From e6722d9024bd252dc907f1cb63c775cffdde99fb Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Wed, 8 Feb 2017 17:39:22 +0100
Subject: [PATCH] ProcessController: add missing permission checks

refs #107
---
 application/controllers/ProcessController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/application/controllers/ProcessController.php b/application/controllers/ProcessController.php
index de3b547..29d79ab 100644
--- a/application/controllers/ProcessController.php
+++ b/application/controllers/ProcessController.php
@@ -56,6 +56,8 @@ class ProcessController extends Controller
      */
     public function uploadAction()
     {
+        $this->assertPermission('businessprocess/create');
+
         $title = $this->translate('Upload a Business Process Config file');
         $this->setTitle($title);
         $this->controls()
@@ -308,6 +310,8 @@ class ProcessController extends Controller
      */
     public function sourceAction()
     {
+        $this->assertPermission('businessprocess/modify');
+
         $bp = $this->loadModifiedBpConfig();
         $this->view->showDiff = $showDiff = (bool) $this->params->get('showDiff', false);
 
@@ -342,6 +346,8 @@ class ProcessController extends Controller
      */
     public function downloadAction()
     {
+        $this->assertPermission('businessprocess/modify');
+
         $config = $this->loadModifiedBpConfig();
         $response = $this->getResponse();
         $response->setHeader(
@@ -362,6 +368,8 @@ class ProcessController extends Controller
      */
     public function configAction()
     {
+        $this->assertPermission('businessprocess/modify');
+
         $bp = $this->loadModifiedBpConfig();
 
         $title = sprintf(