From 8b81731846f4778fc176d04259eb6dbb30daa3d5 Mon Sep 17 00:00:00 2001
From: Felix Rabinovich <virshu@users.sourceforge.net>
Date: Sun, 14 Dec 2008 04:39:22 +0000
Subject: clean the links and require authorization before showing admin pages

---
 core/controllers/admin.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'core/controllers/admin.php')

diff --git a/core/controllers/admin.php b/core/controllers/admin.php
index 5fadd885..4824ce93 100644
--- a/core/controllers/admin.php
+++ b/core/controllers/admin.php
@@ -19,6 +19,9 @@
  */
 class Admin_Controller extends Controller {
   public function dashboard() {
+    if (!(user::active()->admin)) {
+      throw new Exception("Unauthorized", 401);      
+    }
     // giving default is probably overkill
     $theme_name = module::get_var("core", "active_admin_theme", "default_admin");
     // For now, in order not to duplicate js and css, keep the regular ("item")
-- 
cgit v1.2.3