From ba4dd7ddb9b009cd6eabea5391f385ce540e7651 Mon Sep 17 00:00:00 2001
From: Nicolas Le Goff <legoff@alchemy.fr>
Date: Tue, 17 Jan 2012 16:31:57 +0100
Subject: [PATCH] raise unauthorized exception when authenticated user do not
 have proper rights

---
 .../Phrasea/Helper/Record/MoveCollection.php      | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php b/lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php
index 15b0819a93..2e67f1926e 100644
--- a/lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php
+++ b/lib/Alchemy/Phrasea/Helper/Record/MoveCollection.php
@@ -100,10 +100,18 @@ class MoveCollection extends RecordHelper
     $appbox = \appbox::get_instance();
     $user = $this->getCore()->getAuthenticatedUser();
 
+    $baseId = $request->get('base_id');
+    
     $base_dest =
-            $user->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord') ?
+            $user->ACL()->has_right_on_base($baseId, 'canaddrecord') ?
             $request->get('base_id') : false;
-
+    
+    if(!$user->ACL()->has_right_on_base($baseId, 'canaddrecord'))
+    {
+      throw new \Exception_Unauthorized(sprintf("%s do not have the permission to move records to %s", $user->get_login()));
+    }
+    
+    
     if (!$this->is_possible())
       throw new Exception('This action is not possible');
 
@@ -122,7 +130,8 @@ class MoveCollection extends RecordHelper
         }
       }
     }
-
+    
+    
     $collection = \collection::get_from_base_id($base_dest);
 
     foreach ($this->selection as $record)