Add an admin flag on users (#2709)

Now FRSS supports more than one admin. Admins have the same rights as the default user. Admins can promote or demote other users. The default user is considered as an admin even if it does not have the admin flag enabled. See #2096
author: Alexis Degrugillier <aledeg@users.noreply.github.com> 2020-01-06 20:28:04 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2020-01-06 20:28:04 +0100
commit: 3c099c78537020eae3b6fe060fbe86088e996c83 (patch)
tree: 647ee7313f609577f98b8477e814f2e7743c06f7 /app/Models/Auth.php
parent: d455783a63e77c3abce76b85f68c51338c1b81d1 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b7fb0e6d6..3eb57a877 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -115,14 +115,15 @@ class FreshRSS_Auth {
 	 * @return boolean true if user has corresponding access, false else.
 	 */
 	public static function hasAccess($scope = 'general') {
-		$conf = Minz_Configuration::get('system');
-		$default_user = $conf->default_user;
+		$systemConfiguration = Minz_Configuration::get('system');
+		$userConfiguration = Minz_Configuration::get('user');
+		$default_user = $systemConfiguration->default_user;
 		$ok = self::$login_ok;
 		switch ($scope) {
 		case 'general':
 			break;
 		case 'admin':
-			$ok &= Minz_Session::param('currentUser') === $default_user;
+			$ok &= $default_user === Minz_Session::param('currentUser') || $userConfiguration->is_admin;
 			break;
 		default:
 			$ok = false;
author	Alexis Degrugillier <aledeg@users.noreply.github.com>	2020-01-06 20:28:04 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2020-01-06 20:28:04 +0100
commit	3c099c78537020eae3b6fe060fbe86088e996c83 (patch)
tree	647ee7313f609577f98b8477e814f2e7743c06f7 /app/Models/Auth.php
parent	d455783a63e77c3abce76b85f68c51338c1b81d1 (diff)