summaryrefslogtreecommitdiff
path: root/app/Module/TimelineChartModule.php
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@webtrees.net>2019-01-26 20:43:27 +0000
committerGreg Roach <fisharebest@webtrees.net>2019-01-26 20:43:42 +0000
commit9867b2f0bfec6864e75b2501f3e96895ff42db48 (patch)
tree16265135f2a4eafbb3fa113c4923a21e272d85d6 /app/Module/TimelineChartModule.php
parent90d97cc88e321b41c62772619e24b8ab9bbc6cae (diff)
downloadwebtrees-9867b2f0bfec6864e75b2501f3e96895ff42db48.tar.gz
webtrees-9867b2f0bfec6864e75b2501f3e96895ff42db48.tar.bz2
webtrees-9867b2f0bfec6864e75b2501f3e96895ff42db48.zip
Prevent users typing direct URLs to charts that are enabled, but are above their access level
Diffstat (limited to 'app/Module/TimelineChartModule.php')
-rw-r--r--app/Module/TimelineChartModule.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/app/Module/TimelineChartModule.php b/app/Module/TimelineChartModule.php
index 162ad05768..8ab9cb327b 100644
--- a/app/Module/TimelineChartModule.php
+++ b/app/Module/TimelineChartModule.php
@@ -17,12 +17,14 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Module;
+use Fisharebest\Webtrees\Auth;
use Fisharebest\Webtrees\Date\GregorianDate;
use Fisharebest\Webtrees\Functions\Functions;
use Fisharebest\Webtrees\GedcomRecord;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Tree;
+use Fisharebest\Webtrees\User;
use Illuminate\Support\Collection;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@@ -107,11 +109,14 @@ class TimelineChartModule extends AbstractModule implements ModuleChartInterface
*
* @param Request $request
* @param Tree $tree
+ * @param User $user
*
* @return Response
*/
- public function getChartAction(Request $request, Tree $tree): Response
+ public function getChartAction(Request $request, Tree $tree, User $user): Response
{
+ Auth::checkComponentAccess($this, 'chart', $tree, $user);
+
$ajax = (bool) $request->get('ajax');
$scale = (int) $request->get('scale', self::SCALE_DEFAULT);
$scale = min($scale, self::SCALE_MAX);