From 5706fe183f5ed104832db14a4db8718d57e6a8d7 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 6 Feb 2013 08:34:41 +0100 Subject: [PATCH] Redirect for ServersController Added redirect for index in case of non sync users --- app/Controller/ServersController.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index ff703c4ec..8fa434367 100755 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -64,6 +64,7 @@ class ServersController extends AppController { 'conditions' => array(), ); } else { + if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index')); $conditions['Server.organization LIKE'] = $this->Auth->user('org'); $this->paginate = array( 'conditions' => array($conditions), @@ -78,7 +79,7 @@ class ServersController extends AppController { * @return void */ public function add() { - if($this->Auth->user('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); if ($this->request->is('post')) { // force check userid and orgname to be from yourself $this->request->data['Server']['org'] = $this->Auth->user('org'); @@ -136,7 +137,7 @@ class ServersController extends AppController { * @throws NotFoundException */ public function delete($id = null) { - if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if($this->Auth->user('org') != 'ADMIN' && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); if (!$this->request->is('post')) { throw new MethodNotAllowedException(); }