add missing access check for FolderNotify

views/bootstrap/class.Bootstrap.php

@@ -654,6 +654,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 			if ($accessMode == M_ALL) {
 				$menuitems['edit_folder_access'] = array('link'=>"../out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>'edit_folder_access');
 			}
+			if ($accessobject->check_view_access('FolderNotify'))
 			$menuitems['edit_existing_notify'] = array('link'=>"../out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>'edit_existing_notify');
 		}
 		if ($accessobject->check_view_access('Indexer') && $this->params['enablefullsearch']) {
@@ -682,6 +683,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 
 		if ($accessMode >= M_READWRITE) {
 			if (!$document->isLocked()) {
+				if($accessobject->check_controller_access('UpdateDocument'))
 					$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document');
 				if($accessobject->check_controller_access('LockDocument'))
 					$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid, 'label'=>'lock_document');
@@ -692,12 +694,14 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 						$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document');
 					}
 				}
+				if($accessobject->check_controller_access('EditDocument'))
 					$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid , 'label'=>'edit_document_props');
 				$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document');
 			}
 			else {
 				$lockingUser = $document->getLockingUser();
 				if (($lockingUser->getID() == $this->params['user']->getID()) || ($document->getAccessMode($this->params['user']) == M_ALL)) {
+					if($accessobject->check_controller_access('UpdateDocument'))
 						$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>'update_document');
 					if($accessobject->check_controller_access('UnlockDocument'))
 						$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid, 'label'=>'unlock_document');
@@ -708,6 +712,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 							$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>'checkout_document');
 						}
 					}
+					if($accessobject->check_controller_access('EditDocument'))
 						$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid, 'label'=>'edit_document_props');
 					$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document');
 				}
@@ -2275,8 +2280,10 @@ $(function() {
 	 * @return string html content if $return is true, otherwise an empty string
 	 */
 	function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */
+		$accessobject = $this->params['accessobject'];
 		$docid = $document->getID();
 		$content = '';
+		if ($accessobject->check_view_access('RemoveDocument'))
 			$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'"><i class="fa fa-remove"></i></a>';
 		if($return)
 			return $content;
@@ -2412,12 +2419,17 @@ $(function() {
 	} /* }}} */
 
 	function printLockButton($document, $msglock, $msgunlock, $return=false) { /* {{{ */
+		$accessobject = $this->params['accessobject'];
 		$docid = $document->getID();
 		if($document->isLocked()) {
+			if(!$accessobject->check_controller_access('UnlockDocument'))
+				return '';
 			$icon = 'unlock';
 			$msg = $msgunlock;
 			$title = 'unlock_document';
 		} else {
+			if(!$accessobject->check_controller_access('LockDocument'))
+				return '';
 			$icon = 'lock';
 			$msg = $msglock;
 			$title = 'lock_document';