Fixed issue #16843: Label set permission check was too tight

LimeSurvey · Jul 12, 2021 · ef773af · Shnoulle · Jul 12, 2021 · Shnoulle
1 parent c9303e7
commit ef773af
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 11 deletions.
diff --git a/application/controllers/admin/labels.php b/application/controllers/admin/labels.php
@@ -44,7 +44,7 @@ public function run($sa = null)
      */
     public function importlabelresources()
     {
-        if (!Permission::model()->hasGlobalPermission('labelsets', 'edit')) {
 if (!in_array($sCRUD, array('create', 'read', 'update', 'delete', 'import', 'export'))) { 
 if (!in_array($sCRUD, array('create', 'read', 'update', 'delete', 'import', 'export'))) { 
+        if (!Permission::model()->hasGlobalPermission('labelsets', 'update')) {
             Yii::app()->session['flashmessage'] = gT('Access denied!');
             $this->getController()->redirect(App()->createUrl("/admin"));
         }

diff --git a/application/views/admin/labels/labelview_view.php b/application/views/admin/labels/labelview_view.php
@@ -1,6 +1,6 @@
 <script type='text/javascript'>
-    var duplicatelabelcode='<?php eT('Error: You are trying to use duplicate label codes.','js'); ?>';
-    var otherisreserved='<?php eT("Error: 'other' is a reserved keyword.",'js'); ?>';
+    var duplicatelabelcode='<?php eT('Error: You are trying to use duplicate label codes.', 'js'); ?>';
+    var otherisreserved='<?php eT("Error: 'other' is a reserved keyword.", 'js'); ?>';
 </script>
 
 <!-- quick add popup -->
@@ -9,7 +9,7 @@
 <div class="col-sm-12 labels">
     <div class="pagetitle h3">
         <?php eT("Labels") ?>
-        <?php if(isset($model->label_name)): ?> 
+        <?php if (isset($model->label_name)) : ?> 
             - <?php echo CHtml::encode($model->label_name); ?>
         <?php endif; ?>
     </div>
@@ -21,8 +21,10 @@
 
                 <!-- tabs -->
                 <ul class="nav nav-tabs">
-                    <?php  foreach ($lslanguages as $i => $language): ?>
-                        <li role="presentation" <?php if($i==0){ echo 'class="active"';}?>>
+                    <?php  foreach ($lslanguages as $i => $language) : ?>
+                        <li role="presentation" <?php if ($i == 0) {
+                            echo 'class="active"';
+                                                }?>>
                             <a data-toggle="tab" href='#neweditlblset<?php echo $i; ?>' >
                                 <?php echo getLanguageNameFromCode($language, false); ?>
                             </a>
@@ -31,20 +33,19 @@
                 </ul>
 
                 <!-- FORM -->
-                <?php echo CHtml::form(array("admin/labels/sa/process"), 'post', array('id'=>'mainform')); ?>
+                <?php echo CHtml::form(array("admin/labels/sa/process"), 'post', array('id' => 'mainform')); ?>
                     <input type='hidden' name='lid' value='<?php echo $lid ?>' />
                     <input type='hidden' name='action' value='modlabelsetanswers' />
 
                     <!-- tab content -->
-                    <?php $this->renderPartial("./labels/_labelviewtabcontent_view", array('lslanguages'=>$lslanguages, 'results'=>$results, 'action' => $action)); ?>
+                    <?php $this->renderPartial("./labels/_labelviewtabcontent_view", array('lslanguages' => $lslanguages, 'results' => $results, 'action' => $action)); ?>
                 </form>
             </div>
 
             <!-- Right content -->
             <div class="col-sm-4">
-            <?php if(Permission::model()->hasGlobalPermission('labelsets','edit'))
-            { ?>
-                <?php $this->renderPartial("./labels/_labelviewrightcontent_view", array('lid'=>$lid)); ?>
+            <?php if (Permission::model()->hasGlobalPermission('labelsets', 'update')) { ?>
+                <?php $this->renderPartial("./labels/_labelviewrightcontent_view", array('lid' => $lid)); ?>
             <?php }; ?>
             </div>
         </div>