diff options
| author | Finn Schneider <schneider@data-quest.de> | 2026-02-23 13:11:13 +0100 |
|---|---|---|
| committer | Finn Schneider <schneider@data-quest.de> | 2026-03-13 17:25:01 +0000 |
| commit | 2bff2fd977ec10b3dd391002de22486716b5c994 (patch) | |
| tree | b0c513ced9b3d924d87f4144a26cf8f41725b8d6 | |
| parent | e8d9c90a35e7b3c304f444f4277677f3ad267912 (diff) | |
before_filter
| -rw-r--r-- | app/controllers/evaluation/archive.php | 10 | ||||
| -rw-r--r-- | app/controllers/evaluation/pool.php | 10 | ||||
| -rw-r--r-- | app/controllers/evaluation/profiles.php | 10 |
3 files changed, 30 insertions, 0 deletions
diff --git a/app/controllers/evaluation/archive.php b/app/controllers/evaluation/archive.php index b953e53..f659fe8 100644 --- a/app/controllers/evaluation/archive.php +++ b/app/controllers/evaluation/archive.php @@ -1,6 +1,16 @@ <?php class Evaluation_ArchiveController extends AuthenticatedController { + public function before_filter(&$action, &$args) + { + parent::before_filter($action, $args); + $current_user = User::findCurrent(); + if (!($current_user->hasPermissionLevel('root') || + $current_user->hasRole('Zentraler Evaluationsadmin'))) { + throw new AccessDeniedException(); + } + } + public function index_action() { Navigation::activateItem('/evaluation/archive'); diff --git a/app/controllers/evaluation/pool.php b/app/controllers/evaluation/pool.php index 5e01fd6..6b25e32 100644 --- a/app/controllers/evaluation/pool.php +++ b/app/controllers/evaluation/pool.php @@ -1,6 +1,16 @@ <?php class Evaluation_PoolController extends AuthenticatedController { + public function before_filter(&$action, &$args) + { + parent::before_filter($action, $args); + $current_user = User::findCurrent(); + if (!($current_user->hasPermissionLevel('root') || + $current_user->hasRole('Zentraler Evaluationsadmin'))) { + throw new AccessDeniedException(); + } + } + public function index_action() { Navigation::activateItem('/evaluation/pool'); diff --git a/app/controllers/evaluation/profiles.php b/app/controllers/evaluation/profiles.php index 06e7555..72bd6f6 100644 --- a/app/controllers/evaluation/profiles.php +++ b/app/controllers/evaluation/profiles.php @@ -1,6 +1,16 @@ <?php class Evaluation_ProfilesController extends AuthenticatedController { + public function before_filter(&$action, &$args) + { + parent::before_filter($action, $args); + $current_user = User::findCurrent(); + if (!($current_user->hasPermissionLevel('root') || + $current_user->hasRole('Zentraler Evaluationsadmin'))) { + throw new AccessDeniedException(); + } + } + public function index_action(): void { Navigation::activateItem('/evaluation/profiles'); |