diff options
| author | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
| commit | 19160ec62cec3b6e436590b16ebb2b329ef5d55b (patch) | |
| tree | bdfc8a89829fde79133b839d4cb52a27c7b3e520 /inc/user.inc.php | |
| parent | [locationinfo] URLpanel: Browser accept-language and screen rotation (diff) | |
| download | slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.gz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.xz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.zip | |
Add audit logging of POST actions
Diffstat (limited to 'inc/user.inc.php')
| -rw-r--r-- | inc/user.inc.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php index 0bb345c3..cd35ac29 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -75,12 +75,14 @@ class User if (User::hasPermission($permission, $locationid)) return; if (AJAX) { + Message::addError('main.no-permission'); Message::renderList(); + Audit::overrideResponseCode(403); exit; } if (!is_null($redirect)) { Message::addError('main.no-permission'); - Util::redirect($redirect); + Util::redirect($redirect, 403); } elseif (Module::isAvailable('permissionmanager')) { if ($permission[0] !== '.') { $module = Page::getModule(); @@ -88,10 +90,10 @@ class User $permission = '.' . $module->getIdentifier() . '.' . $permission; } } - Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission)); + Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission), 403); } else { Message::addError('main.no-permission'); - Util::redirect('?do=main'); + Util::redirect('?do=main', 403); } } |