summaryrefslogtreecommitdiffstats
path: root/application/modules/user/controllers/ConfigController.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/modules/user/controllers/ConfigController.php')
-rw-r--r--application/modules/user/controllers/ConfigController.php7
1 files changed, 2 insertions, 5 deletions
diff --git a/application/modules/user/controllers/ConfigController.php b/application/modules/user/controllers/ConfigController.php
index df32385..6f5497a 100644
--- a/application/modules/user/controllers/ConfigController.php
+++ b/application/modules/user/controllers/ConfigController.php
@@ -26,10 +26,7 @@ class user_ConfigController extends Zend_Controller_Action
$this->db = Zend_Db_Table::getDefaultAdapter();
-
$this->type = $this->_request->getParam('type');
-
-
} else {
$this->_helper->redirector('login', 'auth');
}
@@ -155,10 +152,10 @@ class user_ConfigController extends Zend_Controller_Action
$this->configMapper->find($configID, $config);
if($config->getMembershipID() != null){
- if($this->membership->getID() != $config->getMembershipID())
+ if($this->membership->getID() != $config->getMembershipID() || !Pbs_Acl::checkRight('ceo'))
$this->_redirect('/user/config/index/type/'.$this->type.'/page/'.$this->page.'/modifyresult/forbidden');
}else{
- if($this->membership->getGroupID() != $config->getGroupID())
+ if($this->membership->getGroupID() != $config->getGroupID() || (!Pbs_Acl::checkRight('ce') && !Pbs_Acl::checkRight('cem')))
$this->_redirect('/user/config/index/type/'.$this->type.'/page/'.$this->page.'/modifyresult/forbidden');
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-02-27 21:04:40 +0100