#260 Restrict some pages to administrators

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@800 a333f486-631f-4898-b8df-5754b55c2be0

application/loginwebpage.class.inc.php

@@ -217,7 +217,7 @@ EOF
 			header("Location: $sUrl");			
 			exit;
 		}
-		
+
 		$aAllowedLoginTypes = utils::GetConfig()->GetAllowedLoginTypes();
 
 		if (isset($_SESSION['auth_user']))
@@ -329,7 +329,7 @@ EOF
 		}
 	}
 	
-	static function DoLogin()
+	static function DoLogin($bMustBeAdmin = false)
 	{
 		$operation = utils::ReadParam('loginop', '');
 		session_start();
@@ -378,11 +378,20 @@ EOF
 				$oPage = new LoginWebPage();
 				$oPage->DisplayChangePwdForm(true); // old pwd was wrong
 				$oPage->output();
-				exit;
 			}
 		}
 		
 		self::Login();
+
+		if ($bMustBeAdmin && !UserRights::IsAdministrator())
+		{	
+			require_once('../setup/setuppage.class.inc.php');
+			$oP = new SetupWebPage(Dict::S('UI:PageTitle:FatalError'));
+			$oP->add("<h1>".Dict::S('UI:Login:Error:AccessAdmin')."</h1>\n");	
+			$oP->p("<a href=\"../pages/logoff.php\">".Dict::S('UI:LogOffMenu')."</a>");
+			$oP->output();
+			exit;
+		}
 	}
 
 } // End of class

dictionaries/dictionary.itop.ui.php

@@ -443,6 +443,7 @@ Dict::Add('EN US', 'English', 'English', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
 	'UI:Button:Login' => 'Enter iTop',
 	'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+	'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
 	'UI:CSVImport:MappingSelectOne' => '-- select one --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
 	'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',

dictionaries/es_cr.dictionary.itop.ui.php

@@ -452,6 +452,7 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'New password and retyped new password do not match !',
 	'UI:Button:Login' => 'Enter iTop',
 	'UI:Login:Error:AccessRestricted' => 'iTop access is restricted. Please, contact an iTop administrator.',
+	'UI:Login:Error:AccessAdmin' => 'Access restricted to people having administrator privileges. Please, contact an iTop administrator.',
 	'UI:CSVImport:MappingSelectOne' => '-- select one --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignore this field --',
 	'UI:CSVImport:NoData' => 'Empty data set..., please provide some data!',

dictionaries/fr.dictionary.itop.ui.php

@@ -443,6 +443,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'UI:Login:RetypePwdDoesNotMatch' => 'Les deux saisies du nouveau mot de passe ne sont pas identiques !',
 	'UI:Button:Login' => 'Entrer dans iTop',
 	'UI:Login:Error:AccessRestricted' => 'L\'accès à iTop est soumis à autorisation. Merci de contacter votre administrateur iTop.',
+	'UI:Login:Error:AccessAdmin' => 'Accès resreint aux utilisateurs possédant le profil Administrateur.',
 	'UI:CSVImport:MappingSelectOne' => '-- choisir une valeur --',
 	'UI:CSVImport:MappingNotApplicable' => '-- ignorer ce champ --',
 	'UI:CSVImport:NoData' => 'Aucune donnée... merci de fournir des données !',
@@ -700,7 +701,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 
 	'Menu:AdminTools' => 'Outils d\'admin',
 	'Menu:AdminTools+' => 'Outils d\'administration',
-	'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateur possédant le profil Administrateur.',
+	'Menu:AdminTools?' => 'Ces outils sont accessibles uniquement aux utilisateurs possédant le profil Administrateur.',
 
 	'UI:AuditMenu' => 'Audit',
 	'UI:AuditMenu+' => 'Audit',

pages/UniversalSearch.php

@@ -30,7 +30,7 @@ require_once('../application/applicationcontext.class.inc.php');
 require_once('../application/startup.inc.php');
 
 require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
 
 $oAppContext = new ApplicationContext();
 $iActiveNodeId = utils::ReadParam('menu', -1);

pages/run_query.php

@@ -29,8 +29,7 @@ require_once('../application/itopwebpage.class.inc.php');
 require_once('../application/startup.inc.php');
 
 require_once('../application/loginwebpage.class.inc.php');
-LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
 
 function ShowExamples($oP, $sExpression)
 {

pages/schema.php

@@ -28,6 +28,9 @@ require_once('../application/itopwebpage.class.inc.php');
 
 require_once('../application/startup.inc.php');
 
+require_once('../application/loginwebpage.class.inc.php');
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
+
 
 /**
  * Helper for this page -> link to a class