You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/02/09 16:56:04 UTC

[36/50] [abbrv] airavata-php-gateway git commit: Denying admin of one gateway to view experiments of another gateway until and unless admin is a super admins.

Denying admin of one gateway to view experiments of another gateway until and unless admin is a super admins.


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/828533a1
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/828533a1
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/828533a1

Branch: refs/heads/master
Commit: 828533a111ff05603f9682317418bf135fb62002
Parents: b4c54fc
Author: Nipurn Doshi <ni...@gmail.com>
Authored: Tue Feb 2 16:02:01 2016 -0500
Committer: Nipurn Doshi <ni...@gmail.com>
Committed: Tue Feb 2 16:02:01 2016 -0500

----------------------------------------------------------------------
 app/controllers/ExperimentController.php | 5 +++++
 1 file changed, 5 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/828533a1/app/controllers/ExperimentController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php
index 2428556..342db4a 100755
--- a/app/controllers/ExperimentController.php
+++ b/app/controllers/ExperimentController.php
@@ -80,6 +80,11 @@ class ExperimentController extends BaseController
     public function summary()
     {
         $experiment = ExperimentUtilities::get_experiment($_GET['expId']);
+
+        //viewing experiments of other gateways is not allowed if user is not super admin
+        if( $experiment->gatewayId != Session::get("gateway_id") && !Session::has("super-admin"))
+            return CommonUtilities::print_error_message('It seems that you do not have permissions to view this experiment or it belongs to another gateway.');
+        
         if(isset($_GET['isAutoRefresh']) && $_GET['isAutoRefresh'] == 'true'){
             $autoRefresh = true;
         }else{