diff options
| author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-08-07 10:31:23 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-07 10:31:23 +0300 |
| commit | a3864f48524ffb4198284bd3912c4c3d0c5104c9 (patch) | |
| tree | a48666aff9d120b0bc656c77bd8839798c0f3dc2 /plugins/Widgetize | |
| parent | f5e9420a987340b036fa342e876ab92e314f4ec7 (diff) | |
require only view access for embedded widgets when using tokens (#16264)
Diffstat (limited to 'plugins/Widgetize')
| -rw-r--r-- | plugins/Widgetize/Controller.php | 4 | ||||
| -rw-r--r-- | plugins/Widgetize/lang/en.json | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/plugins/Widgetize/Controller.php b/plugins/Widgetize/Controller.php index 6a8376b16e..d0ef5187c8 100644 --- a/plugins/Widgetize/Controller.php +++ b/plugins/Widgetize/Controller.php @@ -33,7 +33,9 @@ class Controller extends \Piwik\Plugin\Controller { $token_auth = Common::getRequestVar('token_auth', '', 'string'); - if (!empty($token_auth) && Access::getInstance()->isUserHasSomeAdminAccess() && !defined('PIWIK_TEST_MODE')) { + if ($token_auth !== '' + && Access::getInstance()->isUserHasSomeAdminAccess() + && !defined('PIWIK_TEST_MODE')) { throw new \Exception(Piwik::translate('Widgetize_ViewAccessRequired')); } diff --git a/plugins/Widgetize/lang/en.json b/plugins/Widgetize/lang/en.json index ea11346dd0..589df08bfe 100644 --- a/plugins/Widgetize/lang/en.json +++ b/plugins/Widgetize/lang/en.json @@ -2,6 +2,7 @@ "Widgetize": { "OpenInNewWindow": "Open in a new window", "PluginDescription": "Display any Matomo report in your website or app with a simple Embed HTML tag.", + "ViewAccessRequired": "This user has at least some write access. Only tokens of users who have only view access can be used.", "TopLinkTooltip": "Export Matomo Reports as Widgets and embed the Dashboard in your app as an iframe." } }
\ No newline at end of file |