Add permission check during login

master
Skylar Ittner 5 years ago
parent 4d2b78bdba
commit 1729b842ba

@ -82,6 +82,11 @@ if (empty($_SESSION["login_code"])) {
} }
if (is_numeric($uidinfo['uid'])) { if (is_numeric($uidinfo['uid'])) {
$user = new User($uidinfo['uid'] * 1); $user = new User($uidinfo['uid'] * 1);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
die($Strings->get("no access permission", false));
}
}
Session::start($user); Session::start($user);
$_SESSION["login_code"] = null; $_SESSION["login_code"] = null;
header('Location: app.php'); header('Location: app.php');

@ -36,6 +36,9 @@ $SETTINGS = [
// API key // API key
"key" => "123" "key" => "123"
], ],
// List of required user permissions to access this app.
"permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php // For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver", "timezone" => "America/Denver",
// Language to use for localization. See langs folder to add a language. // Language to use for localization. See langs folder to add a language.

Loading…
Cancel
Save