From 7f6ed3e1eb7cd1eb199473d11c3158790874138c Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Tue, 20 Jul 2021 22:52:06 +0200
Subject: [PATCH] Added permission check in Building::delete()

---
 application/Building/BuildingController.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/application/Building/BuildingController.php b/application/Building/BuildingController.php
index ce9ecab4f..e45ba76fd 100644
--- a/application/Building/BuildingController.php
+++ b/application/Building/BuildingController.php
@@ -146,6 +146,11 @@ class BuildingController extends mfBaseController {
   }
   
   protected function deleteAction() {
+    if(!$this->me->is("Admin") && !$this->me->is("pipeplanner")) {
+      $this->layout()->setFlash("Keine Berechtigung", "error");
+      $this->redirect("Building");
+    }
+    
     $id = $this->request->id;
     
     if(!is_numeric($id) || !$id) {