check manager/admin role earlier for admin plugins FS#2180

24ea6500 · Andreas Gohr · 94eef7c6 · 24ea6500 · 24ea6500
Commit 24ea6500 authored 14 years ago by Andreas Gohr
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,6 +18,7 @@ if(!defined('DOKU_INC')) die('meh.');
 function act_dispatch(){
    global $ACT;
    global $ID;
+    global $INFO;
    global $QUERY;
    global $lang;
    global $conf;
@@ -134,8 +135,15 @@ function act_dispatch(){
                $pluginlist = plugin_list('admin');
                if (in_array($_REQUEST['page'], $pluginlist)) {
                    // attempt to load the plugin
-                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
-                        $plugin->handle();
+                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+                        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+                            // a manager tried to load a plugin that's for admins only
+                            unset($_REQUEST['page']);
+                            msg('For admins only',-1);
+                        }else{
+                            $plugin->handle();
+                        }
+                    }
                }
            }
        }

--- a/inc/template.php
+++ b/inc/template.php
@@ -209,14 +209,9 @@ function tpl_admin(){
    }

    if ($plugin !== null){
-        if($plugin->forAdminOnly() && !$INFO['isadmin']){
-            msg('For admins only',-1);
-            html_admin();
-        }else{
-            if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
-            if($INFO['prependTOC']) tpl_toc();
-            $plugin->html();
-        }
+        if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
+        if($INFO['prependTOC']) tpl_toc();
+        $plugin->html();
    }else{
        html_admin();
    }