needed to turn on admin mode and use basic admin functions. Note this isn't checking for any special privileges like whether the user can create new users, etc.
+
+=cut
+
+sub canUseAdminMode {
+        my $self = shift;
+	my $pass = 1;
+	my $subnets = $self->session->config->get("adminModeSubnets");
+	if (scalar(@$subnets)) {
+		$pass = isInSubnet($self->session->env->get("REMOTE_ADDR"), $subnets);
+	}
+	return $pass && $self->session->user->isInGroup(12)
+}
+
+#-------------------------------------------------------------------
+
 =head2 dateCreated ( )
 
 Returns the epoch for when this user was created.