[eventlog] Check permissions; add synamic suggestions for keys

author: Simon Rettberg 2021-06-28 15:04:35 +0200
committer: Simon Rettberg 2021-06-28 15:04:35 +0200
commit: 44742851b22f225294a693f54161ad8e43a7dfda (patch)
tree: 41121b084e77f53601df1e831cff3a298dda104d /modules-available/eventlog/pages/rules.inc.php
parent: [inc/User] Make sure user has a token (diff)
download: slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.gz
slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.xz
slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/modules-available/eventlog/pages/rules.inc.php b/modules-available/eventlog/pages/rules.inc.php
index 131c4eb6..b00dcf08 100644
--- a/modules-available/eventlog/pages/rules.inc.php
+++ b/modules-available/eventlog/pages/rules.inc.php
@@ -8,6 +8,7 @@ class SubPage
 	public static function doPreprocess()
 	{
 		if (Request::isPost()) {
+			User::assertPermission('filter.rule.edit');
 			$action = Request::post('action');
 			if ($action === 'save-filter') {
 				self::saveRule();
@@ -87,6 +88,7 @@ class SubPage
 
 	public static function doRender()
 	{
+		User::assertPermission('filter.rule.view');
 		$id = Request::get('id', null, 'int');
 		if ($id !== null) {
 			self::showRuleEditor($id);
@@ -109,6 +111,7 @@ class SubPage
 	private static function showRuleEditor(int $id)
 	{
 		// EDIT
+		User::assertPermission('filter.rule.edit');
 		$index = 0;
 		$existing = [];
 		if ($id !== 0) {
author	Simon Rettberg	2021-06-28 15:04:35 +0200
committer	Simon Rettberg	2021-06-28 15:04:35 +0200
commit	44742851b22f225294a693f54161ad8e43a7dfda (patch)
tree	41121b084e77f53601df1e831cff3a298dda104d /modules-available/eventlog/pages/rules.inc.php
parent	[inc/User] Make sure user has a token (diff)
download	slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.gz slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.xz slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.zip