Commit bea01a76e6826c24189d2be3775cca85354c1f3a
1 parent
bcccc09b
By default, document actions require the ktcore.permissions.read
permission to display and to be called. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4045 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
4 additions
and
1 deletions
lib/actions/documentaction.inc.php
| @@ -9,7 +9,7 @@ class KTDocumentAction extends KTStandardDispatcher { | @@ -9,7 +9,7 @@ class KTDocumentAction extends KTStandardDispatcher { | ||
| 9 | var $sDescription; | 9 | var $sDescription; |
| 10 | var $sDisplayName; | 10 | var $sDisplayName; |
| 11 | 11 | ||
| 12 | - var $_sShowPermission; | 12 | + var $_sShowPermission = "ktcore.permissions.read"; |
| 13 | var $_sDisablePermission; | 13 | var $_sDisablePermission; |
| 14 | 14 | ||
| 15 | var $_bDisabled; | 15 | var $_bDisabled; |
| @@ -99,6 +99,9 @@ class KTDocumentAction extends KTStandardDispatcher { | @@ -99,6 +99,9 @@ class KTDocumentAction extends KTStandardDispatcher { | ||
| 99 | 99 | ||
| 100 | function check() { | 100 | function check() { |
| 101 | $this->oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']); | 101 | $this->oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']); |
| 102 | + if ($this->_show() === false) { | ||
| 103 | + return false; | ||
| 104 | + } | ||
| 102 | return true; | 105 | return true; |
| 103 | } | 106 | } |
| 104 | 107 |