#1876 1.7.3 how to restrict reports only to MRBS admins?

[Thomas S.]

Hi

We are using MRBS 1.7.3 with ldap authentication.
We have set the config option to specify the MRBS admins via an ldap group

$ldap_admin_group_dn

Now i noticed that even normal users (defined via $ldap_filter) can generate reports.

How can i restrict this option to MRBS admins only?
The best solution would be that the button is hidden for normal users, or if this is not possible, that you get an "insufficient permissions" error.

Best,
Thomas

[Campbell Morrison]

Edit mrbs_auth.inc and change line 37 from

$page_level['report.php']                = 1;

to

$page_level['report.php']                = 2;

Users will still see the link to the Report page, but they won't be able to access it. (This changes in the default branch where users will only see links to pages for which they have access).