From 88b170dd5da37368c2c747ed9a4fe35737642d38 Mon Sep 17 00:00:00 2001 From: zhujinyong Date: Tue, 25 Dec 2012 03:31:08 +0000 Subject: [PATCH] * guest user has no priv of ajax functions. --- module/common/model.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/module/common/model.php b/module/common/model.php index a0bcedcbcb..65277ee6a9 100644 --- a/module/common/model.php +++ b/module/common/model.php @@ -139,8 +139,7 @@ class commonModel extends model if($module == 'user' and strpos('login|logout|deny', $method) !== false) return true; if($module == 'api' and $method == 'getsessionid') return true; - $logon = ($this->app->company->guest or $this->loadModel('user')->isLogon()); - if($logon and strpos($method, 'ajax') === 0) return true; + if($this->loadModel('user')->isLogon() and strpos($method, 'ajax') === 0) return true; if($module == 'misc' and $method == 'about') return true; if($module == 'misc' and $method == 'checkupdate') return true;