Admin pages are for admins only, right?

4 files changed, 4 insertions, 4 deletions

diff --git a/admin/index.php b/admin/index.php
index a9cc079c875..6e79f43ddf6 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -23,7 +23,7 @@
 
 require_once('../lib/base.php');
 oc_require( 'template.php' );
-if( !OC_USER::isLoggedIn()){
+if( !OC_USER::isLoggedIn() || !OC_USER::ingroup( $_SESSION['username'], 'admin' )){
 	header( "Location: ".OC_UTIL::linkto( "index.php" ));
 	exit();
 }
diff --git a/admin/plugins.php b/admin/plugins.php
index 36139edab04..b281115e124 100644
--- a/admin/plugins.php
+++ b/admin/plugins.php
@@ -23,7 +23,7 @@
 
 require_once('../lib/base.php');
 oc_require( 'template.php' );
-if( !OC_USER::isLoggedIn()){
+if( !OC_USER::isLoggedIn() || !OC_USER::ingroup( $_SESSION['username'], 'admin' )){
 	header( "Location: ".OC_UTIL::linkto( "index.php" ));
 	exit();
 }
diff --git a/admin/system.php b/admin/system.php
index a9cc079c875..6e79f43ddf6 100644
--- a/admin/system.php
+++ b/admin/system.php
@@ -23,7 +23,7 @@
 
 require_once('../lib/base.php');
 oc_require( 'template.php' );
-if( !OC_USER::isLoggedIn()){
+if( !OC_USER::isLoggedIn() || !OC_USER::ingroup( $_SESSION['username'], 'admin' )){
 	header( "Location: ".OC_UTIL::linkto( "index.php" ));
 	exit();
 }
diff --git a/admin/users.php b/admin/users.php
index 77be508914b..e3a9ab1418a 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@
 
 require_once('../lib/base.php');
 oc_require( 'template.php' );
-if( !OC_USER::isLoggedIn()){
+if( !OC_USER::isLoggedIn() || !OC_USER::ingroup( $_SESSION['username'], 'admin' )){
 	header( "Location: ".OC_UTIL::linkto( "index.php" ));
 	exit();
 }