Secured Views and Sources Admin access of NON-Admin users

src/admin/sources.php

@@ -54,6 +54,13 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 
 // --- BEGIN Custom Code
 
+// --- Set Helpervariable for non-ADMIN users
+if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
+	$content['READONLY_ISUSERONLY'] = "disabled"; 
+else
+	$content['READONLY_ISUSERONLY'] = ""; 
+// --- 
+
 if ( isset($_GET['op']) )
 {
 	if ($_GET['op'] == "add") 
@@ -110,6 +117,14 @@ if ( isset($_GET['op']) )
 		$content['userid'] = null;
 		$content['CHECKED_ISUSERONLY'] = "";
 		$content['SOURCEID'] = "";
+
+		// --- Can only create a USER source!
+		if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
+		{
+			$content['userid'] = $content['SESSION_USERID']; 
+			$content['CHECKED_ISUSERONLY'] = "checked"; 
+		}
+		// --- 
 		
 		// --- Check if groups are available
 		$content['SUBGROUPS'] = GetGroupsForSelectfield();
@@ -195,11 +210,17 @@ if ( isset($_GET['op']) )
 				}
 				$content['SourceDBRecordsPerQuery'] = $mysource['DBRecordsPerQuery'];
 				
-
-				if ( $mysource['userid'] != null )
+				// Set UserID if set!
+				$content['userid'] = $mysource['userid'];
+				if ( $content['userid'] != null )
 					$content['CHECKED_ISUSERONLY'] = "checked";
 				else
 					$content['CHECKED_ISUSERONLY'] = "";
+
+				// --- Can only EDIT own views!
+				if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 && $content['userid'] == NULL ) 
+					DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] );
+				// --- 
 				
 				// --- Check if groups are available
 				$content['SUBGROUPS'] = GetGroupsForSelectfield();
@@ -528,11 +549,20 @@ if ( isset($_POST['op']) )
 	} 
 	else 
 	{
-		$content['userid'] = "null"; 
-		if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 ) 
-			$content['groupid'] = intval($_POST['groupid']); 
-		else 
-			$content['groupid'] = "null";
+		// --- Can only create a USER source!
+		if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
+		{
+			$content['userid'] = $content['SESSION_USERID']; 
+			$content['groupid'] = "null"; 
+		}
+		else
+		{
+			$content['userid'] = "null"; 
+			if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 ) 
+				$content['groupid'] = intval($_POST['groupid']); 
+			else 
+				$content['groupid'] = "null";
+		}
 	}
 
 	// --- Check mandotary values

src/admin/views.php

@@ -61,6 +61,13 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
 // Init helper variable to empty string
 $content['FormUrlAddOP'] = "";
 
+// --- Set Helpervariable for non-ADMIN users
+if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
+	$content['READONLY_ISUSERONLY'] = "disabled"; 
+else
+	$content['READONLY_ISUSERONLY'] = ""; 
+// --- 
+
 if ( isset($_GET['op']) )
 {
 	if ($_GET['op'] == "add") 
@@ -72,10 +79,18 @@ if ( isset($_GET['op']) )
 		
 		//PreInit these values 
 		$content['DisplayName'] = "";
-		$content['userid'] = null;
-		$content['CHECKED_ISUSERONLY'] = "";
 		$content['VIEWID'] = "";
 		$content['FormUrlAddOP'] = "?op=add";
+		$content['userid'] = null;
+		$content['CHECKED_ISUSERONLY'] = "";
+
+		// --- Can only create a USER source!
+		if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) 
+		{
+			$content['userid'] = $content['SESSION_USERID']; 
+			$content['CHECKED_ISUSERONLY'] = "checked"; 
+		}
+		// --- 
 
 		// --- Check if groups are available
 		$content['SUBGROUPS'] = GetGroupsForSelectfield();
@@ -116,6 +131,11 @@ if ( isset($_GET['op']) )
 				else
 					$content['CHECKED_ISUSERONLY'] = "";
 
+				// --- Can only EDIT own views!
+				if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 && $content['userid'] == NULL ) 
+					DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] );
+				// --- 
+
 				// --- Check if groups are available
 				$content['SUBGROUPS'] = GetGroupsForSelectfield();
 				if ( is_array($content['SUBGROUPS']) )

src/lang/de/admin.php

@@ -102,6 +102,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Voranstellen von HTML Code in <head&gt
 $content['LN_GEN_INJECTBODYHEADER'] = "Voranstellen von HTML Code am Anfang des <body> Bereichs.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Voranstellen von HTML Code Am Ende des <body> Bereichs.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optionale phpLogCon-Logo-URL. Bitte für das Standard-Logo leer lassen.";
+$content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] = "You are not allowed to edit this configuration item.";
 
 // User Center
 $content['LN_USER_CENTER'] = "Benutzer Optionen";

src/lang/en/admin.php

@@ -104,6 +104,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional phpLogCon Logo URL. Leave empty to use the default one.";
+$content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] = "You are not allowed to edit this configuration item.";
 
 // User Center
 $content['LN_USER_CENTER'] = "User Options";

src/lang/it_IT/admin.php

@@ -104,6 +104,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional phpLogCon Logo URL. Leave empty to use the default one.";
+$content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] = "You are not allowed to edit this configuration item.";
 
 // User Center
 $content['LN_USER_CENTER'] = "User Options";

src/lang/pt_BR/admin.php

@@ -102,6 +102,7 @@ $content['LN_GEN_INJECTHTMLHEADER'] = "Inject this html code into the <head&g
 $content['LN_GEN_INJECTBODYHEADER'] = "Inject this html code at the beginning of the <body> area.";
 $content['LN_GEN_INJECTBODYFOOTER'] = "Inject this html code at the end <body> area.";
 $content['LN_ADMIN_PHPLOGCON_LOGOURL'] = "Optional phpLogCon Logo URL. Leave empty to use the default one.";
+$content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] = "You are not allowed to edit this configuration item.";
 
 // User Center
 $content['LN_USER_CENTER'] = "User Options";

src/templates/admin/admin_sources.html

@@ -290,7 +290,7 @@
 			<tr>
 				<td align="left" class="cellmenu2"><b>{LN_GEN_GROUPONLY}</b></td>
 				<td align="right" class="line2">
-					<select name="groupid" size="1" STYLE="width: 300px">
+					<select name="groupid" size="1" STYLE="width: 300px" {READONLY_ISUSERONLY}>
 						<!-- BEGIN SUBGROUPS -->
 						<option value="{mygroupid}" {group_selected}>{groupname}</option>
 						<!-- END SUBGROUPS -->

src/templates/admin/admin_views.html

@@ -81,7 +81,7 @@
 			<tr>
 				<td align="left" class="cellmenu2_naked"><b>{LN_GEN_GROUPONLY_LONG}</b></td>
 				<td align="right" class="line2">
-					<select name="groupid" size="1" STYLE="width: 300px">
+					<select name="groupid" size="1" STYLE="width: 300px" {READONLY_ISUSERONLY}>
 						<!-- BEGIN SUBGROUPS -->
 						<option value="{mygroupid}" {group_selected}>{groupname}</option>
 						<!-- END SUBGROUPS -->