diff options
| author | RaindropsSys <raindrops@equestria.dev> | 2023-11-08 20:58:00 +0100 |
|---|---|---|
| committer | RaindropsSys <raindrops@equestria.dev> | 2023-11-08 20:58:00 +0100 |
| commit | db763c929a8bc77da74fbb80f156842dc313295e (patch) | |
| tree | cdd5a815536de1a76452b9e56748211fe2422369 | |
| parent | 7417e8956d12cd69463f741b905b6c77576501f5 (diff) | |
| download | pluralconnect-db763c929a8bc77da74fbb80f156842dc313295e.tar.gz pluralconnect-db763c929a8bc77da74fbb80f156842dc313295e.tar.bz2 pluralconnect-db763c929a8bc77da74fbb80f156842dc313295e.zip | |
Updated 3 files (automated)
| -rw-r--r-- | auth/callback/index.php | 7 | ||||
| -rw-r--r-- | includes/init.inc | 6 | ||||
| -rw-r--r-- | includes/pages.json | 7 |
3 files changed, 17 insertions, 3 deletions
diff --git a/auth/callback/index.php b/auth/callback/index.php index 1ff53f7..678dc34 100644 --- a/auth/callback/index.php +++ b/auth/callback/index.php @@ -40,7 +40,10 @@ if (isset($result["access_token"])) { $result = $result_orig = curl_exec($crl); $result = json_decode($result, true); - if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) { + $isAllowed = in_array("78b519ca-759b-4caa-958d-fcdfd422b9a9", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"])); + $isAdmin = in_array("fe24dd97-9b9b-45b9-bb84-24e17a49f97b", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"])); + + if (!$isAllowed) { peh_error("Access denied, you are not allowed to login to this website", 403); die(); } @@ -51,7 +54,7 @@ if (isset($result["access_token"])) { $token = generateToken(); - if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) { + if ($isAdmin) { file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token, json_encode([ "created" => time(), "last" => time(), diff --git a/includes/init.inc b/includes/init.inc index ba523aa..8773ba4 100644 --- a/includes/init.inc +++ b/includes/init.inc @@ -22,6 +22,10 @@ if (in_array($toplevel, array_keys($pages))) { $readOnly = true; } + if (!isset($emergencyHeader)) { + $emergencyHeader = false; + } + if ($pages[$toplevel]["limited"]) { if ((!$isLoggedIn && !$isLowerLoggedIn) || ($readOnly && !$emergencyHeader)) header("Location: /-/login/?return=/-/$toplevel") and die(); } else { @@ -30,4 +34,4 @@ if (in_array($toplevel, array_keys($pages))) { } } else { $title = $toplevel; -} +}
\ No newline at end of file diff --git a/includes/pages.json b/includes/pages.json index 72a04e8..75dfdd6 100644 --- a/includes/pages.json +++ b/includes/pages.json @@ -76,6 +76,13 @@ "admin": true, "limited": true }, + "schedules": { + "name": { + "en": "Schedules" + }, + "admin": true, + "limited": true + }, "fronting": { "name": { "en": "Front planner [EOL]" |