X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=33007a4171dd348064cff3ee6ae687b9c5937c5a;hb=60dcd6c0c1abb2e06d31c4d46863fc09556ccd7b;hp=2898222aa64ae8a8745a45c2625b25878ee6cc2d;hpb=48c71a4b51f5359a7ab7e9bc51280baf9bc9b9b2;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 2898222aa..33007a417 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -1126,6 +1126,8 @@ sub evaluate_rights_ary {
   my $negate = 0;
 
   foreach my $el (@{$ary}) {
+    next unless defined $el;
+
     if (ref $el eq "ARRAY") {
       my $val = evaluate_rights_ary($el);
       $val    = !$val if $negate;
@@ -1227,6 +1229,15 @@ sub check_right {
   return $granted;
 }
 
+sub deny_access {
+  my ($self) = @_;
+
+  $::dispatcher->reply_with_json_error(error => 'access') if $::request->type eq 'json';
+
+  delete $::form->{title};
+  $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
+}
+
 sub assert {
   my ($self, $right, $dont_abort) = @_;
 
@@ -1235,8 +1246,7 @@ sub assert {
   }
 
   if (!$dont_abort) {
-    delete $::form->{title};
-    $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
+    $self->deny_access;
   }
 
   return 0;