Use existing Request method w/ correct logic for limiting widgetize access. (#16871)

author: diosmosis <diosmosis@users.noreply.github.com> 2020-12-03 03:01:57 +0300
committer: GitHub <noreply@github.com> 2020-12-03 03:01:57 +0300
commit: ba9d657b89f08bfbcbd316fde127e0a53bc1a00b (patch)
tree: 4d1c34dcd00bef7999ae727f8e35936b6b66f59f /plugins/Widgetize
parent: 7975de828c21d28b43120934e01ceba904557482 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/plugins/Widgetize/Controller.php b/plugins/Widgetize/Controller.php
index e76d8b7e5f..e7f5aae299 100644
--- a/plugins/Widgetize/Controller.php
+++ b/plugins/Widgetize/Controller.php
@@ -9,6 +9,7 @@
 namespace Piwik\Plugins\Widgetize;
 
 use Piwik\Access;
+use Piwik\API\Request;
 use Piwik\Common;
 use Piwik\Container\StaticContainer;
 use Piwik\FrontController;
@@ -31,11 +32,10 @@ class Controller extends \Piwik\Plugin\Controller
 
     public function iframe()
     {
+        // also called by FrontController, we call it explicitly as a safety measure in case something changes in the future
         $token_auth = Common::getRequestVar('token_auth', '', 'string');
-
-        if ($token_auth !== ''
-            && Access::getInstance()->isUserHasSomeWriteAccess()) {
-            throw new \Exception(Piwik::translate('Widgetize_ViewAccessRequired'));
+        if (!empty($token_auth)) {
+            Request::checkTokenAuthIsNotLimited('Widgetize', 'iframe');
         }
 
         $this->init();
author	diosmosis <diosmosis@users.noreply.github.com>	2020-12-03 03:01:57 +0300
committer	GitHub <noreply@github.com>	2020-12-03 03:01:57 +0300
commit	ba9d657b89f08bfbcbd316fde127e0a53bc1a00b (patch)
tree	4d1c34dcd00bef7999ae727f8e35936b6b66f59f /plugins/Widgetize
parent	7975de828c21d28b43120934e01ceba904557482 (diff)