diff options
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Admin.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index ea8633db0..fbd855333 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -669,6 +669,13 @@ sub report_edit : Path('report_edit') : Args(1) { $c->detach( '/page_error_404_not_found' ) unless $problem; + unless ( + $c->cobrand->moniker eq 'zurich' + || $c->user->has_permission_to(report_edit => $problem->bodies_str) + ) { + $c->detach( '/page_error_403_access_denied', [] ); + } + $c->stash->{problem} = $problem; $c->forward('/auth/get_csrf_token'); |