Introduce FreshRSS_Auth::hasAccess('admin')

Replace Minz_Configuration::isAdmin($user). FreshRSS_Auth::hasAccess() could
be extended to others scopes later.

See https://github.com/marienfressinaud/FreshRSS/issues/655

8 files changed, 27 insertions, 22 deletions

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 7e77a757a..fb8c1466e 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -229,7 +229,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		$this->view->nb_total = $entryDAO->count();
 		$this->view->size_user = $entryDAO->size();
 
-		if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+		if (FreshRSS_Auth::hasAccess('admin')) {
 			$this->view->size_total = $entryDAO->size(true);
 		}
 	}
diff --git a/app/Controllers/updateController.php b/app/Controllers/updateController.php
index 9da1e8657..9d1e1ddf5 100644
--- a/app/Controllers/updateController.php
+++ b/app/Controllers/updateController.php
@@ -3,7 +3,7 @@
 class FreshRSS_update_Controller extends Minz_ActionController {
 	public function firstAction() {
 		$current_user = Minz_Session::param('currentUser', '');
-		if (!FreshRSS_Auth::hasAccess() && Minz_Configuration::isAdmin($current_user)) {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
 			Minz_Error::error(
 				403,
 				array('error' => array(_t('access_denied')))
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index c2b1d163f..11862ce27 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -51,7 +51,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 				$this->view->conf->_apiPasswordHash($passwordHash);
 			}
 
-			if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+			if (FreshRSS_Auth::hasAccess('admin')) {
 				$this->view->conf->_mail_login(Minz_Request::param('mail_login', '', true));
 			}
 			$email = $this->view->conf->mail_login;
@@ -65,7 +65,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 				$ok &= (file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false);
 			}
 
-			if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+			if (FreshRSS_Auth::hasAccess('admin')) {
 				$current_token = $this->view->conf->token;
 				$token = Minz_Request::param('token', $current_token);
 				$this->view->conf->_token($token);
@@ -105,7 +105,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 	}
 
 	public function createAction() {
-		if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
 			$db = Minz_Configuration::dataBase();
 			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
@@ -177,7 +177,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 	}
 
 	public function deleteAction() {
-		if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
 			$db = Minz_Configuration::dataBase();
 			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index c4a3abd98..992b444a5 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -99,12 +99,23 @@ class FreshRSS_Auth {
 	}
 
 	/**
-	 * Returns if current user is connected.
+	 * Returns if current user has access to the given scope.
 	 *
-	 * @return boolean true if user is connected, false else.
+	 * @param string $scope general (default) or admin
+	 * @return boolean true if user has corresponding access, false else.
 	 */
-	public static function hasAccess() {
-		return self::$login_ok;
+	public static function hasAccess($scope = 'general') {
+		$ok = self::$login_ok;
+		switch ($scope) {
+		case 'general':
+			break;
+		case 'admin':
+			$ok &= Minz_Session::param('currentUser') === Minz_Configuration::defaultUser();
+			break;
+		default:
+			$ok = false;
+		}
+		return $ok;
 	}
 
 	/**
diff --git a/app/layout/aside_configure.phtml b/app/layout/aside_configure.phtml
index e17bcb254..59846a7c8 100644
--- a/app/layout/aside_configure.phtml
+++ b/app/layout/aside_configure.phtml
@@ -22,10 +22,7 @@
 	<li class="item<?php echo Minz_Request::controllerName() === 'users' ? ' active' : ''; ?>">
 		<a href="<?php echo _url('users', 'index'); ?>"><?php echo _t('users'); ?></a>
 	</li>
-	<?php
-		$current_user = Minz_Session::param('currentUser', '');
-		if (Minz_Configuration::isAdmin($current_user)) {
-	?>
+	<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 	<li class="item<?php echo Minz_Request::controllerName() === 'update' ? ' active' : ''; ?>">
 		<a href="<?php echo _url('update', 'index'); ?>"><?php echo _t('update'); ?></a>
 	</li>
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index fadfd13d7..12c86d61d 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -64,10 +64,7 @@ if (Minz_Configuration::canLogIn()) {
 				<li class="item"><a href="<?php echo _url('configure', 'queries'); ?>"><?php echo _t('queries'); ?></a></li>
 				<li class="separator"></li>
 				<li class="item"><a href="<?php echo _url('users', 'index'); ?>"><?php echo _t('users'); ?></a></li>
-				<?php
-					$current_user = Minz_Session::param('currentUser', '');
-					if (Minz_Configuration::isAdmin($current_user)) {
-				?>
+				<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 				<li class="item"><a href="<?php echo _url('update', 'index'); ?>"><?php echo _t('update'); ?></a></li>
 				<?php } ?>
 				<li class="separator"></li>
diff --git a/app/views/configure/archiving.phtml b/app/views/configure/archiving.phtml
index a883571aa..adbfdb77e 100644
--- a/app/views/configure/archiving.phtml
+++ b/app/views/configure/archiving.phtml
@@ -67,7 +67,7 @@
 			</div>
 		</div>
 
-		<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>
+		<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 		<div class="form-group">
 			<p class="group-name"><?php echo _t('users'); ?></p>
 			<div class="group-controls">
diff --git a/app/views/users/index.phtml b/app/views/users/index.phtml
index 95659f727..f1cdf01a3 100644
--- a/app/views/users/index.phtml
+++ b/app/views/users/index.phtml
@@ -11,7 +11,7 @@
 			<div class="group-controls">
 				<input id="current_user" type="text" disabled="disabled" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" />
 				<label class="checkbox" for="is_admin">
-					<input type="checkbox" id="is_admin" disabled="disabled" <?php echo Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_')) ? 'checked="checked" ' : ''; ?>/>
+					<input type="checkbox" id="is_admin" disabled="disabled" <?php echo FreshRSS_Auth::hasAccess('admin') ? 'checked="checked" ' : ''; ?>/>
 					<?php echo _t('is_admin'); ?>
 				</label>
 			</div>
@@ -44,7 +44,7 @@
 			<label class="group-name" for="mail_login"><?php echo _t('persona_connection_email'); ?></label>
 			<?php $mail = $this->conf->mail_login; ?>
 			<div class="group-controls">
-				<input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_')) ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" />
+				<input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo FreshRSS_Auth::hasAccess('admin') ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" />
 				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
 			</div>
 		</div>
@@ -56,7 +56,7 @@
 			</div>
 		</div>
 
-	<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>
+	<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 
 		<legend><?php echo _t('auth_type'); ?></legend>