aboutsummaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/evaluation/archive.php10
-rw-r--r--app/controllers/evaluation/pool.php10
-rw-r--r--app/controllers/evaluation/profiles.php10
3 files changed, 30 insertions, 0 deletions
diff --git a/app/controllers/evaluation/archive.php b/app/controllers/evaluation/archive.php
index b953e53..f659fe8 100644
--- a/app/controllers/evaluation/archive.php
+++ b/app/controllers/evaluation/archive.php
@@ -1,6 +1,16 @@
<?php
class Evaluation_ArchiveController extends AuthenticatedController
{
+ public function before_filter(&$action, &$args)
+ {
+ parent::before_filter($action, $args);
+ $current_user = User::findCurrent();
+ if (!($current_user->hasPermissionLevel('root') ||
+ $current_user->hasRole('Zentraler Evaluationsadmin'))) {
+ throw new AccessDeniedException();
+ }
+ }
+
public function index_action()
{
Navigation::activateItem('/evaluation/archive');
diff --git a/app/controllers/evaluation/pool.php b/app/controllers/evaluation/pool.php
index 5e01fd6..6b25e32 100644
--- a/app/controllers/evaluation/pool.php
+++ b/app/controllers/evaluation/pool.php
@@ -1,6 +1,16 @@
<?php
class Evaluation_PoolController extends AuthenticatedController
{
+ public function before_filter(&$action, &$args)
+ {
+ parent::before_filter($action, $args);
+ $current_user = User::findCurrent();
+ if (!($current_user->hasPermissionLevel('root') ||
+ $current_user->hasRole('Zentraler Evaluationsadmin'))) {
+ throw new AccessDeniedException();
+ }
+ }
+
public function index_action()
{
Navigation::activateItem('/evaluation/pool');
diff --git a/app/controllers/evaluation/profiles.php b/app/controllers/evaluation/profiles.php
index 06e7555..72bd6f6 100644
--- a/app/controllers/evaluation/profiles.php
+++ b/app/controllers/evaluation/profiles.php
@@ -1,6 +1,16 @@
<?php
class Evaluation_ProfilesController extends AuthenticatedController
{
+ public function before_filter(&$action, &$args)
+ {
+ parent::before_filter($action, $args);
+ $current_user = User::findCurrent();
+ if (!($current_user->hasPermissionLevel('root') ||
+ $current_user->hasRole('Zentraler Evaluationsadmin'))) {
+ throw new AccessDeniedException();
+ }
+ }
+
public function index_action(): void
{
Navigation::activateItem('/evaluation/profiles');
generated by cgit v1.0 at 2026-05-27 06:47:15 +0000