From bc0de8ec5358cb9db531625b101ba69b059a44f1 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Wed, 30 Nov 2022 11:22:43 +0100 Subject: [PATCH] Add a missing condition on permissions in Calendar.php --- application/controllers/Calendar.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php index 6ba4efb1..d2d830a9 100644 --- a/application/controllers/Calendar.php +++ b/application/controllers/Calendar.php @@ -494,6 +494,13 @@ class Calendar extends EA_Controller { { try { + $required_permissions = can('view', PRIV_APPOINTMENTS); + + if ( ! $required_permissions) + { + throw new RuntimeException('You do not have the required permissions for this task.'); + } + $start_date = request('start_date') . ' 00:00:00'; $end_date = request('end_date') . ' 23:59:59';