From d6bec7a7dba66e8312305eb50bdad73299c533e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 30 Jun 2015 06:28:48 -0400
Subject: [PATCH] - fixed access check in client templates and mail content filters

---
 interface/web/client/client_template_list.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/web/client/client_template_list.php b/interface/web/client/client_template_list.php
index c87cea0..70cdc80 100644
--- a/interface/web/client/client_template_list.php
+++ b/interface/web/client/client_template_list.php
@@ -41,7 +41,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('listform_actions');
 $app->listform_actions->SQLOrderBy = 'ORDER BY client_template.template_name';

--
Gitblit v1.9.1