[Mrbs-commits] SF.net SVN: mrbs:[1587] mrbs/trunk/web

[cimorrison]

Revision: 1587
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1587&view=rev
Author:   cimorrison
Date:     2010-11-05 12:07:43 +0000 (Fri, 05 Nov 2010)

Log Message:
-----------
Added a config variable $auth['only_admin_can_see_other_users'] to allow 
visibility of other users' details to be restricted when using the 'db' 
authentication scheme.   See SF tracker ID: 3102887.

Modified Paths:
--------------
    mrbs/trunk/web/edit_users.php
    mrbs/trunk/web/systemdefaults.inc.php

Modified: mrbs/trunk/web/edit_users.php
===================================================================
--- mrbs/trunk/web/edit_users.php       2010-11-05 11:49:58 UTC (rev 1586)
+++ mrbs/trunk/web/edit_users.php       2010-11-05 12:07:43 UTC (rev 1587)
@@ -135,7 +135,7 @@
 {
   global $tbl_users, $PHP_SELF;
   global $user, $level, $min_user_editing_level, $max_content_length;
-  global $fields;
+  global $fields, $auth;
   
   $html = '';
   $html .= "<div class=\"$class\">\n";
@@ -165,6 +165,15 @@
   $row_class = "odd_row";
   foreach ($info as $line)
   {
+    // Check whether ordinary users are allowed to see other users' details.  
If not,
+    // then skip past this row if it's not the current user or the user is not 
an admin
+    if ($auth['only_admin_can_see_other_users'] &&
+        ($level < $min_user_editing_level) &&
+        (strcasecmp($line['name'], $user) != 0))
+    {
+      continue;
+    }
+    
     $row_class = ($row_class == "even_row") ? "odd_row" : "even_row";
     $html .= "<tr class=\"$row_class\">\n";
     if ($action)

Modified: mrbs/trunk/web/systemdefaults.inc.php
===================================================================
--- mrbs/trunk/web/systemdefaults.inc.php       2010-11-05 11:49:58 UTC (rev 
1586)
+++ mrbs/trunk/web/systemdefaults.inc.php       2010-11-05 12:07:43 UTC (rev 
1587)
@@ -693,6 +693,9 @@
 // If you want only administrators to be able to make repeat bookings,
 // set this variable to TRUE
 $auth['only_admin_can_book_repeat'] = FALSE;
+// If you don't want ordinary users to be able to see the other users'
+// details then set this to TRUE.  (Only relevant when using 'db' 
authentication]
+$auth['only_admin_can_see_other_users'] = FALSE;
 // If you want to prevent the public (ie un-logged in users) from
 // being able to view bookings, set this variable to TRUE
 $auth['deny_public_access'] = FALSE;


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Mrbs-commits mailing list
Mrbs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mrbs-commits