runcode: fix HTTP callback httpRun not checking for permissions (#179)

* [runcode]: Fix HTTP callback `httpRun` not checking for permissions

* Remove unnessesary debug message

Author: Luxy.c

[admin]/runcode/server.lua

@@ -79,6 +79,14 @@ addCommandHandler("crun",
 -- http interface run export
 function httpRun(commandstring)
 	if not user then outputDebugString ( "httpRun can only be called via http", 2 ) return end
+	
+	-- check acl permission
+	local objectName = "user." .. getAccountName(user)
+	
+	if(not hasObjectPermissionTo(objectName, "command.srun", false)) then
+		return "Error: Permission denied"
+	end
+	
 	local notReturned
 	--First we test with return
 	local commandFunction,errorMsg = loadstring("return "..commandstring)