Fixed issue: all admin have access to survey summary, logic files and…

… survey print version
LimeSurvey · Jan 3, 2013 · 006cbb6 · 006cbb6
1 parent 2c0f0fe
commit 006cbb6
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/application/core/Survey_Common_Action.php b/application/core/Survey_Common_Action.php
@@ -67,7 +67,18 @@ public function runWithParams($params)
 
         if (!empty($params['iSurveyId']))
         {
-            LimeExpressionManager::SetSurveyId($params['iSurveyId']); // must be called early - it clears internal cache if a new survey is being used
+            if(!Survey::model()->findByPk($params['iSurveyId']))
+            {
+                $this->getController()->error('Invalid survey id');
+            }
+            elseif (!hasSurveyPermission($params['iSurveyId'], 'survey', 'read'))
+            {
+                $this->getController()->error('No permission');
+            }
+            else
+            {
+                LimeExpressionManager::SetSurveyId($params['iSurveyId']); // must be called early - it clears internal cache if a new survey is being used
+            }
         }
 
         // Check if the method is public and of the action class, not its parents