From 1ef31d27c7b37b933f7fd0f7977d23ee186204d5 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 18 Apr 2018 17:26:05 -0700
Subject: relax restrictions to the design tools menu to allow those with
 write_pages permission; this doesn't fix the underlying modules though as
 there are some potential security issues at the moment.

---
 Zotlabs/Widget/Design_tools.php | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

(limited to 'Zotlabs/Widget/Design_tools.php')

diff --git a/Zotlabs/Widget/Design_tools.php b/Zotlabs/Widget/Design_tools.php
index 8ab6a235d..a15c0c98d 100644
--- a/Zotlabs/Widget/Design_tools.php
+++ b/Zotlabs/Widget/Design_tools.php
@@ -6,16 +6,9 @@ class Design_tools {
 
 	function widget($arr) {
 
-		// mod menu doesn't load a profile. For any modules which load a profile, check it.
-		// otherwise local_channel() is sufficient for permissions.
+		if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
+			return design_tools();
 
-		if(\App::$profile['profile_uid'])
-			if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
-				return '';
-
-		if(! local_channel())
-			return '';
-
-		return design_tools();
+		return EMPTY_STR;
 	}
 }
\ No newline at end of file
-- 
cgit v1.2.3