From 9beec8409943def65bbcfdbf163eeb88385f27db Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Mon, 8 Dec 2025 09:39:08 +0000
Subject: [PATCH] Restrict access to statio-controler (except function
 stationProfileCoords)

---
 application/controllers/Station.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/application/controllers/Station.php b/application/controllers/Station.php
index 16e1bc2e8..e65d47387 100644
--- a/application/controllers/Station.php
+++ b/application/controllers/Station.php
@@ -7,15 +7,15 @@
 class Station extends CI_Controller
 {
 
-	function __construct()
-	{
+	function __construct() {
 		parent::__construct();
 		$this->load->helper(array('form', 'url'));
 
 		$this->load->model('user_model');
-		if (!$this->user_model->authorize(2)) {
-			$this->session->set_flashdata('error', __("You're not allowed to do that!"));
-			redirect('dashboard');
+		if (($this->router->method == 'stationProfileCoords') && $this->user_model->authorize(2) && ((clubaccess_check(3) || clubaccess_check(6)))) { return; }	// Allow Clubmembers and Clubmembers ADIF to access list_locations
+		if (!$this->user_model->authorize(2) || !clubaccess_check(9)) { 
+			$this->session->set_flashdata('error', __("You're not allowed to do that!")); 
+			redirect('dashboard'); 
 		}
 	}