Author: david
Date: Wed Aug 31 16:02:03 2011
New Revision: 9648
Log:
Return 403 - Forbidden response if user is not authorized
Modified:
trunk/apps/qubit/modules/repository/actions/editUploadLimitAction.class.php
trunk/apps/qubit/modules/repository/actions/uploadLimitComponent.class.php
Modified:
trunk/apps/qubit/modules/repository/actions/editUploadLimitAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/repository/actions/editUploadLimitAction.class.php
Wed Aug 31 15:36:12 2011 (r9647)
+++ trunk/apps/qubit/modules/repository/actions/editUploadLimitAction.class.php
Wed Aug 31 16:02:03 2011 (r9648)
@@ -21,10 +21,18 @@
{
public function execute($request)
{
+ if (!$this->getUser()->hasCredential('administrator'))
+ {
+ // 403 - Forbidden
+ $this->getResponse()->setStatusCode(403);
+
+ return sfView::HEADER_ONLY;
+ }
+
$this->resource = $request->getAttribute('sf_route')->resource;
if (!isset($this->resource))
{
- return sfView::NONE;
+ $this->forward404();
}
$uploadLimit = $request->getParameter('uploadLimit');
Modified:
trunk/apps/qubit/modules/repository/actions/uploadLimitComponent.class.php
==============================================================================
--- trunk/apps/qubit/modules/repository/actions/uploadLimitComponent.class.php
Wed Aug 31 15:36:12 2011 (r9647)
+++ trunk/apps/qubit/modules/repository/actions/uploadLimitComponent.class.php
Wed Aug 31 16:02:03 2011 (r9648)
@@ -21,6 +21,11 @@
{
public function execute($request)
{
+ if (!$this->getUser()->isAuthenticated())
+ {
+ return sfView::NONE;
+ }
+
// Get upload type
switch ($this->resource->uploadLimit)
{
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
