From 03c6304e19d5d3ecd276dd3f42220db301ab511d Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Tue, 15 Jul 2014 20:52:54 +0200
Subject: Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/account_search_results.php | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'web/template/account_search_results.php')

diff --git a/web/template/account_search_results.php b/web/template/account_search_results.php
index bd4ee294..43f2d1d6 100644
--- a/web/template/account_search_results.php
+++ b/web/template/account_search_results.php
@@ -42,13 +42,10 @@ else:
 					<td><?php $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;" ?></td>
 					<td><?php $row["PGPKey"] ? print html_format_pgp_fingerprint($row["PGPKey"]) : print "&nbsp;" ?></td>
 					<td>
-					<?php
-						if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer"):
-							# TUs can't edit devs
-							print "&nbsp;";
-						else:
-					?>
-						<a href="<?= get_user_uri($row["Username"]) . "edit/" ?>"><?= __("Edit") ?></a>
+					<?php if (can_edit_account($row)): ?>
+					<a href="<?= get_user_uri($row["Username"]) . "edit/" ?>"><?= __("Edit") ?></a>
+					<?php else: ?>
+					&nbsp;
 					<?php endif; ?>
 					</td>
 				</tr>
-- 
cgit v1.2.3-24-g4f1b