Skip to content

Commit de850cd

Browse files
atiq-bs23atiqur-foyshal-cefalo
atiq-bs23
and
atiqur-foyshal-cefalo
authored
#8057 Missing permission check for Omnisend plugin configuration page
Co-authored-by: Atiqur Rahman Foyshal <atiqur@fished.com>
1 parent f90828f commit de850cd

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

src/Plugins/Nop.Plugin.Misc.Omnisend/Controllers/OmnisendAdminController.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
using Nop.Services.Configuration;
66
using Nop.Services.Localization;
77
using Nop.Services.Messages;
8+
using Nop.Services.Security;
89
using Nop.Web.Framework;
910
using Nop.Web.Framework.Controllers;
1011
using Nop.Web.Framework.Mvc.Filters;
@@ -70,6 +71,7 @@ bool needBlock(BatchResponse response, string endpoint)
7071

7172
#region Methods
7273

74+
[CheckPermission(StandardPermission.Configuration.MANAGE_PLUGINS)]
7375
public async Task<IActionResult> Configure()
7476
{
7577
var model = new ConfigurationModel
@@ -85,6 +87,7 @@ public async Task<IActionResult> Configure()
8587

8688
[HttpPost, ActionName("Configure")]
8789
[FormValueRequired("save")]
90+
[CheckPermission(StandardPermission.Configuration.MANAGE_PLUGINS)]
8891
public async Task<IActionResult> Configure(ConfigurationModel model)
8992
{
9093
if (!ModelState.IsValid)
@@ -119,6 +122,7 @@ public async Task<IActionResult> Configure(ConfigurationModel model)
119122

120123
[HttpPost, ActionName("Configure")]
121124
[FormValueRequired("sync-contacts")]
125+
[CheckPermission(StandardPermission.Configuration.MANAGE_PLUGINS)]
122126
public async Task<IActionResult> SyncContacts()
123127
{
124128
if (!ModelState.IsValid || string.IsNullOrEmpty(_omnisendSettings.BrandId))
@@ -131,6 +135,7 @@ public async Task<IActionResult> SyncContacts()
131135

132136
[HttpPost, ActionName("Configure")]
133137
[FormValueRequired("sync-products")]
138+
[CheckPermission(StandardPermission.Configuration.MANAGE_PLUGINS)]
134139
public async Task<IActionResult> SyncProducts()
135140
{
136141
if (!ModelState.IsValid || string.IsNullOrEmpty(_omnisendSettings.BrandId))
@@ -144,6 +149,7 @@ public async Task<IActionResult> SyncProducts()
144149

145150
[HttpPost, ActionName("Configure")]
146151
[FormValueRequired("sync-orders")]
152+
[CheckPermission(StandardPermission.Configuration.MANAGE_PLUGINS)]
147153
public async Task<IActionResult> SyncOrders()
148154
{
149155
if (!ModelState.IsValid || string.IsNullOrEmpty(_omnisendSettings.BrandId))

src/Plugins/Nop.Plugin.Misc.Omnisend/plugin.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"Group": "Misc",
33
"FriendlyName": "Omnisend",
44
"SystemName": "Misc.Omnisend",
5-
"Version": "5.00.1",
5+
"Version": "5.00.2",
66
"SupportedVersions": [ "5.00" ],
77
"Author": "nopCommerce team",
88
"DisplayOrder": 1,

0 commit comments

Comments
 (0)