summaryrefslogtreecommitdiffstats
path: root/web/html/addvote.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 20:52:54 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:56:57 +0200
commit03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/html/addvote.php
parent9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
downloadaur-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.gz
aur-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz
Rework permission handling
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r--web/html/addvote.php7
1 files changed, 2 insertions, 5 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index 3ce99c0b..0b6b9c66 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -11,13 +11,10 @@ $title = __("Add Proposal");
html_header($title);
if (isset($_COOKIE["AURSID"])) {
- $atype = account_from_sid($_COOKIE["AURSID"]);
- $uid = uid_from_sid($_COOKIE["AURSID"]);
-} else {
- $atype = "";
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
}
-if ($atype == "Trusted User" || $atype == "Developer") {
+if (has_credential(CRED_TU_ADD_VOTE)) {
if (!empty($_POST['addVote']) && !check_token()) {
$error = __("Invalid token for user action.");