From: <ch...@us...> - 2012-03-13 14:22:38
|
Revision: 40137 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=40137&view=rev Author: chealer Date: 2012-03-13 14:22:26 +0000 (Tue, 13 Mar 2012) Log Message: ----------- [FIX] Trackers: Do not allow duplicating a tracker on which you don't have administrative privileges Modified Paths: -------------- trunk/lib/core/Services/Tracker/Controller.php Modified: trunk/lib/core/Services/Tracker/Controller.php =================================================================== --- trunk/lib/core/Services/Tracker/Controller.php 2012-03-13 14:19:28 UTC (rev 40136) +++ trunk/lib/core/Services/Tracker/Controller.php 2012-03-13 14:22:26 UTC (rev 40137) @@ -731,8 +731,8 @@ function action_duplicate($input) { $trackerId = $input->trackerId->int(); - - if (! Perms::get()->admin_trackers) { + $perms = Perms::get('tracker', $trackerId); + if (! $perms->admin_trackers || ! Perms::get()->admin_trackers) { throw new Services_Exception(tr('Reserved to tracker administrators'), 403); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |