Restricted survey creation to $user->rights->opensurvey->write

Dolibarr · Jan 5, 2014 · 0a3a6c0 · 0a3a6c0
1 parent 048e270
commit 0a3a6c0
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/htdocs/opensurvey/wizard/choix_autre.php b/htdocs/opensurvey/wizard/choix_autre.php
@@ -27,6 +27,9 @@
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 /*
  * Action
  */

diff --git a/htdocs/opensurvey/wizard/choix_date.php b/htdocs/opensurvey/wizard/choix_date.php
@@ -27,6 +27,9 @@
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 //le format du sondage est DATE
 $_SESSION["formatsondage"] = "D";
 

diff --git a/htdocs/opensurvey/wizard/create_survey.php b/htdocs/opensurvey/wizard/create_survey.php
@@ -27,8 +27,10 @@
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 // On teste toutes les variables pour supprimer l'ensemble des warnings PHP
 // On transforme en entites html les données afin éviter les failles XSS

diff --git a/htdocs/opensurvey/wizard/index.php b/htdocs/opensurvey/wizard/index.php
@@ -28,8 +28,10 @@
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 /*
  * View