Leginon

fix with r14557. Because groups, instruments, applications editing affects all users. They require level 4 privilege in "groups" to edit. I also did it in the same way for adduser.php because even power user should not change someone else's user profiles. I have taken care of these in revertsettings.php before.

goniometer.php which also found in admin.php side-bar is a view-only page so it just need to check if the user is logged in.

might be possible to move is_logged into admin.inc now that all of them need to do it.

http://fly/myamiweb/user.php allows anonymous user to view (but not edit) all users. Do we want people who don't even have a login to have access to all of our users names, emails, addresses, and phone numbers?

Did more refinement on page access in r14701, including remove access to users.php page to guest group to which anonymous user belongs. Currently,

Administration group: view and edit everything.

Power user: deny addusers.php. addinstrument.php, addapps.php, deny editing on users.php, deny revertsettings.php on users other than him/herself.

User group: also deny access on users.php in addition to restriction on Power user.

Guest group: also deny access on revertsettings.php, goniometer.php