Add middleware check for admin routes

beaver-dev · beaver-dev · commit 8091fbcc5220 · 2015-08-28T12:48:06.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,5 @@ include/config.php
 nbproject/
 lang/French
 .htaccess
+vendor
+composer.lock
diff --git a/include/routes.php b/include/routes.php
@@ -7,6 +7,14 @@
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  */
 
+/**
+ * middleware to check if user is admin, if it's not redirect to homepage.
+ */
+$isAdmin = function() use ($feather) {
+    if($feather->user->g_id != $feather->forum_env['FEATHER_ADMIN']) {
+        redirect(get_link('/'), __('No permission'));
+    }
+};
 
 // Index
 $feather->get('/', '\controller\index:display');
@@ -88,7 +96,7 @@
 });
 
 // Admin routes
-$feather->group('/admin', function() use ($feather) {
+$feather->group('/admin', $isAdmin, function() use ($feather) {
 
     // Admin index
     $feather->get('(/action/:action)(/)', '\controller\admin\index:display');
@@ -163,4 +171,4 @@
 // 404 not found
 $feather->notFound(function () {
     message(__('Bad request'), '404');
-});
+});
