Skip to content

Commit

Permalink
Check user rights for form
Browse files Browse the repository at this point in the history 
This check should prevent the access denied error described in ctsit#79.

Currently always checks against the logged in user and ignores the
"View project as user" option.
  • Loading branch information
Ubuntu committed Aug 11, 2020
1 parent bc7413b commit dd73971
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion ExternalModule.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,7 @@ protected function loadFRSL($location, $record = null, $event_id = null, $instru

$next_step_path = '';
$forms_access = $this->getFormsAccessMatrix($event_id, $record);
$user_rights_forms = reset(REDCap::getUserRights(USERID))['forms'];

if ($record && $event_id && $instrument) {
$instruments = $Proj->eventsForms[$event_id];
Expand All @@ -405,7 +406,7 @@ protected function loadFRSL($location, $record = null, $event_id = null, $instru
$len = count($instruments);

while ($i < $len) {
if ($curr_forms_access[$instruments[$i]]) {
if ($curr_forms_access[$instruments[$i]] && $user_rights_forms[$instruments[$i]]) {
$next_instrument = $instruments[$i];
break;
}
Expand Down

0 comments on commit dd73971

Please sign in to comment.