From 3af1f4a28a8df0e446043232214ed08cc8e0889d Mon Sep 17 00:00:00 2001
From: Brady Miller <brady.g.miller@gmail.com>
Date: Tue, 29 Mar 2022 21:01:26 -0700
Subject: [PATCH] bug fix (#5062)

---
 .../src/Installer/Controller/InstallerController.php  | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/interface/modules/zend_modules/module/Installer/src/Installer/Controller/InstallerController.php b/interface/modules/zend_modules/module/Installer/src/Installer/Controller/InstallerController.php
index 131611c4ac9..6665c678337 100644
--- a/interface/modules/zend_modules/module/Installer/src/Installer/Controller/InstallerController.php
+++ b/interface/modules/zend_modules/module/Installer/src/Installer/Controller/InstallerController.php
@@ -24,6 +24,7 @@
 use Application\Listener\Listener;
 use Installer\Model\InstModuleTable;
 use Laminas\Db\Adapter\Adapter;
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Utils\RandomGenUtils;
 use Laminas\Console\Request as ConsoleRequest;
 use OpenEMR\Services\Utils\SQLUpgradeService;
@@ -90,6 +91,11 @@ public function getInstallerTable(): InstModuleTable
 
     public function registerAction()
     {
+        if (!AclMain::aclCheckCore('admin', 'manage_modules')) {
+            echo xlt('Not Authorized');
+            exit;
+        }
+
         $status = false;
         $request = $this->getRequest();
         if (method_exists($request, 'isPost')) {
@@ -133,6 +139,11 @@ public function registerAction()
 
     public function manageAction()
     {
+        if (!AclMain::aclCheckCore('admin', 'manage_modules')) {
+            echo json_encode(["status" => xlt('Not Authorized')]);
+            exit;
+        }
+
         $outputToBrowser = '';
         $request = $this->getRequest();
         $status = $this->listenerObject->z_xlt("Failure");