Denying admin of one gateway to view experiments of another gateway until and unless admin is a super admins.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/828533a1 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/828533a1 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/828533a1 Branch: refs/heads/master Commit: 828533a111ff05603f9682317418bf135fb62002 Parents: b4c54fc Author: Nipurn Doshi <[email protected]> Authored: Tue Feb 2 16:02:01 2016 -0500 Committer: Nipurn Doshi <[email protected]> Committed: Tue Feb 2 16:02:01 2016 -0500 ---------------------------------------------------------------------- app/controllers/ExperimentController.php | 5 +++++ 1 file changed, 5 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/828533a1/app/controllers/ExperimentController.php ---------------------------------------------------------------------- diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php index 2428556..342db4a 100755 --- a/app/controllers/ExperimentController.php +++ b/app/controllers/ExperimentController.php @@ -80,6 +80,11 @@ class ExperimentController extends BaseController public function summary() { $experiment = ExperimentUtilities::get_experiment($_GET['expId']); + + //viewing experiments of other gateways is not allowed if user is not super admin + if( $experiment->gatewayId != Session::get("gateway_id") && !Session::has("super-admin")) + return CommonUtilities::print_error_message('It seems that you do not have permissions to view this experiment or it belongs to another gateway.'); + if(isset($_GET['isAutoRefresh']) && $_GET['isAutoRefresh'] == 'true'){ $autoRefresh = true; }else{
