From 5d0f833a397a2ce937e25b6a7c0350fdabdac63c Mon Sep 17 00:00:00 2001
From: Christopher Darling <me@christopherdarling.co.uk>
Date: Tue, 15 Dec 2015 16:32:23 +0000
Subject: [PATCH] FIX: SS_Report canView should check permissions

... checks for ADMIN / CMS_ACCESS_ReportAdmin (from ReportAdmin)

fixes #13
---
 code/Report.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/code/Report.php b/code/Report.php
index fa7fe026..2248fb2a 100644
--- a/code/Report.php
+++ b/code/Report.php
@@ -308,8 +308,15 @@ class SS_Report extends ViewableData {
 		if(!$member && $member !== FALSE) {
 			$member = Member::currentUser();
 		}
-		
-		return true;
+
+		$extended = $this->extendedCan('canView', $member);
+		if($extended !== null) return $extended;
+
+		if($member && Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_ReportAdmin'))) {
+			return true;
+		}
+
+		return false;
 	}