From 1f59e8e87c46be3c0d0a0677ab0e45bf21686e9d Mon Sep 17 00:00:00 2001
From: Lukas Metzger <developer@lukas-metzger.com>
Date: Mon, 25 Jan 2016 17:18:15 +0100
Subject: [PATCH] Disallowed user creating a new domain

---
 api/add-domain.php | 5 +++++
 domains.php        | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/add-domain.php b/api/add-domain.php
index b8343de..4643dcd 100644
--- a/api/add-domain.php
+++ b/api/add-domain.php
@@ -23,6 +23,11 @@ require_once '../lib/soa-mail.php';
 
 $input = json_decode(file_get_contents('php://input'));
 
+if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
+    echo "Permission denied!";
+    exit();
+}
+
 if(isset($input->action) && $input->action == "addDomain") {
     $soaData = Array();
     $soaData[] = $input->primary;
diff --git a/domains.php b/domains.php
index b12a0f5..624ee3f 100644
--- a/domains.php
+++ b/domains.php
@@ -84,7 +84,7 @@ limitations under the License.
                 
             </table>
             
-            <a class="btn btn-success" href="add-domain.php">Add</a>
+            <?php if($_SESSION['type'] == "admin") echo '<a class="btn btn-success" href="add-domain.php">Add</a>'; ?>   
         </div>
 
         <div class="modal fade" id="deleteConfirm" tabindex="-1" role="dialog">