Author: sevein
Date: Tue Jun 28 13:55:43 2011
New Revision: 9215
Log:
Add security checks at accession edit action
Modified:
trunk/plugins/qtAccessionPlugin/modules/qtAccessionPlugin/actions/editAction.class.php
Modified:
trunk/plugins/qtAccessionPlugin/modules/qtAccessionPlugin/actions/editAction.class.php
==============================================================================
---
trunk/plugins/qtAccessionPlugin/modules/qtAccessionPlugin/actions/editAction.class.php
Tue Jun 28 13:39:53 2011 (r9214)
+++
trunk/plugins/qtAccessionPlugin/modules/qtAccessionPlugin/actions/editAction.class.php
Tue Jun 28 13:55:43 2011 (r9215)
@@ -47,11 +47,19 @@
{
$this->resource = $this->getRoute()->resource;
- // TODO Check user authorization 'edit'
+ // Check user authorization
+ if (!QubitAcl::check($this->resource, 'update'))
+ {
+ QubitAcl::forwardUnauthorized();
+ }
}
else
{
- // TODO Check user authorization 'create'
+ // Check user authorization
+ if (!QubitAcl::check($this->resource, 'create'))
+ {
+ QubitAcl::forwardUnauthorized();
+ }
}
}
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
