Moved check to FavoritesAction; we don't want to break public lists.

ae5ec8d6 · Demian Katz · e191b679 · ae5ec8d6
Commit ae5ec8d6 authored 7 years ago by Demian Katz
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -466,6 +466,12 @@ class MyResearchController extends AbstractBase
     */
    public function favoritesAction()
    {
+        // Check permission:
+        $response = $this->permission()->check('feature.Favorites', 'promptLogin');
+        if (is_object($response)) {
+            return $response;
+        }
+
        // Favorites is the same as MyList, but without the list ID parameter.
        return $this->forwardTo('MyResearch', 'MyList');
    }
@@ -706,12 +712,6 @@ class MyResearchController extends AbstractBase
            throw new ForbiddenException('Lists disabled');
        }

-        // Check permission:
-        $response = $this->permission()->check('feature.Favorites', 'promptLogin');
-        if (is_object($response)) {
-            return $response;
-        }
-
        // Check for "delete item" request; parameter may be in GET or POST depending
        // on calling context.
        $deleteId = $this->params()->fromPost(