summaryrefslogtreecommitdiffstats
path: root/application/controllers/ResourceController.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/controllers/ResourceController.php')
-rwxr-xr-xapplication/controllers/ResourceController.php14
1 files changed, 10 insertions, 4 deletions
diff --git a/application/controllers/ResourceController.php b/application/controllers/ResourceController.php
index 954ba3b..a7c80b1 100755
--- a/application/controllers/ResourceController.php
+++ b/application/controllers/ResourceController.php
@@ -919,8 +919,11 @@ class ResourceController extends Zend_Controller_Action
if(isset($params['bootosid'])) {
$bootos = array($bootosMapper->find($params['bootosid']));
if($bootos[0]->getGroupID() != $groupID) {
- header('HTTP/1.0 403 No Right to Show this Bootos');
- die();
+ list($rightroles1) = $this->rightrolesMapper->findBy(array('rightID' => '110', 'roleID' => $this->membership->getRoleID()));
+ if($rightroles1 == null){
+ header('HTTP/1.0 403 No Right to Show this Bootos');
+ die();
+ }
}
} else {
$groupgroupsMapper = new Application_Model_GroupGroupsMapper();
@@ -1020,8 +1023,11 @@ class ResourceController extends Zend_Controller_Action
$pool = array(new Application_Model_Pool());
$poolMapper->find($params['poolid'], $pool[0]);
if($pool[0]->getGroupID() != $groupID) {
- header('HTTP/1.0 403 No Right to Show this Pool');
- die();
+ list($rightroles1) = $this->rightrolesMapper->findBy(array('rightID' => '109', 'roleID' => $this->membership->getRoleID()));
+ if($rightroles1 == null){
+ header('HTTP/1.0 403 No Right to Show this Pool');
+ die();
+ }
}
} else {
$pool = $poolMapper->findBy(array('groupid' => $groupID));