diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-08-11 01:39:06 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-11 01:39:06 +0300 |
commit | b09093780b6a906a0522bda2a8137ca280ab3f65 (patch) | |
tree | db5733daafaa9c6ef29b1c65af835f8ae9844f6b /plugins/Widgetize | |
parent | fc08d43ed00315180cdc2907a35086add7a04ad2 (diff) |
Only allow widgetize and token usage for view users (#16263)
Diffstat (limited to 'plugins/Widgetize')
-rw-r--r-- | plugins/Widgetize/Controller.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/plugins/Widgetize/Controller.php b/plugins/Widgetize/Controller.php index d0ef5187c8..e76d8b7e5f 100644 --- a/plugins/Widgetize/Controller.php +++ b/plugins/Widgetize/Controller.php @@ -34,8 +34,7 @@ class Controller extends \Piwik\Plugin\Controller $token_auth = Common::getRequestVar('token_auth', '', 'string'); if ($token_auth !== '' - && Access::getInstance()->isUserHasSomeAdminAccess() - && !defined('PIWIK_TEST_MODE')) { + && Access::getInstance()->isUserHasSomeWriteAccess()) { throw new \Exception(Piwik::translate('Widgetize_ViewAccessRequired')); } |