diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 1f3c85fcd..11490dcb8 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -5188,8 +5188,17 @@ class EventsController extends AppController public function handleModuleResults($eventId) { - debug($eventId); - debug($this->request->event); + if (!$this->userRole['perm_add']) { + throw new MethodNotAllowedException(__('Event not found or you don\'t have permissions to create attributes')); + } + if ($this->request->is('post')) { + if (!$this->Event->checkIfAuthorised($this->Auth->user(), $id)) { + throw new MethodNotAllowedException(__('Invalid event.')); + } + $this->redirect(array('controller' => 'events', 'action' => 'view', $id)); + } else { + throw new MethodNotAllowedException('This endpoint requires a POST request.'); + } } public function importModule($module, $eventId)