From ee7be889edc930958d7a35b2a7afacec66f35191 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 14 Apr 2015 08:26:54 +0000
Subject: [PATCH] fix getAllowedPages / privileges

---
 src/etc/inc/auth.inc      |  2 +-
 src/etc/inc/priv.defs.inc |  6 ++++++
 src/etc/inc/priv.inc      | 26 +++++++++++++-------------
 3 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 1c676314a..a7c5ce8bb 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -536,7 +536,7 @@ function local_user_get_groups($user, $all = false)
 	}
 
 	foreach ($config['system']['group'] as $group) {
-		if (is_array($group['member'])) {
+		if (isset($group['member'])) {
 			if (in_array($user['uid'], $group['member']) || ($group['name'] == "all" && $all)) {
 				$groups[] = $group['name'];
 			}
diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc
index e687a916b..43bd5b78b 100644
--- a/src/etc/inc/priv.defs.inc
+++ b/src/etc/inc/priv.defs.inc
@@ -1462,3 +1462,9 @@ $priv_list['user-pptp-dialin']['descr'] = "Indicates whether the user is allowed
 $priv_list['user-pppoe-dialin'] = array();
 $priv_list['user-pppoe-dialin']['name'] = "User - VPN - PPPOE Dialin";
 $priv_list['user-pppoe-dialin']['descr'] = "Indicates whether the user is allowed to dial in via PPPOE";
+
+// sort by name ( case insensitive ) 
+uasort($priv_list,function($a,$b) {
+	return strcasecmp($a["name"], $b["name"]) ;
+});
+
diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc
index 2bb96aca7..4e4382cfa 100644
--- a/src/etc/inc/priv.inc
+++ b/src/etc/inc/priv.inc
@@ -32,12 +32,6 @@
 
 require_once 'priv.defs.inc';
 
-if (is_array($priv_list)) {
-	usort($priv_list, function($a, $b) {
-		return strcasecmp($a['name'], $b['name']);
-	});
-}
-
 function cmp_page_matches($page, & $matches, $fullwc = true) {
 
 //	$dbg_matches = implode(",", $matches);
@@ -172,7 +166,7 @@ function isAllowedPage($page)
 function getPrivPages(& $entry, & $allowed_pages) {
 	global $priv_list;
 
-	if (!is_array($entry['priv']))
+	if (!isset($entry['priv']) || !is_array($entry['priv']))
 		return;
 
 	foreach ($entry['priv'] as $pname) {
@@ -198,7 +192,11 @@ function getAllowedPages($username) {
 	$allowed_pages = array();
 	$allowed_groups = array();
 
-	$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
+	if (isset($config['system']['webgui']['authmode'])) {
+		$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
+	} else {
+		$authcfg['type'] = 'local';
+	}
 	// obtain ldap groups if we are in ldap mode
 	if ($authcfg['type'] == "ldap")
 		$allowed_groups = @ldap_get_groups($username, $authcfg);
@@ -208,15 +206,17 @@ function getAllowedPages($username) {
 		getPrivPages($local_user, $allowed_pages);
 
 		// obtain local groups if we have a local user
-		if ($local_user)
-			$allowed_groups = local_user_get_groups($local_user);
+		$allowed_groups = local_user_get_groups($local_user);
 	}
 
 	// build a list of allowed pages
-	if (is_array($config['system']['group']) && is_array($allowed_groups))
-		foreach ($config['system']['group'] as $group)
-			if (in_array($group['name'], $allowed_groups))
+	if (is_array($config['system']['group']) && is_array($allowed_groups)) {
+		foreach ($config['system']['group'] as $group) {
+			if (in_array($group['name'], $allowed_groups)) {
 				getPrivPages($group, $allowed_pages);
+			}
+		}
+	}
 
 //	$dbg_pages = implode(",", $allowed_pages);
 //	$dbg_groups = implode(",", $allowed_groups);