From 2f4c25778efd3b1983731444ca3b444e00613269 Mon Sep 17 00:00:00 2001
From: Paula Quispe <paula.quispe@processmaker.com>
Date: Tue, 30 May 2017 09:59:09 -0400
Subject: [PATCH] HOR-3286

---
 gulliver/system/class.rbac.php                  | 17 ++++++++++++++++-
 .../processes/processes_DownloadFile.php        |  2 +-
 workflow/engine/methods/setup/skin_Ajax.php     |  4 ++--
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php
index 381698f5f..fc91bd04c 100644
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -94,8 +94,23 @@ class RBAC
                 'usersList' => array('PM_USERS'),
                 'updatePageSize' => array(),
                 'summaryUserData' => array('PM_USERS'),
-                'verifyIfUserAssignedAsSupervisor' => array('PM_USERS'),
+                'verifyIfUserAssignedAsSupervisor' => array('PM_USERS')
+            ),
+            'skin_Ajax.php' => array(
+                'updatePageSize' => array(),
+                'skinList' => array('PM_SETUP_SKIN'),
+                'newSkin' => array('PM_SETUP_SKIN'),
+                'importSkin' => array('PM_SETUP_SKIN'),
+                'exportSkin' => array('PM_SETUP_SKIN'),
+                'deleteSkin' => array('PM_SETUP_SKIN'),
+                'addTarFolder' => array('PM_SETUP_SKIN'),
+                'copy_skin_folder' => array('PM_SETUP_SKIN'),
+                'deleteSkin' => array('PM_SETUP_SKIN')
+            ),
+            'processes_DownloadFile.php' => array(
+                'downloadFileHash' => array('PM_FACTORY')
             )
+
         );
     }
 
diff --git a/workflow/engine/methods/processes/processes_DownloadFile.php b/workflow/engine/methods/processes/processes_DownloadFile.php
index f973b50e9..fee9c9c9b 100644
--- a/workflow/engine/methods/processes/processes_DownloadFile.php
+++ b/workflow/engine/methods/processes/processes_DownloadFile.php
@@ -1,5 +1,5 @@
 <?php
-//$RBAC->allows(basename(__FILE__), 'downloadFileHash');
+$RBAC->allows(basename(__FILE__), 'downloadFileHash');
 
 if (!isset($_GET["file_hash"])) {
     throw new Exception("Invalid Request, param 'file_hash' was not sent.");
diff --git a/workflow/engine/methods/setup/skin_Ajax.php b/workflow/engine/methods/setup/skin_Ajax.php
index fef91eeaf..065510958 100644
--- a/workflow/engine/methods/setup/skin_Ajax.php
+++ b/workflow/engine/methods/setup/skin_Ajax.php
@@ -21,9 +21,9 @@ if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
     die();
 }
 
-$functionName = $_REQUEST['action'];error_log($functionName);
+$functionName = $_REQUEST['action'];
 $functionParams = isset( $_REQUEST['params'] ) ? $_REQUEST['params'] : array ();
-//$RBAC->allows(basename(__FILE__), $functionName);
+$RBAC->allows(basename(__FILE__), $functionName);
 $functionName();
 
 function updatePageSize ()