From 46f79301fa1f1c0776342aceaf9f700ad99e9b8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@fusiondirectory.org>
Date: Thu, 8 Oct 2020 14:59:06 +0200
Subject: [PATCH] :ambulance: fix(management) Check Action ACL when executing

This avoids having to check ACL for every action in management class

issue #6119
---
 include/management/actions/class_Action.inc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/management/actions/class_Action.inc b/include/management/actions/class_Action.inc
index bc9244c10..405bd43c8 100644
--- a/include/management/actions/class_Action.inc
+++ b/include/management/actions/class_Action.inc
@@ -157,6 +157,11 @@ class Action
     if ($this->callable === FALSE) {
       return;
     }
+    foreach ($action['targets'] as $targetDn) {
+      if (!$this->hasPermission($management->listing->getEntry($targetDn))) {
+        throw new FusionDirectoryException(sprintf(_('You are not allowed to execute action "%s" on target "%s"'), $this->name, $targetDn));
+      }
+    }
     if (count($action['targets']) < $this->minTargets) {
       throw new FusionDirectoryException(sprintf(_('Not enough targets (%d) passed for action "%s"'), count($action['targets']), $this->name));
     }
-- 
GitLab