From e0dc711c2b2dc4e2ec397d7f53910f11e1ca4ade Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 02 Sep 2013 04:14:56 -0400
Subject: [PATCH] - Changed previous commit to check for read permissions only on download action

---
 interface/lib/classes/plugin_backuplist.inc.php |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index 5c0ab58..78c27fb 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -58,7 +58,10 @@
 					//* check if the user is  owner of the parent domain
 					$domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
 					
-					$get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$this->getAuthSQL('u'));
+                    $check_perm = 'u';
+                    if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
+                    
+					$get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$this->getAuthSQL($check_perm));
 					if(empty($get_domain) || !$get_domain) {
 						$app->error($app->tform->lng('no_domain_perm'));
 					}

--
Gitblit v1.9.1