From dc013e397db9aefd025cb1b0acfe3f324dd12bbe Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 5 Mar 2012 16:33:01 +0100
Subject: [PATCH] Validation of permissions now properly work

Fixes #442
---
 .../files/lib/page/AbstractPage.class.php       | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/wcfsetup/install/files/lib/page/AbstractPage.class.php b/wcfsetup/install/files/lib/page/AbstractPage.class.php
index 0681049295..7e38cb791c 100644
--- a/wcfsetup/install/files/lib/page/AbstractPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractPage.class.php
@@ -2,6 +2,7 @@
 namespace wcf\page;
 use wcf\system\event\EventHandler;
 use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\WCF;
 
 /**
@@ -113,9 +114,19 @@ abstract class AbstractPage implements IPage {
 		// call checkPermissions event
 		EventHandler::getInstance()->fireAction($this, 'checkPermissions');
 		
-		// check permission
-		if (count($this->neededPermissions)) {
-			WCF::getSession()->checkPermissions($this->neededPermissions);
+		// check permission, it is sufficient to have at least one permission
+		if (!empty($this->neededPermissions)) {
+			$hasPermissions = false;
+			foreach ($this->neededPermissions as $permission) {
+				if (WCF::getSession()->getPermission($permission)) {
+					$hasPermissions = true;
+					break;
+				}
+			}
+			
+			if (!$hasPermissions) {
+				throw new PermissionDeniedException();
+			}
 		}
 	}
 	
-- 
2.20.1