From 0953c251e8a8e4631c6e9653d7f445984cb64239 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 25 Mar 2026 19:30:31 +0100
Subject: [PATCH] do not use controller for access control, because there is no
 controller

---
 op/op.SendNotification.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/op/op.SendNotification.php b/op/op.SendNotification.php
index 0fbd3b076..18d2a0203 100644
--- a/op/op.SendNotification.php
+++ b/op/op.SendNotification.php
@@ -27,12 +27,8 @@ include("../inc/inc.Extension.php");
 include("../inc/inc.DBInit.php");
 include("../inc/inc.Authentication.php");
 include("../inc/inc.ClassUI.php");
-include("../inc/inc.ClassController.php");
 
-$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
-$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
-$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
-if (!$accessop->check_controller_access($controller, $_GET)) {
+if (!$user->isAdmin()) {
 	header('Content-Type: application/json');
 	echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied')));
 	exit;