From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 5 Mar 2012 15:33:01 +0000 (+0100)
Subject: Validation of permissions now properly work
X-Git-Tag: 2.0.0_Beta_1~1252
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=dc013e397db9aefd025cb1b0acfe3f324dd12bbe;p=GitHub%2FWoltLab%2FWCF.git

Validation of permissions now properly work

Fixes #442
---

diff --git a/wcfsetup/install/files/lib/page/AbstractPage.class.php b/wcfsetup/install/files/lib/page/AbstractPage.class.php
index 0681049295..7e38cb791c 100644
--- a/wcfsetup/install/files/lib/page/AbstractPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractPage.class.php
@@ -2,6 +2,7 @@
 namespace wcf\page;
 use wcf\system\event\EventHandler;
 use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\WCF;
 
 /**
@@ -113,9 +114,19 @@ abstract class AbstractPage implements IPage {
 		// call checkPermissions event
 		EventHandler::getInstance()->fireAction($this, 'checkPermissions');
 		
-		// check permission
-		if (count($this->neededPermissions)) {
-			WCF::getSession()->checkPermissions($this->neededPermissions);
+		// check permission, it is sufficient to have at least one permission
+		if (!empty($this->neededPermissions)) {
+			$hasPermissions = false;
+			foreach ($this->neededPermissions as $permission) {
+				if (WCF::getSession()->getPermission($permission)) {
+					$hasPermissions = true;
+					break;
+				}
+			}
+			
+			if (!$hasPermissions) {
+				throw new PermissionDeniedException();
+			}
 		}
 	}