Skip to content

Commit

Permalink
Fixed issue #10829: Survey admins presented with inappropriate control
Browse files Browse the repository at this point in the history 
buttons

Dev: Add redirect after denied access.
  • Loading branch information
@olleharstedt
olleharstedt committed Apr 15, 2016
1 parent 5d07be3 commit 88f3073
Showing 1 changed file with 33 additions and 2 deletions.
35 changes: 33 additions & 2 deletions application/controllers/admin/questiongroups.php
View file
Expand Up @@ -38,6 +38,12 @@ function import()
$action = $_POST['action'];
$iSurveyID = $surveyid = $aData['surveyid'] = (int)$_POST['sid'];

if (!Permission::model()->hasSurveyPermission($surveyid,'surveycontent','import'))
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(array('admin/survey/sa/listquestiongroups/surveyid/' . $surveyid));
}

if ($action == 'importgroup')
{
$importgroup = "\n";
Expand Down Expand Up @@ -128,7 +134,7 @@ function importView($surveyid)
}
else
{
Yii::app()->session['flashmessage'] = gT("We are sorry but you don't have permissions to do this.");
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(array('admin/survey/sa/listquestiongroups/surveyid/' . $surveyid));
}
}
Expand All @@ -144,7 +150,7 @@ function add($surveyid)
$iSurveyID = $surveyid = sanitize_int($surveyid);
$aViewUrls = $aData = array();

if (Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'read'))
if (Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'create'))
{
Yii::app()->session['FileManagerContext'] = "create:group:{$surveyid}";

Expand All @@ -171,6 +177,11 @@ function add($surveyid)
$aData['surveybar']['saveandclosebutton']['form'] = true;
$this->_renderWrappedTemplate('survey/QuestionGroups', 'addGroup_view', $aData);
}
else
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(Yii::app()->request->urlReferrer);
}
}

/**
Expand Down Expand Up @@ -290,6 +301,11 @@ public function insert($surveyid)
$this->getController()->redirect(array('admin/questiongroups/sa/view/surveyid/' . $surveyid . '/gid/' . $gid));
}
}
else
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(Yii::app()->request->urlReferrer);
}
}

/**
Expand Down Expand Up @@ -319,6 +335,11 @@ public function delete($iSurveyId, $iGroupId)
LimeExpressionManager::UpgradeConditionsToRelevance($iSurveyId);
$this->getController()->redirect(array('admin/survey/sa/listquestiongroups/surveyid/' . $iSurveyId ));
}
else
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(Yii::app()->request->urlReferrer);
}
}

public function view($surveyid, $gid)
Expand Down Expand Up @@ -455,6 +476,11 @@ public function edit($surveyid, $gid)

$this->_renderWrappedTemplate('survey/QuestionGroups', 'editGroup_view', $aData);
}
else
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(Yii::app()->request->urlReferrer);
}

}

Expand Down Expand Up @@ -524,6 +550,11 @@ public function update($gid)

$this->getController()->redirect(array('admin/questiongroups/sa/edit/surveyid/' . $surveyid . '/gid/' . $gid));
}
else
{
Yii::app()->user->setFlash('error', gT("Access denied"));
$this->getController()->redirect(Yii::app()->request->urlReferrer);
}
}

/**
Expand Down

0 comments on commit 88f3073

Please sign in to comment.