address issue #1335

This commit is contained in:
arjunrc 2016-03-12 08:07:25 -05:00
parent 5b2d194af2
commit 8a47241e18
2 changed files with 40 additions and 1 deletions

View File

@ -97,7 +97,7 @@ public function beforeFilter() {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthotizedException(__('Insufficient privileges'));
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}

View File

@ -11,6 +11,18 @@ class StatesController extends AppController {
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('systemPermission');
if ($canView =='None')
{
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
}
/**
* index method
*
@ -46,7 +58,15 @@ public $components = array('RequestHandler');
* @return void
*/
public function add() {
if ($this->request->is('post')) {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$this->State->create();
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
@ -65,6 +85,13 @@ public $components = array('RequestHandler');
if (!$this->State->exists($id)) {
throw new NotFoundException(__('Invalid state'));
}
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if ($this->request->is(array('post', 'put'))) {
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
@ -84,6 +111,12 @@ public $components = array('RequestHandler');
*/
public function delete($id = null) {
$this->State->id = $id;
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if (!$this->State->exists()) {
throw new NotFoundException(__('Invalid state'));
}
@ -96,6 +129,12 @@ public $components = array('RequestHandler');
}
public function change() {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$newState = $this->request->params['pass'][0];
$blah = $this->packageControl($newState);