Hide global configuration and system information from non super users (…

…#19697) * Hide global configuration and system information from non super users * Use identical operator
joomla · Feb 26, 2018 · eb68081 · eb68081
1 parent 47b8972
commit eb68081
Showing 1 changed file with 28 additions and 15 deletions.
diff --git a/administrator/modules/mod_menu/menu.php b/administrator/modules/mod_menu/menu.php
@@ -83,7 +83,7 @@ public function load($params, $enabled)
 		$this->enabled = $enabled;
 		$menutype      = $this->params->get('menutype', '*');
 
-		if ($menutype == '*')
+		if ($menutype === '*')
 		{
 			$name   = $this->params->get('preset', 'joomla');
 			$levels = MenuHelper::loadPreset($name);
@@ -256,7 +256,7 @@ protected function preprocess($items)
 			$item->icon  = isset($item->icon) ? $item->icon : '';
 
 			// Whether this scope can be displayed. Applies only to preset items. Db driven items should use un/published state.
-			if (($item->scope == 'help' && !$this->params->get('showhelp')) || ($item->scope == 'edit' && !$this->params->get('shownew')))
+			if (($item->scope === 'help' && !$this->params->get('showhelp')) || ($item->scope === 'edit' && !$this->params->get('shownew')))
 			{
 				continue;
 			}
@@ -282,20 +282,20 @@ protected function preprocess($items)
 			}
 
 			// Exclude Mass Mail if disabled in global configuration
-			if ($item->scope == 'massmail' && (JFactory::getApplication()->get('massmailoff', 0) == 1))
+			if ($item->scope === 'massmail' && (JFactory::getApplication()->get('massmailoff', 0) == 1))
 			{
 				continue;
 			}
 
 			// Exclude item if the component is not authorised
 			$assetName = $item->element;
 
-			if ($item->element == 'com_categories')
+			if ($item->element === 'com_categories')
 			{
 				parse_str($item->link, $query);
 				$assetName = isset($query['extension']) ? $query['extension'] : 'com_content';
 			}
-			elseif ($item->element == 'com_fields')
+			elseif ($item->element === 'com_fields')
 			{
 				parse_str($item->link, $query);
 
@@ -314,14 +314,27 @@ protected function preprocess($items)
 
 				list($assetName) = isset($query['context']) ? explode('.', $query['context'], 2) : array('com_fields');
 			}
+			elseif ($item->element === 'com_config' && !$user->authorise('core.admin'))
+			{
+				continue;
+			}
+			elseif ($item->element === 'com_admin')
+			{
+				parse_str($item->link, $query);
+
+				if (isset($query['view']) && $query['view'] === 'sysinfo' && !$user->authorise('core.admin'))
+				{
+					continue;
+				}
+			}
 
-			if ($assetName && !$user->authorise(($item->scope == 'edit') ? 'core.create' : 'core.manage', $assetName))
+			if ($assetName && !$user->authorise(($item->scope === 'edit') ? 'core.create' : 'core.manage', $assetName))
 			{
 				continue;
 			}
 
 			// Exclude if link is invalid
-			if (!in_array($item->type, array('separator', 'heading', 'container')) && trim($item->link) == '')
+			if (!in_array($item->type, array('separator', 'heading', 'container')) && trim($item->link) === '')
 			{
 				continue;
 			}
@@ -330,7 +343,7 @@ protected function preprocess($items)
 			$item->submenu = $this->preprocess($item->submenu);
 
 			// Populate automatic children for container items
-			if ($item->type == 'container')
+			if ($item->type === 'container')
 			{
 				$exclude    = (array) $item->params->get('hideitems') ?: array();
 				$components = MenusHelper::getMenuItems('main', false, $exclude);
@@ -347,7 +360,7 @@ protected function preprocess($items)
 			}
 
 			// Remove repeated and edge positioned separators, It is important to put this check at the end of any logical filtering.
-			if ($item->type == 'separator')
+			if ($item->type === 'separator')
 			{
 				if ($noSeparator)
 				{
@@ -368,7 +381,7 @@ protected function preprocess($items)
 				$language->load($item->element . '.sys', JPATH_ADMINISTRATOR . '/components/' . $item->element, null, false, true);
 			}
 
-			if ($item->type == 'separator' && $item->params->get('text_separator') == 0)
+			if ($item->type === 'separator' && $item->params->get('text_separator') == 0)
 			{
 				$item->title = '';
 			}
@@ -402,11 +415,11 @@ protected function populateTree($levels)
 		{
 			$class = $this->enabled ? $item->class : 'disabled';
 
-			if ($item->type == 'separator')
+			if ($item->type === 'separator')
 			{
 				$this->tree->addChild(new Node\Separator($item->title));
 			}
-			elseif ($item->type == 'heading')
+			elseif ($item->type === 'heading')
 			{
 				// We already excluded heading type menu item with no children.
 				$this->tree->addChild(new Node\Heading($item->title, $class, null, $item->icon), $this->enabled);
@@ -417,7 +430,7 @@ protected function populateTree($levels)
 					$this->tree->getParent();
 				}
 			}
-			elseif ($item->type == 'url')
+			elseif ($item->type === 'url')
 			{
 				$cNode = new Node\Url($item->title, $item->link, $item->browserNav, $class, null, $item->icon);
 				$this->tree->addChild($cNode, $this->enabled);
@@ -428,7 +441,7 @@ protected function populateTree($levels)
 					$this->tree->getParent();
 				}
 			}
-			elseif ($item->type == 'component')
+			elseif ($item->type === 'component')
 			{
 				$cNode = new Node\Component($item->title, $item->element, $item->link, $item->browserNav, $class, null, $item->icon);
 				$this->tree->addChild($cNode, $this->enabled);
@@ -439,7 +452,7 @@ protected function populateTree($levels)
 					$this->tree->getParent();
 				}
 			}
-			elseif ($item->type == 'container')
+			elseif ($item->type === 'container')
 			{
 				// We already excluded container type menu item with no children.
 				$this->tree->addChild(new Node\Container($item->title, $item->class, null, $item->icon), $this->enabled);