summaryrefslogtreecommitdiffstats
path: root/web/lib/credentials.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-08-08 11:47:06 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-08-08 11:48:58 +0200
commit218ccf51e38ad9b0654aa509f2bf8eec44d69c07 (patch)
treea5fed51509d35bf3da7672b7ca94bdbe47644090 /web/lib/credentials.inc.php
parentd61b34f2557eb38142c879cbe2dea8598873dfb3 (diff)
downloadaur-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.gz
aur-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.xz
Add permission checks to the request feature
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/credentials.inc.php')
-rw-r--r--web/lib/credentials.inc.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index efc203d3..0c428f2f 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_FILE", 23);
define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19);
@@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) {
case CRED_PKGBASE_FLAG:
case CRED_PKGBASE_NOTIFY:
case CRED_PKGBASE_VOTE:
+ case CRED_PKGREQ_FILE:
return ($atype == 'User' || $atype == 'Trusted User' ||
$atype == 'Developer' ||
$atype == 'Trusted User & Developer');