From 4f8f2324b23a8ed66c1e8a5739de17085be4a089 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 17 Jun 2021 14:09:34 +0200 Subject: [PATCH] Set __isLogin if a logged-in user lacks `admin.general.canUseAcp` Resolves #4307 --- .../install/files/lib/system/WCFACP.class.php | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php index 018707978f..1ae1883947 100644 --- a/wcfsetup/install/files/lib/system/WCFACP.class.php +++ b/wcfsetup/install/files/lib/system/WCFACP.class.php @@ -10,6 +10,7 @@ use wcf\system\application\ApplicationHandler; use wcf\system\cache\builder\ACPSearchProviderCacheBuilder; use wcf\system\event\EventHandler; use wcf\system\exception\AJAXException; +use wcf\system\exception\NamedUserException; use wcf\system\exception\PermissionDeniedException; use wcf\system\exception\SystemException; use wcf\system\request\LinkHandler; @@ -179,19 +180,25 @@ class WCFACP extends WCF exit; } else { $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; - // work-around for AJAX-requests within ACP - if ($isAjax) { - try { - WCF::getSession()->checkPermissions(['admin.general.canUseAcp']); - } catch (PermissionDeniedException $e) { + + try { + WCF::getSession()->checkPermissions(['admin.general.canUseAcp']); + } catch (PermissionDeniedException $e) { + self::getTPL()->assign([ + '__isLogin' => true, + ]); + + if ($isAjax) { throw new AJAXException( self::getLanguage()->getDynamicVariable('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS, $e->getTraceAsString() ); + } else { + throw new NamedUserException( + self::getLanguage()->getDynamicVariable('wcf.user.username.error.acpNotAuthorized') + ); } - } else { - WCF::getSession()->checkPermissions(['admin.general.canUseAcp']); } if (WCF::getSession()->needsReauthentication()) { -- 2.20.1