Commit 872dbeb4441bc03c184df2815a82637a135d46ec
1 parent
7d09bbb5
added access control to getDefaultAction
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1620 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
7 additions
and
7 deletions
lib/session/SiteMap.inc
| @@ -440,14 +440,14 @@ class SiteMap { | @@ -440,14 +440,14 @@ class SiteMap { | ||
| 440 | $results = array(); | 440 | $results = array(); |
| 441 | // need to loop through all (groupName, page) arrays in this section | 441 | // need to loop through all (groupName, page) arrays in this section |
| 442 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { | 442 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { |
| 443 | - // don't need to check the permissions here, when the controller tries to | ||
| 444 | - // retrieve the page from the action, the perms will be checked | ||
| 445 | - //$default->log->debug("Sitemap::getDefaultAction: (section=$sectionName, reqGrp=$requiredGroupName); pages=" . arrayToString($pages)); | ||
| 446 | - foreach ($pages as $action => $pageArray) { | ||
| 447 | - //$default->log->debug("Sitemap::getDefaultAction: action=$action; pageArray" . arrayToString($pageArray)); | ||
| 448 | - if ($pageArray["default"] && $pageArray["enabled"]) { | ||
| 449 | - return $action; | 443 | + if ($this->hasPermission($requiredAccess)) { |
| 444 | + foreach ($pages as $action => $pageArray) { | ||
| 445 | + if ($pageArray["default"] && $pageArray["enabled"]) { | ||
| 446 | + return $action; | ||
| 447 | + } | ||
| 450 | } | 448 | } |
| 449 | + } else { | ||
| 450 | + return ""; | ||
| 451 | } | 451 | } |
| 452 | } | 452 | } |
| 453 | } else { | 453 | } else { |