From 892d1384f88c9d4c385ff815bf57601dd2fdc1b9 Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Mon, 9 Aug 2021 11:46:51 +0200
Subject: [PATCH] Fixed permission checks in ProductController

---
 application/Order/OrderController.php     |  1 -
 application/Product/ProductController.php | 12 ++++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/application/Order/OrderController.php b/application/Order/OrderController.php
index 9d7497a57..bcafbb0c1 100644
--- a/application/Order/OrderController.php
+++ b/application/Order/OrderController.php
@@ -84,7 +84,6 @@ class OrderController extends mfBaseController {
       $terms = TerminationModel::search(["network_id" => $network_ids]);
       $this->layout()->set("terminations", $nets);
       
-      
       // get products assigned to my networks
       $products = [];
       foreach(ProductNetworkModel::search(["network_id" => $network_ids]) as $pn) {
diff --git a/application/Product/ProductController.php b/application/Product/ProductController.php
index 5f7148b72..2f0661beb 100644
--- a/application/Product/ProductController.php
+++ b/application/Product/ProductController.php
@@ -15,14 +15,14 @@ class ProductController extends mfBaseController {
   }
   
   protected function indexAction() {
-    if(!$me->is(["Admin"])) {
+    if(!$this->me->is(["Admin"])) {
       $this->redirect("Dashboard");
     }
     $this->layout()->set("products", ProductModel::getAll());
   }
   
   protected function addAction() {
-    if(!$me->is(["Admin"])) {
+    if(!$this->me->is(["Admin"])) {
       $this->redirect("Dashboard");
     }
     $this->layout()->setTemplate("Product/Form");
@@ -34,7 +34,7 @@ class ProductController extends mfBaseController {
   }
   
   protected function editAction() {
-    if(!$me->is(["Admin"])) {
+    if(!$this->me->is(["Admin"])) {
       $this->redirect("Dashboard");
     }
     $product_id = $this->request->id;
@@ -52,7 +52,7 @@ class ProductController extends mfBaseController {
   }
   
   protected function saveAction() {
-    if(!$me->is(["Admin"])) {
+    if(!$this->me->is(["Admin"])) {
       $this->redirect("Dashboard");
     }
     
@@ -179,7 +179,7 @@ class ProductController extends mfBaseController {
   }
   
   protected function deleteAction() {
-    if(!$me->is(["Admin"])) {
+    if(!$this->me->is(["Admin"])) {
       $this->redirect("Dashboard");
     }
     
@@ -197,7 +197,7 @@ class ProductController extends mfBaseController {
   }
   
   protected function apiAction() {
-    if(!$me->is(["Admin","netowner","pipeplanner"])) {
+    if(!$this->me->is(["Admin","netowner","pipeplanner"])) {
       $this->redirect("Dashboard");
     }
     $do = $this->request->do;