Fixed permission checks in ProductController
This commit is contained in:
@@ -84,7 +84,6 @@ class OrderController extends mfBaseController {
|
||||
$terms = TerminationModel::search(["network_id" => $network_ids]);
|
||||
$this->layout()->set("terminations", $nets);
|
||||
|
||||
|
||||
// get products assigned to my networks
|
||||
$products = [];
|
||||
foreach(ProductNetworkModel::search(["network_id" => $network_ids]) as $pn) {
|
||||
|
||||
@@ -15,14 +15,14 @@ class ProductController extends mfBaseController {
|
||||
}
|
||||
|
||||
protected function indexAction() {
|
||||
if(!$me->is(["Admin"])) {
|
||||
if(!$this->me->is(["Admin"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
$this->layout()->set("products", ProductModel::getAll());
|
||||
}
|
||||
|
||||
protected function addAction() {
|
||||
if(!$me->is(["Admin"])) {
|
||||
if(!$this->me->is(["Admin"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
$this->layout()->setTemplate("Product/Form");
|
||||
@@ -34,7 +34,7 @@ class ProductController extends mfBaseController {
|
||||
}
|
||||
|
||||
protected function editAction() {
|
||||
if(!$me->is(["Admin"])) {
|
||||
if(!$this->me->is(["Admin"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
$product_id = $this->request->id;
|
||||
@@ -52,7 +52,7 @@ class ProductController extends mfBaseController {
|
||||
}
|
||||
|
||||
protected function saveAction() {
|
||||
if(!$me->is(["Admin"])) {
|
||||
if(!$this->me->is(["Admin"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
|
||||
@@ -179,7 +179,7 @@ class ProductController extends mfBaseController {
|
||||
}
|
||||
|
||||
protected function deleteAction() {
|
||||
if(!$me->is(["Admin"])) {
|
||||
if(!$this->me->is(["Admin"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
|
||||
@@ -197,7 +197,7 @@ class ProductController extends mfBaseController {
|
||||
}
|
||||
|
||||
protected function apiAction() {
|
||||
if(!$me->is(["Admin","netowner","pipeplanner"])) {
|
||||
if(!$this->me->is(["Admin","netowner","pipeplanner"])) {
|
||||
$this->redirect("Dashboard");
|
||||
}
|
||||
$do = $this->request->do;
|
||||
|
||||
Reference in New Issue
Block a user