From a42ef8eb90b8063d04b87f3b5e9f23d69996ee2b Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Wed, 4 Apr 2018 07:30:44 +0000
Subject: [PATCH] =?UTF-8?q?(Retrofit=20from=20trunk)=20N=C2=B01328=20Fix?=
 =?UTF-8?q?=20CSV=20import=20:=20check=20if=20user=20has=20rights=20on=20i?=
 =?UTF-8?q?mported=20class=20(r5597)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SVN:2.2.0[5601]
---
 pages/csvimport.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pages/csvimport.php b/pages/csvimport.php
index 1c4d5af6d..4f86594cc 100644
--- a/pages/csvimport.php
+++ b/pages/csvimport.php
@@ -191,6 +191,13 @@ try
 	 */
 	function ProcessCSVData(WebPage $oPage, $bSimulate = true)
 	{
+		$sClassName = utils::ReadParam('class_name', '', false, 'class');
+		// Class access right check for the import
+		if (UserRights::IsActionAllowed($sClassName, UR_ACTION_MODIFY) == UR_ALLOWED_NO)
+		{
+			throw new CoreException(Dict::S('UI:ActionNotAllowed'));
+		}
+
 		$aResult = array();
 		$sCSVData = utils::ReadParam('csvdata', '', false, 'raw_data');
 		$sCSVDataTruncated = utils::ReadParam('csvdata_truncated', '', false, 'raw_data');
@@ -202,7 +209,6 @@ try
 		{
 			$iSkippedLines = utils::ReadParam('nb_skipped_lines', '0');
 		}
-		$sClassName = utils::ReadParam('class_name', '', false, 'class');
 		$aFieldsMapping = utils::ReadParam('field', array(), false, 'raw_data');
 		$aSearchFields = utils::ReadParam('search_field', array(), false, 'field_name');
 		$iCurrentStep = $bSimulate ? 4 : 5;