From d118f0f3d2827262ab9fda6c396edc69807e51be Mon Sep 17 00:00:00 2001
From: Joshua Rubin <me@jawa.dev>
Date: Wed, 1 Jul 2020 00:34:51 -0600
Subject: [PATCH] don't require auth to update lotw users

required for cron

Signed-off-by: Joshua Rubin <me@jawa.dev>
---
 application/controllers/Lotw.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/application/controllers/Lotw.php b/application/controllers/Lotw.php
index 0c4b332de..ffa721ae3 100644
--- a/application/controllers/Lotw.php
+++ b/application/controllers/Lotw.php
@@ -7,13 +7,13 @@ class Lotw extends CI_Controller {
 	{
 		parent::__construct();
 		$this->load->helper(array('form', 'url'));
-
-		$this->load->model('user_model');
-		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
 	}
 
 	private function loadFromFile($filepath)
 	{
+		$this->load->model('user_model');
+		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
+
 		// Figure out how we should be marking QSLs confirmed via LoTW
 		$query = $query = $this->db->query('SELECT lotw_rcvd_mark FROM config');
 		$q = $query->row();
@@ -107,6 +107,9 @@ class Lotw extends CI_Controller {
 	}
 
 	public function import() {
+		$this->load->model('user_model');
+		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
+
 		$data['page_title'] = "LoTW ADIF Import";
 
 		$config['upload_path'] = './uploads/';
@@ -192,6 +195,9 @@ class Lotw extends CI_Controller {
 	} // end function
 
 	public function export() {
+		$this->load->model('user_model');
+		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
+
 	$data['page_title'] = "LoTW .TQ8 Upload";
 
 		$config['upload_path'] = './uploads/';