Author: jablko
Date: Tue Oct 26 13:13:56 2010
New Revision: 8513
Log:
Check authorization after processing parent and taxonomy fields
Modified:
trunk/apps/qubit/modules/term/actions/editAction.class.php
Modified: trunk/apps/qubit/modules/term/actions/editAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/term/actions/editAction.class.php Tue Oct 26
11:47:06 2010 (r8512)
+++ trunk/apps/qubit/modules/term/actions/editAction.class.php Tue Oct 26
13:13:56 2010 (r8513)
@@ -66,15 +66,6 @@
QubitTreeView::addAssets($this->response);
}
- else
- {
- // Check authorization to create term
- $params =
$this->context->routing->parse(Qubit::pathInfo($request->taxonomy));
- if (!QubitAcl::check($this->resource, 'create', array('taxonomyId' =>
$params['id'])))
- {
- QubitAcl::forwardUnauthorized();
- }
- }
}
protected function addField($name)
@@ -410,6 +401,12 @@
{
parent::processForm();
+ // Check authorization
+ if (!QubitAcl::check($this->resource, 'create'))
+ {
+ QubitAcl::forwardUnauthorized();
+ }
+
$this->resource->save();
// Update related info objects when term labels changes
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
