clean the links and require authorization before showing admin pages

author: Felix Rabinovich <virshu@users.sourceforge.net> 2008-12-14 04:39:22 +0000
committer: Felix Rabinovich <virshu@users.sourceforge.net> 2008-12-14 04:39:22 +0000
commit: 8b81731846f4778fc176d04259eb6dbb30daa3d5 (patch)
tree: 573c8d49914f7446c8517319cbb511b67f947656 /core/controllers/admin.php
parent: cb92d1a70dfe6e14c9f76b322bff038564acc7d6 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/core/controllers/admin.php b/core/controllers/admin.php
index 5fadd885..4824ce93 100644
--- a/core/controllers/admin.php
+++ b/core/controllers/admin.php
@@ -19,6 +19,9 @@
  */
 class Admin_Controller extends Controller {
   public function dashboard() {
+    if (!(user::active()->admin)) {
+      throw new Exception("Unauthorized", 401);      
+    }
     // giving default is probably overkill
     $theme_name = module::get_var("core", "active_admin_theme", "default_admin");
     // For now, in order not to duplicate js and css, keep the regular ("item")
author	Felix Rabinovich <virshu@users.sourceforge.net>	2008-12-14 04:39:22 +0000
committer	Felix Rabinovich <virshu@users.sourceforge.net>	2008-12-14 04:39:22 +0000
commit	8b81731846f4778fc176d04259eb6dbb30daa3d5 (patch)
tree	573c8d49914f7446c8517319cbb511b67f947656 /core/controllers/admin.php
parent	cb92d1a70dfe6e14c9f76b322bff038564acc7d6 (diff)