From 6ff5f30c1a45e342c911abe33f1cc301391f88e6 Mon Sep 17 00:00:00 2001
From: Tim Steiner <tsteiner2@unl.edu>
Date: Tue, 14 Jul 2009 21:14:50 +0000
Subject: [PATCH] Restrict the various admin pages to users in the root role.

---
 .../auth/controllers/UserAdminController.php        |  9 +++++++++
 .../controllers/ApprovalBodyAdminController.php     |  8 ++++++++
 .../controllers/ApprovalChainManagerController.php  |  9 +++++++++
 .../controllers/RequestTypeAdminController.php      | 13 +++++++++++--
 4 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/application/modules/auth/controllers/UserAdminController.php b/application/modules/auth/controllers/UserAdminController.php
index 9d902dee..40b8a4a4 100644
--- a/application/modules/auth/controllers/UserAdminController.php
+++ b/application/modules/auth/controllers/UserAdminController.php
@@ -2,6 +2,15 @@
 
 class Auth_UserAdminController extends App_Controller_Action
 {
+	public function preDispatch()
+	{
+		$user = Auth_UserModel::findCurrentUser();
+		$roles = Auth_GroupModel::findByUser($user);
+		if (!in_array(1, $roles->getId())) {
+			throw new Exception('You must be logged in to view this page.');
+		}
+	}
+	
     public function indexAction()
     {
         $users = Auth_UserModel::findAll();
diff --git a/application/modules/requests/controllers/ApprovalBodyAdminController.php b/application/modules/requests/controllers/ApprovalBodyAdminController.php
index 5597ceaa..cb5a14f8 100644
--- a/application/modules/requests/controllers/ApprovalBodyAdminController.php
+++ b/application/modules/requests/controllers/ApprovalBodyAdminController.php
@@ -2,6 +2,14 @@
 
 class Requests_ApprovalBodyAdminController extends App_Controller_Action
 {
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
 	
 	public function indexAction()
 	{
diff --git a/application/modules/requests/controllers/ApprovalChainManagerController.php b/application/modules/requests/controllers/ApprovalChainManagerController.php
index 52ee96a6..4fe459d8 100644
--- a/application/modules/requests/controllers/ApprovalChainManagerController.php
+++ b/application/modules/requests/controllers/ApprovalChainManagerController.php
@@ -2,6 +2,15 @@
 
 class Requests_ApprovalChainManagerController extends App_Controller_Action
 {
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
+    
     public function indexAction()
     {
         $in = $this->getRequest()->getParams();
diff --git a/application/modules/requests/controllers/RequestTypeAdminController.php b/application/modules/requests/controllers/RequestTypeAdminController.php
index af351f17..deb83410 100644
--- a/application/modules/requests/controllers/RequestTypeAdminController.php
+++ b/application/modules/requests/controllers/RequestTypeAdminController.php
@@ -1,7 +1,16 @@
 <?php
 
-class Requests_RequestTypeAdminController extends App_Controller_Action {
-	
+class Requests_RequestTypeAdminController extends App_Controller_Action
+{
+    public function preDispatch()
+    {
+        $user = Auth_UserModel::findCurrentUser();
+        $roles = Auth_GroupModel::findByUser($user);
+        if (!in_array(1, $roles->getId())) {
+            throw new Exception('You must be logged in to view this page.');
+        }
+    }
+    
 	public function indexAction()
 	{
 		$requestTypes = Requests_RequestTypeModel::findAll();
-- 
GitLab