From 3c099c78537020eae3b6fe060fbe86088e996c83 Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <aledeg@users.noreply.github.com>
Date: Mon, 6 Jan 2020 20:28:04 +0100
Subject: Add an admin flag on users (#2709)

Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.

See #2096
---
 app/Models/Auth.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'app/Models/Auth.php')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b7fb0e6d6..3eb57a877 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -115,14 +115,15 @@ class FreshRSS_Auth {
 	 * @return boolean true if user has corresponding access, false else.
 	 */
 	public static function hasAccess($scope = 'general') {
-		$conf = Minz_Configuration::get('system');
-		$default_user = $conf->default_user;
+		$systemConfiguration = Minz_Configuration::get('system');
+		$userConfiguration = Minz_Configuration::get('user');
+		$default_user = $systemConfiguration->default_user;
 		$ok = self::$login_ok;
 		switch ($scope) {
 		case 'general':
 			break;
 		case 'admin':
-			$ok &= Minz_Session::param('currentUser') === $default_user;
+			$ok &= $default_user === Minz_Session::param('currentUser') || $userConfiguration->is_admin;
 			break;
 		default:
 			$ok = false;
-- 
cgit v1.2.3