Fixed permission checks in ProductController

This commit is contained in:
Frank Schubert
2021-08-09 11:46:51 +02:00
parent 4d51eb23f3
commit 892d1384f8
2 changed files with 6 additions and 7 deletions

View File

@@ -84,7 +84,6 @@ class OrderController extends mfBaseController {
$terms = TerminationModel::search(["network_id" => $network_ids]);
$this->layout()->set("terminations", $nets);
// get products assigned to my networks
$products = [];
foreach(ProductNetworkModel::search(["network_id" => $network_ids]) as $pn) {

View File

@@ -15,14 +15,14 @@ class ProductController extends mfBaseController {
}
protected function indexAction() {
if(!$me->is(["Admin"])) {
if(!$this->me->is(["Admin"])) {
$this->redirect("Dashboard");
}
$this->layout()->set("products", ProductModel::getAll());
}
protected function addAction() {
if(!$me->is(["Admin"])) {
if(!$this->me->is(["Admin"])) {
$this->redirect("Dashboard");
}
$this->layout()->setTemplate("Product/Form");
@@ -34,7 +34,7 @@ class ProductController extends mfBaseController {
}
protected function editAction() {
if(!$me->is(["Admin"])) {
if(!$this->me->is(["Admin"])) {
$this->redirect("Dashboard");
}
$product_id = $this->request->id;
@@ -52,7 +52,7 @@ class ProductController extends mfBaseController {
}
protected function saveAction() {
if(!$me->is(["Admin"])) {
if(!$this->me->is(["Admin"])) {
$this->redirect("Dashboard");
}
@@ -179,7 +179,7 @@ class ProductController extends mfBaseController {
}
protected function deleteAction() {
if(!$me->is(["Admin"])) {
if(!$this->me->is(["Admin"])) {
$this->redirect("Dashboard");
}
@@ -197,7 +197,7 @@ class ProductController extends mfBaseController {
}
protected function apiAction() {
if(!$me->is(["Admin","netowner","pipeplanner"])) {
if(!$this->me->is(["Admin","netowner","pipeplanner"])) {
$this->redirect("Dashboard");
}
$do = $this->request->do;