Mehr Frieden -General Kyrylo Budanov:

[kivitendo-erp.git] / SL / Auth.pm

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 2898222..6be6933 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -879,7 +879,7 @@ sub get_session_value {
   ($self->{SESSION}{$key} //= SL::Auth::SessionValue->new(auth => $self, key => $key))->get
 }
 
-sub create_unique_sesion_value {
+sub create_unique_session_value {
   my ($self, $value, %params) = @_;
 
   $self->{SESSION} ||= { };
@@ -912,7 +912,7 @@ sub save_form_in_session {
     $data->{$key} = $form->{$key} if !ref($form->{$key}) || $non_scalars;
   }
 
-  return $self->create_unique_sesion_value($data, %params);
+  return $self->create_unique_session_value($data, %params);
 }
 
 sub restore_form_from_session {
@@ -1126,6 +1126,8 @@ sub evaluate_rights_ary {
   my $negate = 0;
 
   foreach my $el (@{$ary}) {
+    next unless defined $el;
+
     if (ref $el eq "ARRAY") {
       my $val = evaluate_rights_ary($el);
       $val    = !$val if $negate;
@@ -1227,6 +1229,15 @@ sub check_right {
   return $granted;
 }
 
+sub deny_access {
+  my ($self) = @_;
+
+  $::dispatcher->reply_with_json_error(error => 'access') if $::request->type eq 'json';
+
+  delete $::form->{title};
+  $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
+}
+
 sub assert {
   my ($self, $right, $dont_abort) = @_;
 
@@ -1235,8 +1246,7 @@ sub assert {
   }
 
   if (!$dont_abort) {
-    delete $::form->{title};
-    $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
+    $self->deny_access;
   }
 
   return 0;
@@ -1322,7 +1332,7 @@ The values can be any Perl structure. They are stored as YAML dumps.
 Retrieve a value from the session. Returns C<undef> if the value
 doesn't exist.
 
-=item C<create_unique_sesion_value $value, %params>
+=item C<create_unique_session_value $value, %params>
 
 Create a unique key in the session and store C<$value>
 there.
@@ -1338,7 +1348,7 @@ setters nor the deleter access the database.
 =item C<save_form_in_session %params>
 
 Stores the content of C<$params{form}> (default: C<$::form>) in the
-session using L</create_unique_sesion_value>.
+session using L</create_unique_session_value>.
 
 If C<$params{non_scalars}> is trueish then non-scalar values will be
 stored as well. Default is to only store scalar values.