From f13256d12dee27def3278df0dda0dfad8f3c1ff3 Mon Sep 17 00:00:00 2001
From: Roly Rudy Gutierrez Pinto <gproly@gmail.com>
Date: Thu, 30 Jun 2016 09:19:26 -0400
Subject: [PATCH] HOR-1362

---
 .../engine/methods/processes/ajaxListener.php | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/workflow/engine/methods/processes/ajaxListener.php b/workflow/engine/methods/processes/ajaxListener.php
index e90bd0dd7..c9556c618 100755
--- a/workflow/engine/methods/processes/ajaxListener.php
+++ b/workflow/engine/methods/processes/ajaxListener.php
@@ -27,6 +27,26 @@
  * @author Erik Amaru Ortiz <erik@colosa.com>
  * @date Jan 10th, 2010
  */
+
+/**
+ * verify user authentication, case tracker.
+ */
+if (!isset($_SESSION['PIN'])) {
+    global $RBAC;
+    switch ($RBAC->userCanAccess('PM_LOGIN')) {
+        case -2:
+            G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels');
+            G::header('location: ../login/login');
+            die();
+            break;
+        case -1:
+            G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels');
+            G::header('location: ../login/login');
+            die();
+            break;
+    }
+}
+
 $action = $_REQUEST['action'];
 unset($_REQUEST['action']);