Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed bug #19002: Unauthorized access to Survey menu entries (#3395)
Co-authored-by: Lapiu Dev <devgit@lapiu.biz>
  • Loading branch information
gabrieljenik and lapiudevgit committed Aug 29, 2023
1 parent 45b2bbc commit b7e7da6
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions application/controllers/admin/SurveymenuController.php
Expand Up @@ -5,6 +5,20 @@
*/
class SurveymenuController extends SurveyCommonAction
{
/**
* SurveymenuController Constructor
* @param $controller
* @param $id
**/
public function __construct($controller, $id)
{
parent::__construct($controller, $id);

if (!Permission::model()->hasGlobalPermission('settings', 'read')) {
throw new CHttpException(403, gT("You do not have permission to access this page."));
}
}

/**
* @return string[] action filters
*/
Expand Down Expand Up @@ -367,6 +381,7 @@ protected function performAjaxValidation($model)
**/
public function index()
{
// Permission check is done in the constructor.
$this->getController()->redirect(array('admin/menus/sa/view'));
}

Expand All @@ -376,6 +391,8 @@ public function index()
*/
public function view()
{
// Permission check is done in the constructor.

$aData = array();
$aData['model'] = Surveymenu::model();

Expand Down

0 comments on commit b7e7da6

Please sign in to comment.