do not use controller for access control, because there is no controller

op/op.SendNotification.php

@@ -27,12 +27,8 @@ include("../inc/inc.Extension.php");
 include("../inc/inc.DBInit.php");
 include("../inc/inc.Authentication.php");
 include("../inc/inc.ClassUI.php");
-include("../inc/inc.ClassController.php");
 
-$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
-$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
-$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
-if (!$accessop->check_controller_access($controller, $_GET)) {
+if (!$user->isAdmin()) {
 	header('Content-Type: application/json');
 	echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied')));
 	exit;