Restrict the various admin pages to users in the root role.

6ff5f30c · Tim Steiner · 3e36e50d · 6ff5f30c · 6ff5f30c · 6ff5f30c
Commit 6ff5f30c authored 15 years ago by Tim Steiner
--- a/application/modules/auth/controllers/UserAdminController.php
+++ b/application/modules/auth/controllers/UserAdminController.php
@@ -2,6 +2,15 @@

 class Auth_UserAdminController extends App_Controller_Action
 {
+	public function preDispatch()
+	{
+		$user = Auth_UserModel::findCurrentUser();
+		$roles = Auth_GroupModel::findByUser($user);
+		if (!in_array(1, $roles->getId())) {
+			throw new Exception('You must be logged in to view this page.');
+		}
+	}
+	
    public function indexAction()
    {
        $users = Auth_UserModel::findAll();

--- a/application/modules/requests/controllers/ApprovalBodyAdminController.php
+++ b/application/modules/requests/controllers/ApprovalBodyAdminController.php
@@ -2,6 +2,14 @@

 class Requests_ApprovalBodyAdminController extends App_Controller_Action
 {
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
 	
 	public function indexAction()
 	{

--- a/application/modules/requests/controllers/ApprovalChainManagerController.php
+++ b/application/modules/requests/controllers/ApprovalChainManagerController.php
@@ -2,6 +2,15 @@

 class Requests_ApprovalChainManagerController extends App_Controller_Action
 {
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
+    
    public function indexAction()
    {
        $in = $this->getRequest()->getParams();

--- a/application/modules/requests/controllers/RequestTypeAdminController.php
+++ b/application/modules/requests/controllers/RequestTypeAdminController.php
 <?php

-class Requests_RequestTypeAdminController extends App_Controller_Action {
-	
+class Requests_RequestTypeAdminController extends App_Controller_Action
+{
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
+    
 	public function indexAction()
 	{
 		$requestTypes = Requests_RequestTypeModel::findAll();