From 3b0d239a00a400136114d14651e8a81173153781 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 15 Jun 2015 14:17:16 +0200
Subject: [PATCH] propperly check for access right

---
 op/op.ApproveDocument.php   | 2 +-
 op/op.ReviewDocument.php    | 2 +-
 out/out.ApproveDocument.php | 2 +-
 out/out.ReviewDocument.php  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/op/op.ApproveDocument.php b/op/op.ApproveDocument.php
index 4060636b9..eb4680883 100644
--- a/op/op.ApproveDocument.php
+++ b/op/op.ApproveDocument.php
@@ -72,7 +72,7 @@ if ($latestContent->getVersion()!=$version) {
 $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
 
 // verify if document may be approved
-if ($accessop->mayApprove()){
+if (!$accessop->mayApprove()){
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
 }
 
diff --git a/op/op.ReviewDocument.php b/op/op.ReviewDocument.php
index c0afc95b8..abf1519e6 100644
--- a/op/op.ReviewDocument.php
+++ b/op/op.ReviewDocument.php
@@ -68,7 +68,7 @@ if ($latestContent->getVersion()!=$version) {
 $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
 
 // verify if document may be reviewed
-if ($accessop->mayReview()){
+if (!$accessop->mayReview()){
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
 }
 
diff --git a/out/out.ApproveDocument.php b/out/out.ApproveDocument.php
index 49b580602..110e3c5f0 100644
--- a/out/out.ApproveDocument.php
+++ b/out/out.ApproveDocument.php
@@ -61,7 +61,7 @@ if ($latestContent->getVersion()!=$version) {
 }
 
 // verify if document may be approved
-if ($accessop->mayApprove()){
+if (!$accessop->mayApprove()){
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
 }
 
diff --git a/out/out.ReviewDocument.php b/out/out.ReviewDocument.php
index ac80d12a7..4fab1c9dd 100644
--- a/out/out.ReviewDocument.php
+++ b/out/out.ReviewDocument.php
@@ -61,7 +61,7 @@ if ($latestContent->getVersion()!=$version) {
 $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
 
 // verify if document may be reviewed
-if ($accessop->mayReview()){
+if (!$accessop->mayReview()){
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
 }