From cf593c7db0254ef82b7a01fee652b8a91720ac08 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 26 Feb 2020 21:32:11 +0100
Subject: [PATCH] Show harddisk and database quota dashlet only when user has
 access

---
 interface/lib/classes/auth.inc.php            | 36 ++++++++++++-------
 .../web/dashboard/dashlets/databasequota.php  |  3 ++
 interface/web/dashboard/dashlets/quota.php    |  3 ++
 3 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 2075c7b90d..5daabd50b3 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -141,12 +141,18 @@ class auth {
 		}
 	}
 
-	public function check_module_permissions($module) {
+
+       /**
+        * Check that the user has access to the given module.
+        *
+        * @return boolean
+        */
+       public function verify_module_permissions($module)  {
 		// Check if the current user has the permissions to access this module
 		$module = trim(preg_replace('@\s+@', '', $module));
 		$user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);
+               $can_use_module = false;
 		if(strpos($module, ',') !== false){
-			$can_use_module = false;
 			$tmp_modules = explode(',', $module);
 			if(is_array($tmp_modules) && !empty($tmp_modules)){
 				foreach($tmp_modules as $tmp_module){
@@ -158,17 +164,21 @@ class auth {
 					}
 				}
 			}
-			if(!$can_use_module){
-				// echo "LOGIN_REDIRECT:/index.php";
-				header("Location: /index.php");
-				exit;
-			}
-		} else {
-			if(!in_array($module,$user_modules)) {
-				// echo "LOGIN_REDIRECT:/index.php";
-				header("Location: /index.php");
-				exit;
-			}
+               }
+               elseif(in_array($module,$user_modules)) {
+                       $can_use_module = true;
+               }
+               return $can_use_module;
+       }
+
+       /**
+        * Check that the user has access to the given module, redirect and exit on failure.
+        */
+       public function check_module_permissions($module)  {
+               if(!$this->verify_module_permissions($module)) {
+                       // echo "LOGIN_REDIRECT:/index.php";
+                       header("Location: /index.php");
+                       exit;
 		}
 	}
 	
diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php
index 6439cdee12..d8c131702f 100644
--- a/interface/web/dashboard/dashlets/databasequota.php
+++ b/interface/web/dashboard/dashlets/databasequota.php
@@ -7,6 +7,9 @@ class dashlet_databasequota {
 
 		//* Loading Template
 		$app->uses('tpl,quota_lib');
+               if (!$app->auth->verify_module_permissions('sites')) {
+                       return;
+               }
 
 		$tpl = new tpl;
 		$tpl->newTemplate("dashlets/templates/databasequota.htm");
diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php
index 6ff975b623..dfb82d5c24 100644
--- a/interface/web/dashboard/dashlets/quota.php
+++ b/interface/web/dashboard/dashlets/quota.php
@@ -7,6 +7,9 @@ class dashlet_quota {
 
 		//* Loading Template
 		$app->uses('tpl,quota_lib');
+               if (!$app->auth->verify_module_permissions('sites')) {
+                       return;
+               }
 
 		$tpl = new tpl;
 		$tpl->newTemplate("dashlets/templates/quota.htm");
-- 
GitLab