diff --git a/app/controllers/resources/room_planning.php b/app/controllers/resources/room_planning.php
index 37e9193023080abd0809f0ae49ae7b29915a4900..6d6c92249a7560bf73640f4ba19d465d546180ae 100644
--- a/app/controllers/resources/room_planning.php
+++ b/app/controllers/resources/room_planning.php
@@ -22,11 +22,13 @@
*/
class Resources_RoomPlanningController extends AuthenticatedController
{
+ protected $allow_nobody = true;
+
public function before_filter(&$action, &$args)
{
$anonymous_actions = ['booking_plan', 'anonymous_booking_plan_data'];
- if (in_array($action, $anonymous_actions)) {
- $this->allow_nobody = true;
+ if (!in_array($action, $anonymous_actions) && $GLOBALS['user']->id === 'nobody') {
+ throw new AccessDeniedException();
}
parent::before_filter($action, $args);
}
diff --git a/app/controllers/room_management/overview.php b/app/controllers/room_management/overview.php
index e9bae53963659482e72149bc29cf211125cd16eb..de50457db3ea79eeaccc5155f02062ead04b2858 100644
--- a/app/controllers/room_management/overview.php
+++ b/app/controllers/room_management/overview.php
@@ -26,14 +26,12 @@
*/
class RoomManagement_OverviewController extends AuthenticatedController
{
+ protected $allow_nobody = true;
+
public function before_filter(&$action, &$args)
{
- if ($action === 'public_booking_plans') {
- if (Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) {
- $this->allow_nobody = true;
- } else {
- throw new AccessDeniedException();
- }
+ if ($action !== 'public_booking_plans' && $GLOBALS['user']->id === 'nobody') {
+ throw new AccessDeniedException();
}
parent::before_filter($action, $args);
@@ -434,6 +432,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
*/
public function public_booking_plans_action()
{
+ if (!Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) {
+ throw new AccessDeniedException();
+ }
if (Navigation::hasItem('/resources/overview/public_booking_plans')) {
Navigation::activateItem('/resources/overview/public_booking_plans');
}