Only administrator can make changes to categories

App/Controllers/Posts.php

@@ -81,11 +81,11 @@ class Posts
 
         $url = 'Data/pengumuman.html';
 
-        $status = '';
+        $privilage = '';
 
         if (Session::exists('userid')) {
             $post = $this->model->showAll();
-            $status = 'admin';
+            $privilage = Session::get('privilage');
         }
 
         if ($post !== false) {
@@ -102,7 +102,7 @@ class Posts
         }
         View::render($url, [
             'posts' => $posts,
-            'status' => $status
+            'privilage' => $privilage
         ]);
     }
 
@@ -198,6 +198,11 @@ class Posts
     public function category()
     {
         if (Session::exists('userid')) {
+            if (Session::get('privilage') != 1)  {
+                Session::flash('info', 'Hanya admin yang bisa mengatur kategori.');
+                Redirect::to('/');
+                die();
+            }
             $categories = [];
             $get_categories = $this->model->showAll([], 'kategori');
 
@@ -212,7 +217,7 @@ class Posts
                 'token' => Token::generate()
             ]);
         } else {
-            throw new \Exception("Bad request", 400);
+            throw new \Exception("Page not found", 404);
         }
     }
 

App/Views/Data/pengumuman.html

@@ -29,9 +29,11 @@
 
     <br />
 
-    {% if status %}
+    {% if privilage != "" %}
         <a href="/posts/entry">+ Tambah Pengumuman</a>
-        <a href="/posts/category">+ Tambah Kategori</a>
+        {% if privilage == 1 %}
+            <a href="/posts/category">+ Tambah Kategori</a>
+        {% endif %}
         <a href="/logout">Keluar</a>
-    {% endif %}
+        {% endif %}
 {% endblock %}